Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations
Common Information
| Type | Value |
|---|---|
| UUID | 3aaa48be-69b5-4a9a-a243-592034fec911 |
| Fingerprint | 81312ff2153a3f6ca2ebf723f253af2a97bf0682a3ced81d3138ef835cc94e34 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 18, 2020, 10:10 a.m. |
| Added to db | March 10, 2024, 12:25 a.m. |
| Last updated | Aug. 31, 2024, 7:55 a.m. |
| Headline | Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations |
| Title | Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations |
| Detected Hints/Tags/Attributes | 245/4/286 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 22 | cve-2017-0213 |
|
| Details | Domain | 245 | shutterstock.com |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 1 | test.cab |
|
| Details | Domain | 1 | www.kkxx88866.com |
|
| Details | Domain | 1 | www.betwln520.com |
|
| Details | Domain | 1 | kb3023607.zip |
|
| Details | Domain | 1 | juchaoba.com |
|
| Details | Domain | 3 | shopingchina.net |
|
| Details | Domain | 2 | cdn.kkxx888666.com |
|
| Details | Domain | 2 | fn.shopingchina.net |
|
| Details | Domain | 4 | bot.googlerenewals.net |
|
| Details | Domain | 1 | googlerenewals.net |
|
| Details | Domain | 1 | facebooknavigation.com |
|
| Details | Domain | 1 | www.kkxx888666.com |
|
| Details | Domain | 1 | download.safedog.co |
|
| Details | Domain | 2 | test66.shopingchina.net |
|
| Details | Domain | 1 | update.google.com.updatesrvers.org |
|
| Details | Domain | 1 | safe.mircosofdevice.com |
|
| Details | Domain | 1 | office.support.googldevice.com |
|
| Details | Domain | 1 | info.cab |
|
| Details | Domain | 2 | update.mircosoftdefender.com |
|
| Details | Domain | 1 | store.microsoftbetastore.com |
|
| Details | Domain | 2 | jqb.shopingchina.net |
|
| Details | Domain | 1 | hacktool.win32.pwdump.ac |
|
| Details | Domain | 1 | hacktool.win64.mimikatz.as |
|
| Details | Domain | 1 | trojan.win32.runner.ad |
|
| Details | Domain | 1 | trojan.win32.rozena.am |
|
| Details | Domain | 1 | update.ipv4-cisco.com |
|
| Details | Domain | 1 | update.microsoftdnsdown.com |
|
| Details | Domain | 1 | update.microsoftdnsupdate.com |
|
| Details | Domain | 1 | support.microsoftdnsdown.com |
|
| Details | Domain | 1 | data.dropboxbeta.com |
|
| Details | Domain | 1 | portal.microsoftbetastore.com |
|
| Details | Domain | 1 | www.imr.co.kr |
|
| Details | Domain | 177 | blog.trendmicro.com |
|
| Details | Domain | 26 | mitre.org |
|
| Details | Domain | 26 | posts.specterops.io |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 2 | www.immuniweb.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 5 | threatrecon.nshc.net |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 2 | myip.com.tw |
|
| Details | Domain | 1 | offsec.provadys.com |
|
| Details | Domain | 11 | enigma0x3.net |
|
| Details | Domain | 5 | 401trg.com |
|
| Details | Domain | 57 | www.clearskysec.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 132 | trendmicro.com |
|
| Details | File | 14 | debug.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 6 | test.cab |
|
| Details | File | 7 | config.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 41 | mpsvc.dll |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | passuac.dll |
|
| Details | File | 96 | wallet.dat |
|
| Details | File | 28 | wlbsctrl.dll |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 28 | goopdate.dll |
|
| Details | File | 9 | license.rtf |
|
| Details | File | 1 | kb3023607.zip |
|
| Details | File | 10 | rpcss.dll |
|
| Details | File | 22 | data.dat |
|
| Details | File | 1 | setup443.exe |
|
| Details | File | 2 | diskshawin.exe |
|
| Details | File | 1 | run64.bat |
|
| Details | File | 2 | csres.exe |
|
| Details | File | 1 | %systemroot%\fonts and launches run64.bat |
|
| Details | File | 10 | thumb.dat |
|
| Details | File | 68 | config.ini |
|
| Details | File | 34 | eventvwr.exe |
|
| Details | File | 1 | c:\programdata\b.bat |
|
| Details | File | 12 | b.bat |
|
| Details | File | 85 | log.txt |
|
| Details | File | 3 | diskwinshadow.exe |
|
| Details | File | 1 | i610.exe |
|
| Details | File | 1 | c:\users\public\wget.exe |
|
| Details | File | 1 | t32d.exe |
|
| Details | File | 8 | thumb.db |
|
| Details | File | 175 | update.exe |
|
| Details | File | 1 | download.safe |
|
| Details | File | 1 | sktest.exe |
|
| Details | File | 1 | %allusersprofile%\s\s.exe |
|
| Details | File | 105 | googleupdate.exe |
|
| Details | File | 1 | windrm.exe |
|
| Details | File | 1 | rsopprov.exe |
|
| Details | File | 9 | firewall.exe |
|
| Details | File | 1 | c:\windows\system32\rsoplicy.exe |
|
| Details | File | 1 | c:\users\public\videos\videos.exe |
|
| Details | File | 1 | info.cab |
|
| Details | File | 2 | english.rtf |
|
| Details | File | 1 | %allusersprofile%\drm\drm.exe |
|
| Details | File | 1 | %allusersprofile%\kasperskylab\kaspe\kaspe.exe |
|
| Details | File | 1 | win32.db |
|
| Details | File | 10 | win32.pl |
|
| Details | File | 1 | c:\windows\fonts\system.exe |
|
| Details | File | 46 | system.exe |
|
| Details | File | 1 | c:\windows\fonts\run.bat |
|
| Details | File | 1 | c:\windows\fonts\diskshawin.exe |
|
| Details | File | 1 | c:\windows\fonts\clip.exe |
|
| Details | File | 1204 | index.php |
|
| Details | File | 5 | mobile.php |
|
| Details | File | 3 | www.imr |
|
| Details | File | 1 | invoke-credhunter.ps1 |
|
| Details | File | 1 | cve-2017-0213.cpp |
|
| Details | File | 1 | readpsw.cpp |
|
| Details | File | 1 | enum_cred_store.rb |
|
| Details | File | 1 | uac-bypass-dotnet.html |
|
| Details | File | 3 | win7elevate_inject.cpp |
|
