Flying Under the Radar: Abusing GitHub for Malicious Infrastructure
Common Information
| Type | Value |
|---|---|
| UUID | 3ab861f2-0e3b-457f-b570-942e16a5e5b7 |
| Fingerprint | 26a127f650ab50ef321f890126d9377c8c9b598fb563129be231c9a9bf5acbc2 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 9, 2024, 2:28 p.m. |
| Added to db | March 10, 2024, 1:20 a.m. |
| Last updated | Aug. 31, 2024, 3:23 a.m. |
| Headline | Flying Under the Radar: Abusing GitHub for Malicious Infrastructure |
| Title | Flying Under the Radar: Abusing GitHub for Malicious Infrastructure |
| Detected Hints/Tags/Attributes | 195/4/36 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2024-0111.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 11 | preview.app |
|
| Details | Domain | 21 | github.io |
|
| Details | Domain | 291 | raw.githubusercontent.com |
|
| Details | Domain | 1 | objects.githubusercontent.com |
|
| Details | Domain | 219 | gist.github.com |
|
| Details | Domain | 3 | codeload.github.com |
|
| Details | Domain | 27 | api.github.com |
|
| Details | Domain | 1 | quickcheckx.github.io |
|
| Details | Domain | 180 | readme.md |
|
| Details | Domain | 13 | mockbin.org |
|
| Details | Domain | 26 | gofile.io |
|
| Details | Domain | 6 | codeberg.org |
|
| Details | Domain | 1 | app.github.dev |
|
| Details | Domain | 16 | rebrand.ly |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | File | 14 | advpack.dll |
|
| Details | File | 3 | dotnetzip.dll |
|
| Details | File | 2 | anonfileapi.dll |
|
| Details | File | 1 | pureland.7z |
|
| Details | File | 7 | 7zr.exe |
|
| Details | File | 1 | pureland.exe |
|
| Details | File | 2 | gui_modernista.exe |
|
| Details | File | 2 | core_module.dll |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 3 | task.url |
|
| Details | File | 2 | rt.jpg |
|
| Details | File | 8 | page.url |
|
| Details | Github username | 1 | github-production-release-asset- |
|
| Details | Github username | 11 | repos |
|
| Details | md5 | 1 | a6f452ec3293d7fb72c5b677257b20ec |
|
| Details | Microsoft Patch Numbers | 3 | KB5021042 |
|
| Details | MITRE ATT&CK Techniques | 18 | T1102.001 |
|
| Details | MITRE ATT&CK Techniques | 7 | T1567.001 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |