Looking into TUT's tomb: the universe of threats in LATAM
Show in Graph
Image Description
Common Information
Type Value
UUID 339af8b5-5033-4824-908e-138e81ffa7e5
Fingerprint 20aad34fc5d23e0e7b2e51d5f92a18c65747efe658c5860b48c87d4e03929d36
Analysis status DONE
Considered CTI value 1
Text language
Published Sept. 24, 2023, 5:56 p.m.
Added to db April 16, 2024, 7:06 p.m.
Last updated Aug. 31, 2024, midnight
Headline Looking into TUT's tomb: the universe of threats in LATAM
Title Looking into TUT's tomb: the universe of threats in LATAM
Detected Hints/Tags/Attributes 146/4/36
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/Looking-into-TUTs-tomb-the-universe-of-threats-in-LATAM.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details Domain 114 
eset.com
Details Domain 247 
www.virusbulletin.com
Details Domain 140 
archive.org
Details Domain 1 
con-ip.com
Details Domain 45 
www.bankinfosecurity.com
Details Domain 262 
www.welivesecurity.com
Details Domain 17 
www.lockheedmartin.com
Details Domain 360 
attack.mitre.org
Details Email 1 
camilo.gutierrez@eset.com
Details Email 1 
fernando.tavella@eset.com
Details File 1018 
rundll32.exe
Details File 2 
shooncataclysm.dll
Details File 1 
intanalyticsmanager.exe
Details File 41 
wusa.exe
Details File 41 
wtsapi32.dll
Details File 72 
regsvcs.exe
Details File 2125 
cmd.exe
Details File 1 
chain.html
Details MITRE ATT&CK Techniques 440 
T1055
Details Threat Actor Identifier - APT-C 83 
APT-C-36
Details Url 1 
https://www.bankinfosecurity.com/ploutus-malware-targets-new-atms-in-latin-america-a-16087.
Details Url 1 
https://www.welivesecurity.com/2021/12/15/dirty-dozen-latin-america-amavaldo-zumanek/.
Details Url 5 
https://www.welivesecurity
Details Url 1 
https://www.welivesecurity.com/la-es/2022/08/30/campana-malware-dirigida-
Details Url 1 
https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/.
Details Url 1 
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-
Details Url 1 
https://www.welivesecurity.com/la-es/2023/04/20/operacion-
Details Url 1 
https://attack.mitre.org/techniques/t1055/012/.
Details Url 1 
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/.
Details Url 1 
https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/.
Details Url 1 
https://www.welivesecurity.com/la-es/2022/01/03/actor-amenazas-distribuye-malware-apunta-usuarios-
Details Url 1 
https://www.welivesecurity.com/la-es/2021/10/19/campana-malware-activa-apunta-entidades-
Details Url 1 
https://www.welivesecurity.com/la-es/2022/05/20/campana-espionaje-malware-njrat-organizaciones-colombia/.
Details Url 1 
https://www.welivesecurity.com/la-es/2023/02/23/campana-espionaje-
Details Url 1 
https://www.welivesecurity.com/la-es/2021/04/06/janeleiro-nuevo-troyano-bancario-apunta-usuarios-
Details Url 1 
https://attack.mitre.org/groups/g0099/.