| Details | File | 1 | advanced-threat-protection.html |
|
| Details | File | 2 | sps.html |
|
| Details | File | 1 | worry-free-services-advanced.html |
|
| Details | File | 5 | hybrid-cloud.html |
|
| Details | File | 1 | all-solutions.html |
|
| Details | Github username | 3 | itm4n |
|
| Details | Github username | 3 | rootkiter |
|
| Details | Github username | 2 | mdsecresearch |
|
| Details | Github username | 5 | secwiki |
|
| Details | Github username | 1 | blackye |
|
| Details | Github username | 46 | rapid7 |
|
| Details | sha256 | 1 | a44136c9ae13435882c5c2aded9ed8bd5e8c1a64520ab83a17cffa03ea3852d1 |
|
| Details | sha256 | 1 | bfd5056cfbec3a43656c2ceb27cacea5de27c7a82f21d2897826ce1e1748666a |
|
| Details | sha256 | 1 | 3d0d4945275cdbae9911183dd17fb5e118216816e1c9abc2cecfb65c4ef9d708 |
|
| Details | sha256 | 1 | a219dfc28426bf36af578e2dbc4a65abdae51e0c3df87c4cb3a2c8f9e0088d32 |
|
| Details | sha256 | 1 | f9759b5046d67d07ed4a0b07316d6797feb2293a8cbd3c4bc78c90269b87fe3f |
|
| Details | sha256 | 1 | 29e50893c10897684d8b81f0d511d4073442e385d2ab2ee6c9a9c0189851f72c |
|
| Details | sha256 | 1 | bd278f8fbd5af15beddf5f1d8f7c20bec368fae2e7cb5ef16e2b50434d30a384 |
|
| Details | sha256 | 1 | c3c70ca2c473e166d0890450c70e3fafdc98f10f2027a1aa0d78a75170df2b69 |
|
| Details | sha256 | 1 | 9b957bfe1bdbed23e5d45d6f30c7d666f2c65af32779d09927dfc0f79f6f7b91 |
|
| Details | sha256 | 1 | e82e7b6dbf074bb189cd639f70137d3d4350423fd4e84898688920d0110110b8 |
|
| Details | sha256 | 1 | 9e3b82a55d3bd9773aaa50396436aec085eeb34e6efda70d6b2946a571911601 |
|
| Details | sha256 | 1 | 9897e28cd7f1e26eb9115c99188192747ea39fee9aa8c22633e336beeb76f109 |
|
| Details | sha256 | 1 | cd5a3c0d92b76bd29fbb5dffaab6144487d35d83d3ab3e4ea545a0ea58ca9140 |
|
| Details | sha256 | 1 | 76e41cd6cd30af04fbe540de60fa0f0873d65fb94727b921b2483c5d9e1cbdeb |
|
| Details | sha256 | 1 | 58597b5469a9b1af44b73937c3c44ce4dcea841a3eff3508dc0bed0bcb2ff10a |
|
| Details | sha256 | 1 | 46532c3fbd3e73682ea7c4fdec6a26fffa7baff36a78fd821b8bfe7721fc92ef |
|
| Details | sha256 | 1 | b35e3d9835910c50502cf4753e77b50d279a9f9056f64bd609b865ded8a79d0c |
|
| Details | sha256 | 1 | 8c03324d303c4bf4f180f400537a307750561de37ed92691d46c09ef2caa22b0 |
|
| Details | sha256 | 1 | c88196c1ec9d29326cee11d04e73a3f6ce80a2bad5363925fd9520e64727407b |
|
| Details | sha256 | 1 | 832c5cbe153d7687e8e72a1108bf2f38e88d30de5b9432c5ff8fdef9d190ec02 |
|
| Details | sha256 | 1 | 8bc65935aa19e95b52d7ecc1d5d8f15c0c85fde28d39c0a1844ca90a912cd502 |
|
| Details | sha256 | 1 | 23cd30aaf21d02bde349e6c1761165120c0e2ded626a2de583103e1559e5b9f4 |
|
| Details | sha256 | 1 | fa10b6cf0bd9de0734ecca6650de214647ec7305af90f9a4dfdc5e092706cb11 |
|
| Details | sha256 | 1 | 021751637a8fff2c48fd543316c25a7090d4ac96f81efb2cfd2a8bb239bafdfd |
|
