Deconstructing and Defending Against Group 72
Show in Graph
Image Description
Common Information
Type Value
UUID 014417a3-95ad-45e3-83ac-71b8d5174f3c
Fingerprint b37082b1c08dfafd506c385e6e33132ce583f8960996e0b5415e38f4bb016835
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 9, 2014, 4:24 p.m.
Added to db Jan. 27, 2024, 7:14 p.m.
Last updated Aug. 31, 2024, 1:22 a.m.
Headline Deconstructing and Defending Against Group 72
Title Deconstructing and Defending Against Group 72
Detected Hints/Tags/Attributes 147/3/45
Source URLs
Redirection Url
Details Source https://talos-intelligence-site-production.s3.amazonaws.com/document_files/10/Cisco_security_Group72_wp.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMI4ZSVL7M%2F20240127%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240127T181450Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=a717a48220897ab490146f3f63a7dc7b2f75ed07aeee8c22893112e09cd37939
Details Source https://talos-intelligence-site-production.s3.amazonaws.com/document_files/10/Cisco_security_Group72_wp.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMI4ZSVL7M%2F20240204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240204T184533Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=631d4b5548850238347c1a26d68740242070355177604633a0121320792ece6e
Details Source https://talos-intelligence-site-production.s3.amazonaws.com/document_files/10/Cisco_security_Group72_wp.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMI4ZSVL7M%2F20240310%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240310T054123Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=cb2dc90b13d1328436450e99f84c0c58d6228ba9db8e3f6ce2561c4a5898a381
Details Redirection https://www.talosintelligence.com/resources/10
URL Provider
Details Provider Source level domain
Details amazonaws.com talos-intelligence-site-production.s3.amazonaws.com
Details talosintelligence.com www.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details CVE 27 
cve-2014-0322
Details CVE 14 
cve-2012-4792
Details CVE 17 
cve-2012-1889
Details CVE 15 
cve-2013-3893
Details CVE 16 
cve-2011-2462
Details CVE 5 
cve-2013-3163
Details Domain 2 
companyname.attackerdomain.com
Details Domain 2 
companyacronym.attackerdomain.com
Details Domain 7 
3322.org
Details Domain 3 
vicp.net
Details Domain 1174 
gmail.com
Details Domain 295 
amazon.com
Details Domain 904 
snort.org
Details Domain 5 
senderbase.org
Details File 80 
msvcrt.dll
Details File 2 
zxshell.dll
Details File 1122 
svchost.exe
Details File 32 
%systemroot%\system32\svchost.exe
Details File 1018 
rundll32.exe
Details File 2 
loveusd.sys
Details File 2 
c:\windows\system32\commhlp32.dll
Details File 46 
netstat.exe
Details File 478 
lsass.exe
Details File 212 
winlogon.exe
Details File 306 
services.exe
Details File 165 
csrss.exe
Details File 63 
ctfmon.exe
Details File 4 
mpnotify.exe
Details File 175 
update.exe
Details File 2 
myip.txt
Details md5 2 
e3878d541d17b156b7ca447eeb49d96a
Details md5 2 
85190000250400000000404000000000
Details md5 2 
86190000040100006666464000000000
Details md5 2 
4edf9340780100000000000000000000
Details md5 7 
00000000000000000000000000000000
Details sha256 2 
1eda7e556181e46ba6e36f1a6bfe18ff5566f9d5e51c53b41d08f9459342e26c
Details sha256 2 
1e200d0d3de360d9c32e30d4c98f07e100f6260a86a817943a8fb06995c15335
Details sha256 2 
1622460afbc8a255141256cb77af61c670ec21291df8fe0989c37852b59422b4
Details IPv4 18 
127.0.0.2
Details Windows Registry Key 164 
HKLM\SOFTWARE\Microsoft\Windows
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service
Details Windows Registry Key 33 
HKLM\SYSTEM\CurrentControlSet\Services
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
Details Windows Registry Key 2 
HKLM\SOFTWARE\Classes\HTTP\shell\open\command
Details Windows Registry Key 2 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverMain