Emerging Threat:
Inside Forest Blizzard's
New Arsenal
Common Information
| Type | Value |
|---|---|
| UUID | 032ba75f-5aa7-4d0d-81c1-adebd70eddb9 |
| Fingerprint | 70f6955e4ed65acd316f394aa31897f440205ca06147bf31d87edb4e3b60679f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 31, 2024, 10:18 a.m. |
| Added to db | June 5, 2024, 1:27 p.m. |
| Last updated | Aug. 31, 2024, 8:32 a.m. |
| Headline | Emerging Threat: Inside Forest Blizzard's New Arsenal |
| Title | Emerging Threat: Inside Forest Blizzard's New Arsenal |
| Detected Hints/Tags/Attributes | 279/3/166 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 34 | cve-2017-6742 |
|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | CVE | 176 | cve-2023-23397 |
|
| Details | CVE | 133 | cve-2023-38831 |
|
| Details | CVE | 126 | cve-2017-0144 |
|
| Details | CVE | 10 | cve-2013-3897 |
|
| Details | CVE | 20 | cve-2014-1776 |
|
| Details | CVE | 176 | cve-2012-0158 |
|
| Details | CVE | 59 | cve-2015-5119 |
|
| Details | CVE | 29 | cve-2013-3906 |
|
| Details | CVE | 30 | cve-2015-7645 |
|
| Details | CVE | 7 | cve-2015-2387 |
|
| Details | CVE | 79 | cve-2010-3333 |
|
| Details | CVE | 48 | cve-2015-1641 |
|
| Details | CVE | 16 | cve-2013-1347 |
|
| Details | CVE | 11 | cve-2015-3043 |
|
| Details | CVE | 2 | cve-2015-1642 |
|
| Details | CVE | 13 | cve-2015-2590 |
|
| Details | CVE | 37 | cve-2015-1701 |
|
| Details | CVE | 7 | cve-2015-4902 |
|
| Details | CVE | 14 | cve-2017-0262 |
|
| Details | CVE | 17 | cve-2017-0263 |
|
| Details | CVE | 4 | cve-2014-4076 |
|
| Details | CVE | 20 | cve-2014-0515 |
|
| Details | CVE | 91 | cve-2021-34527 |
|
| Details | CVE | 65 | cve-2021-1675 |
|
| Details | CVE | 7 | cve-2022-38028 |
|
| Details | CVE | 6 | cve-2023-38331 |
|
| Details | Domain | 22 | www.logpoint.com |
|
| Details | Domain | 4 | new.com |
|
| Details | Domain | 3 | bbc-news.org |
|
| Details | Domain | 9 | sam.save |
|
| Details | Domain | 7 | security.save |
|
| Details | Domain | 6 | system.save |
|
| Details | Domain | 8 | out.zip |
|
| Details | Domain | 6 | photo.zip |
|
| Details | Domain | 34 | file.io |
|
| Details | Domain | 50 | webhook.site |
|
| Details | Domain | 1 | portugalmail.pt |
|
| Details | Domain | 3 | s1.host |
|
| Details | Domain | 3 | s2.host |
|
| Details | Domain | 28 | dl.dropboxusercontent.com |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 14 | githubusercontent.com |
|
| Details | Domain | 112 | cdn.discordapp.com |
|
| Details | Domain | 26 | mediafire.com |
|
| Details | Domain | 10 | userstorage.mega.co.nz |
|
| Details | Domain | 77 | mega.nz |
|
| Details | Domain | 41 | ddns.net |
|
| Details | Domain | 45 | paste.ee |
|
| Details | Domain | 8 | hastebin.com |
|
| Details | Domain | 4 | ghostbin.co |
|
| Details | Domain | 18 | ufile.io |
|
| Details | Domain | 24 | anonfiles.com |
|
| Details | Domain | 13 | send.exploit.in |
|
| Details | Domain | 71 | transfer.sh |
|
| Details | Domain | 10 | privatlab.net |
|
| Details | Domain | 8 | privatlab.com |
|
| Details | Domain | 29 | sendspace.com |
|
| Details | Domain | 5 | pastetext.net |
|
| Details | Domain | 10 | pastebin.pl |
|
| Details | Domain | 145 | api.telegram.org |
|
| Details | Domain | 13 | mockbin.org |
|
| Details | Domain | 6 | dropboxusercontent.com |
|
| Details | File | 39 | www.log |
|
| Details | File | 8 | coreshell.dll |
|
| Details | File | 1 | servtask.bat |
|
| Details | File | 1 | c:\programdata\servtask.bat |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 8 | out.zip |
|
| Details | File | 1 | doit.bat |
|