| Details | sha256 | 1 | f52b3f5f8213709bb5617fd02e702dee10935eefb96f44e8afa35af17c81d05b |
|
| Details | sha256 | 1 | d1294a1e043bb882e99f278fa51ceefadc0939fedc47306e475fbdcbb210dc5b |
|
| Details | sha256 | 1 | 927da2ff9203eb77a66fa7b23f9f1c3655b357fc2418422ed2d5813882a6ae5a |
|
| Details | sha256 | 1 | 64469d27fec40f50b06812c2d2fdbe5dd73a3b258f304f48f97e9c792e1a0c6f |
|
| Details | sha256 | 1 | e52034cb8b5f170c8174ea2b9ede2785d093360a57359261e2dfb436cd644038 |
|
| Details | sha256 | 1 | 489310f5f63045a83251c4f457d2baa4b0c57e5ee7b3d147ee63913352a2c7f1 |
|
| Details | sha256 | 1 | cd651d4e8e5f9587f560a94c0a5ec6283938b906b4831341beb186eec11145cd |
|
| Details | sha256 | 1 | b4d4dfeb086872500891aa875eb221e8fc95e0c4566a07bc8adda5bd19ab76f3 |
|
| Details | sha256 | 1 | 0351c808c016cd5190ea45d5243c6a2c6cd3b5fc4e22571e06b948910e5535f9 |
|
| Details | sha256 | 1 | 9a6da3d7465b7cf6da32f80f2cd9009d7726dfbb128ec0b343fccfcc954de96a |
|
| Details | sha256 | 1 | 5aee7ae5dd28fcd7e672912292061022c29538bf9264db56b30efdbc8d45abc0 |
|
| Details | sha256 | 1 | d5e98fb0f05f28183f51a66b0032525ebedc55f056c0ddff2bf15a5eb3016fdd |
|
| Details | sha256 | 1 | 0aa627736df73c543c26c3f033f1962282dd005e6a0ec8d9357df3511b2fc8a6 |
|
| Details | sha256 | 1 | 52c02e9d24913761f508b0be1604b357acbe73c65df410b5588eef0e14cf812f |
|
| Details | sha256 | 1 | d4d8a8cd8da49c7ae974d6774458d6267463eb62e798ced51865e7f88a64969e |
|
| Details | sha256 | 1 | e18af309ecc3bc93351b9fa13a451e8b55b71d9edcc4232bc53eb1092bdfa859 |
|
| Details | sha256 | 1 | a22815279cac432e5951cec72a0d24a53319e2d85e843e436c8b181ab43979b6 |
|
| Details | sha256 | 1 | d2f12b1492ab90e61c16d41d79ee3f28a7773656ccf4c3459afedb2bf46cca18 |
|
| Details | sha256 | 1 | 0105718608ae7b8d782ae6e480d685dca1abc2deef29f0241d70de88f6da8dd5 |
|
| Details | sha256 | 1 | 24ebd398be23135a2d8aa7000c2b6a534448b87aa5708b8546089630a8035f7e |
|
| Details | sha256 | 1 | 96282a625a31b6bf646c6e01ad20de96fd63c345881a9c91190940121580059d |
|
| Details | sha256 | 1 | 0693713f995285e8bd99ebfca2c4f0f1a8e824dafb5a99693442a9256df06e02 |
|
| Details | sha256 | 1 | b226c8e85a7b1a6d4d29d42fc84bc7f3a32335fc7ba44b455a7716d706660873 |
|
| Details | sha256 | 1 | a3d9aac7291e356a64b0892f4ec85f1cdcb3dea71b820917fcd5011fb555989d |
|
| Details | sha256 | 1 | 9dd1d21e9431cfe25709a8f26ec0f605ed19cf64ca1922e97fad7b7f2d2e82ea |
|
| Details | sha256 | 1 | 56758c25e3b00957c6f7f76fcea5d0598eff7eda98c63f50b51d1c28f267ac8f |
|
| Details | sha256 | 1 | a58946c10c8325040634f7cd04429b9f1e3715767d0c8aec46b7cba8975e6a69 |
|
| Details | sha256 | 1 | 52c147c8eadb58d3580b39c023ce4a90dacce76ee5c30c56c56ea39939a56b52 |
|
| Details | sha256 | 1 | b5546d4931a0316abd4018c982558ed808b4d0a60233ac18bee601fa09d95ee6 |
|
| Details | sha256 | 1 | dd0399970d2dbb5ab8b5869e2fafb83194c992f27bbb244adce35e2fe6ef0d28 |
|
| Details | sha256 | 1 | 017a10eebddd3a1aca9b035413906da562331c6d1675efb02bb63bbe13b99165 |
|
| Details | sha256 | 1 | f80f78972b58ab78b0657c546323538966d9cd828892d4dc07cee6f6d5614f6b |
|
| Details | sha256 | 1 | 98a0a78219aa7d67865615090d53916c9b4e7d3ea900080c268806c48bb41499 |
|
| Details | sha256 | 1 | ee5f7e6ad4a344f40b9babada1654ea22333bb5150cfd26bfc239ead28b6528c |
|
| Details | sha256 | 1 | ca26a34153972cc73c63d3a9aadd3b12ba35ecdc6e39025b75be56b00c20e0ae |
|
| Details | sha256 | 1 | 1951c79f280692a43b7c7cafd45c3f5d7f4f841ae104a6cad814fab4641c79f2 |
|
| Details | sha256 | 1 | d5129308ee83a852e6a320ca68c8e66ed6d1eb4ec584dd0c8b5f313a56c49a15 |
|
| Details | sha256 | 1 | 2fcb7ae3387634fda8f2fa87b7d2eac03660fce49f0732b07d8cf41693801577 |
|
| Details | sha256 | 1 | 8b8735a05ce7dc5f061fc1bd1ca4ad9934da26d8c1d0585db72dfe74115ee6ed |
|
| Details | sha256 | 1 | a58f2fea8c74c1d25090014c7366db224102daa6c798fcdfb7168b569b7d5ca2 |
|
| Details | sha256 | 1 | d201e726fd2a2f4b55ea5ca95f0429d74e2efb918c7c136d55ef392ceac854d6 |
|
| Details | sha256 | 1 | d62ddac7c4aa152cf6f988db6c7bd0c9dcffa2e890d354b7e9db7f3b843fd270 |
|
| Details | sha256 | 1 | d72c3f5f2f291f7092afd5a0fcaceaf2eaae44d057c9b3b27dd53f2048ed6175 |
|
| Details | sha256 | 1 | 28d2637139231c78a6493cd91e8f0d10891cfeb6c5e758540515faa29f54b6b2 |
|
| Details | sha256 | 1 | 5713907c01db40cf54155db19c0c44c046b2c676a492d5ba13d39118c95139bf |
|
| Details | sha256 | 1 | 260b64e287d13d04f1f38d956c10d9fdd3cfbff6ba0040a52223fa41605bb975 |
|
| Details | sha256 | 1 | 9418c3ac53ed7bec0dea36918c3a1862868b2d8f4e696db509b1ec7aa09bd976 |
|
| Details | sha256 | 1 | fdf1899eb1457acc2a59b89b0542d53cddcb5553e6fc53ced099473a59fce67c |
|
| Details | sha256 | 1 | 970388a8256c722e792d26374a3db7c6015a6bab4544c3981fac0d928ef07a12 |
|
| Details | sha256 | 1 | 6655c84e064f744e99fc4d7e50487239604df5f97996eaa8507df7744a8b4de3 |
|
| Details | sha256 | 1 | 4e3e9e4613d414ba671fd35d7d70d0c3093cd322f5f297281a502420741c03c8 |
|
| Details | sha256 | 1 | 685f372013eb8b5580e603a159c4b68b226b2ae96e00629a567ee0d1ebcc66ec |
|
| Details | sha256 | 1 | 8c0b0c86a3b055df36304d5421f1003e0e78368e421341d404e25ddf8f5f714b |
|
| Details | sha256 | 1 | f7ef0e754b004910d40a47ca57b9cf41f63e2a06ba7cc495cb40771a017a8689 |
|
| Details | sha256 | 1 | c42ccb2c8dc43164db267b68578a3c8869adc4f5062063e7a6b942ecea8c4402 |
|
| Details | sha256 | 1 | 30998c7d7496bf36b70232935b9dd1b0f84a6b7f288417312aab37d2a5dc360e |
|
| Details | sha256 | 1 | 180640b1e69c48eae468f59c7967df8d3f4dcfd0bb69ce3bbed3663b6ceebc87 |
|
| Details | sha256 | 1 | b823c03be8959b7636997616811ed69b2d611b8505b4f06958c7dc430e3cd681 |
|
| Details | sha256 | 1 | ae4b9dd3709e4e5e30ce62e7e4075f366f38676e2bad165da3ab4690251e70ae |
|
| Details | sha256 | 1 | 5da3811c4f15d04444d4c3721e7cc9be106bb1fe2b1bc95c3fe09d991df2a5e8 |
|