| Details | File | 1 | justice.exe |
|
| Details | File | 1 | c:\programdata\out.zip |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 1 | defragmentsrv.exe |
|
| Details | File | 1 | mpdw-constraints.js |
|
| Details | File | 1 | wayzgoose06.dll |
|
| Details | File | 1 | justic.exe |
|
| Details | File | 2 | c:\windows\system32\driverstore\filerepository\prnms003.inf |
|
| Details | File | 1 | c:\windows\system32\driverstore\filerepository\prnms009.inf |
|
| Details | File | 1 | wayzgoose.dll |
|
| Details | File | 6 | photo.zip |
|
| Details | File | 28 | ssh.exe |
|
| Details | File | 1 | prnms003.inf |
|
| Details | File | 1 | prnms009.inf |
|
| Details | File | 12 | backgrounddownload.exe |
|
| Details | File | 12 | cleanmgr.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 70 | onedrivesetup.exe |
|
| Details | File | 97 | mpcmdrun.exe |
|
| Details | File | 6 | vs_setup_bootstrapper.exe |
|
| Details | File | 11 | dismhost.exe |
|
| Details | File | 165 | reg.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 6 | davclnt.dll |
|
| Details | File | 47 | winrar.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 35 | pwsh.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 92 | powerpnt.exe |
|
| Details | File | 102 | mspub.exe |
|
| Details | File | 86 | visio.exe |
|
| Details | File | 91 | msaccess.exe |
|
| Details | File | 57 | eqnedt32.exe |
|
| Details | File | 74 | onenote.exe |
|
| Details | File | 8 | wordview.exe |
|
| Details | File | 13 | appvlp.exe |
|
| Details | File | 17 | bash.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | File | 5 | certoc.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 47 | cmstp.exe |
|
| Details | File | 55 | control.exe |
|
| Details | File | 93 | curl.exe |
|
| Details | File | 33 | forfiles.exe |
|
| Details | File | 34 | hh.exe |
|
| Details | File | 7 | ieexec.exe |
|
| Details | File | 83 | installutil.exe |
|
| Details | File | 44 | javaw.exe |
|
| Details | File | 12 | mftrace.exe |
|
| Details | File | 10 | compiler.exe |
|
| Details | File | 149 | msbuild.exe |
|
| Details | File | 33 | msdt.exe |
|
| Details | File | 5 | msidb.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 23 | msxsl.exe |
|
| Details | File | 22 | odbcconf.exe |
|
| Details | File | 18 | pcalua.exe |
|
| Details | File | 103 | regasm.exe |
|
| Details | File | 72 | regsvcs.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 23 | scrcons.exe |
|
| Details | File | 16 | scriptrunner.exe |
|
| Details | File | 16 | sh.exe |
|
| Details | File | 17 | verclsid.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 9 | workfolders.exe |
|
| Details | File | 1 | appinstaller.exe |
|
| Details | File | 3 | desktopimgdownldr.exe |
|
| Details | File | 25 | esentutl.exe |
|
| Details | File | 32 | expand.exe |
|
| Details | File | 1 | imewdbld.exe |
|
| Details | File | 128 | msedge.exe |
|
| Details | File | 14 | presentationhost.exe |
|
| Details | File | 6 | tar.exe |
|
| Details | File | 1 | winget.exe |
|
| Details | File | 6 | msedge_proxy.exe |
|
| Details | File | 7 | msohtmed.exe |
|
| Details | File | 6 | protocolhandler.exe |
|
| Details | File | 175 | update.exe |
|
| Details | File | 8 | pastebin.pl |
|
| Details | md5 | 1 | fad970fab2f0201b11457a2dd9912ec6 |
|
| Details | IPv4 | 4 | 216.66.35.145 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 1 | http://webhook.site/e2831741-d8c8-4971-9464- |
|
| Details | Windows Registry Key | 24 | HKLM\SAM |
|
| Details | Windows Registry Key | 4 | HKLM\Security |
|
| Details | Windows Registry Key | 15 | HKLM\System |