| Details | sha256 | 1 | 5b5aff8869ba7f1d3f6ad7711e801b031aedeff287a0dcb8f8ae6d6e4eb468af |
|
| Details | sha256 | 1 | 412260ab5d9b2b2aa4471b953fb67ddc1a0fe90c353e391819ca7ac1c6d3146f |
|
| Details | sha256 | 6 | f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd |
|
| Details | sha256 | 1 | 4c08bc1a2f5384c5306edc6f23e4249526517eb21a88763c8180a582438dfa31 |
|
| Details | sha256 | 1 | ea45f845eb490991c56946441dce26fe5ecd62ec2b33afe9ba31f4432aa4f1ef |
|
| Details | sha256 | 1 | 4de1c404a9213a82d9fd1dea04fe097b6d92a1f7fda84481e6dda41d72dc34e5 |
|
| Details | sha256 | 1 | b5ce4eb3289c6794aecf3625b8c3b2044ddb1be93e538571ca8d5670c6fcf2ed |
|
| Details | sha256 | 1 | d50debb2bce2d1a425f524a11a80b5dc24ae74a419024782095a0ba981cb483a |
|
| Details | sha256 | 1 | c6064fb44733b5660557e223598d0e4d5c4448ad20b29e41bef469cb5df77da0 |
|
| Details | sha256 | 1 | 28d19a23d167db3e1282f1c6039bcda6556798be054994a55e60116827dd0bf1 |
|
| Details | sha256 | 1 | 929ff464b5e68b1dc4c5e5b2dc99acae1449a376251da87ab666698499f12ff7 |
|
| Details | sha256 | 1 | 0a6dc8a6868f6882ea9d5998b01ab871746b1ba27641c1b3ff73985878081e93 |
|
| Details | sha256 | 1 | 37286285cb0f8305bd23a693b2e7ace71538e4c0b9f13ee6ca4e9e9419657813 |
|
| Details | sha256 | 1 | 57430caade5b791152f97b18e7037a4274e954ad5fed9b465063d43bde2d08a1 |
|
| Details | sha256 | 1 | 799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325 |
|
| Details | sha256 | 1 | 79928578cdd646a9724bc6851a1ee77820c81a3100788d62885f9d92b6814085 |
|
| Details | sha256 | 1 | eb8bb1e6b1f832a7009ba441d6365b225324ff582402daebfab83dcbcc55179f |
|
| Details | sha256 | 1 | 7602e2932a10f3750a5d6236f6c1662047d4475c6e1fe6c57118c6620a083cb3 |
|
| Details | sha256 | 1 | c425b73be7394032aa8e756259ebf3662c000afaa286c3d7d957891026f3cbb4 |
|
| Details | sha256 | 1 | b3581e8611f5838fc205f66bc5ca5edddb0fd895e97ebf8f0c7220cb102ae14b |
|
| Details | sha256 | 1 | e5ee105aa029e3ad4b8f01ef4c78f4c65b623213925e91173488af1a4e15c177 |
|
| Details | sha256 | 1 | 4ccd6555b004ebde29d79c435e4d0191fd7cf607b2d3b7a0c83cb27b3a3b2cbf |
|
| Details | sha256 | 1 | 24f501141af5bf059509145e165302dd7087b1d1c2136bc5e4403f01435f250e |
|
| Details | sha256 | 1 | fc865a720cb808354923092bac04ab6a75e20ea92db5a343af07365c0cd2b72a |
|
| Details | sha256 | 1 | 91ccf1148f8573a8ef74e9f65c330e8f1f5fe67dc33b99f30e0d3fed69f3d0f0 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 185.173.92.141 |
|
| Details | IPv4 | 1 | 45.77.41.49 |
|
| Details | IPv4 | 1 | 35.220.232.71 |
|
| Details | IPv4 | 1 | 34.92.209.216 |
|
| Details | IPv4 | 1 | 35.185.166.81 |
|
| Details | IPv4 | 3 | 35.220.135.85 |
|
| Details | IPv4 | 1 | 66.42.60.107 |
|
| Details | IPv4 | 1 | 104.168.196.85 |
|
| Details | Microsoft Patch Numbers | 1 | KB3023607 |
|
| Details | Microsoft Patch Numbers | 1 | KB3021952 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1073 |
|
| Details | Threat Actor Identifier - APT | 297 | APT27 |
|
| Details | Threat Actor Identifier by Red Alert | 9 | SectorF01 |
|
| Details | Url | 1 | http://juchaoba.com/plus/guestbook/images/setup443.exe |
|
| Details | Url | 1 | http://185.173.92.141:33579/i610.exe |
|
| Details | Url | 1 | http://185.173.92.141:33579/t32d.exe |
|
| Details | Url | 1 | http://jqb.shopingchina.net:88/index.php |
|
| Details | Url | 1 | http://jqb.shopingchina.net:88/mobile.php?pw=666 |
|
| Details | Url | 1 | http://www.imr.co.kr/upload/info.cab |
|
| Details | Url | 17 | https://blog.trendmicro.com |
|
| Details | Url | 1 | https://blog.trendmicro.com/trendlabs-security-intelligence/update-pawn- |
|
| Details | Url | 1 | https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992. |
|
| Details | Url | 1 | https://github.com/itm4n/ikeext-privesc. |
|
| Details | Url | 1 | https://www.immuniweb.com/advisory/htb23108. |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/cryptoluck-ransomware-being- |
|
| Details | Url | 1 | https://threatrecon.nshc.net/2019/07/25/growth-of-sectorf01-groups-cyber-espionage- |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/download/details. |
|
| Details | Url | 15 | https://www.trendmicro.com/vinfo/us/security |
|
| Details | Url | 57 | https://attack.mitre.org |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east- |
|
| Details | Url | 1 | https://github.com/rootkiter |
|
| Details | Url | 1 | http://myip.com.tw/. |
|
| Details | Url | 1 | https://github.com/secwiki |
|
| Details | Url | 1 | https://github.com/blackye/remote_ |
|
| Details | Url | 1 | https://github.com/rapid7 |
|
| Details | Url | 1 | https://offsec.provadys.com/uac-bypass-dotnet.html |
|
| Details | Url | 60 | https://github.com |
|
| Details | Url | 1 | https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/. |
|
| Details | Url | 2 | https://www.carbonblack |
|
| Details | Url | 1 | https://blog.trendmicro.com/trendlabs-security-intelligence/pigs-malware-examining- |
|
| Details | Url | 1 | https://401trg.com/burning-umbrella/. |
|
| Details | Url | 2 | https://www.clearskysec.com/winnti/. |
|
| Details | Url | 2 | https://securelist.com/luckymouse-hits-national-data-center/86083/. |
|
| Details | Url | 1 | https://blog.trendmicro.com/trendlabs-security-intelligence/deploying-a-smart-sandbox-for- |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/us/security/news/security-technology/rising-above-spam- |
|
| Details | Url | 25 | https://www.trendmicro |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt\strDataDir |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\Software\Classes |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Microsoft\Windows\Run |
|
| Details | Windows Registry Key | 29 | HKEY_CURRENT_USER\Software |