Macintosh HD:Users:Shared:dd:4work:Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en_EN:Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en_EN.indd
Common Information
| Type | Value |
|---|---|
| UUID | 58f199f5-5cf5-4627-a42c-4ecc0a39a06a |
| Fingerprint | 8eba86aa9cf040c964b966aab9e7a965d4206046f2817bae2ca2bf74016fa0cf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 10, 2021, 12:18 p.m. |
| Added to db | March 10, 2024, 3:17 a.m. |
| Last updated | Aug. 31, 2024, 3:55 a.m. |
| Headline | Macintosh HD:Users:Shared:dd:4work:Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en_EN:Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en_EN.indd |
| Title | Macintosh HD:Users:Shared:dd:4work:Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en_EN:Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en_EN.indd |
| Detected Hints/Tags/Attributes | 154/3/89 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 128 | www.bitdefender.com |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 1 | 192-129-189-73.sslip.io |
|
| Details | Domain | 6 | sslip.io |
|
| Details | Domain | 1 | system.net.networkinformation.ping |
|
| Details | Domain | 20 | ctldl.windowsupdate.com |
|
| Details | Domain | 64 | go.microsoft.com |
|
| Details | Domain | 1 | tem.net |
|
| Details | Domain | 49 | wmiexec.py |
|
| Details | Domain | 1 | us-west.com |
|
| Details | Domain | 1 | 198-46-140-52.sslip.io |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 62 | whoami.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 2 | disallowedcertstl.cab |
|
| Details | File | 1 | sh-tmp.ps1 |
|
| Details | File | 2 | tmp.ps1 |
|
| Details | File | 3 | m.ps1 |
|
| Details | File | 61 | systeminfo.exe |
|
| Details | File | 56 | tasklist.exe |
|
| Details | File | 51 | ipconfig.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 46 | netstat.exe |
|
| Details | File | 1 | mimi.ps1 |
|
| Details | File | 25 | findstr.exe |
|
| Details | File | 49 | nltest.exe |
|
| Details | File | 76 | ping.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 1 | c:\\windows\\temp\\m.ps1 |
|
| Details | File | 45 | wmiexec.py |
|
| Details | File | 1 | c:\\windows\\temp\\sh-tmp.ps1 |
|
| Details | File | 1 | c:\\windows\\temp\\mim.ps1 |
|
| Details | File | 1 | c:\\windows\\temp\\mimi.ps1 |
|
| Details | File | 1 | c:\\windows\\temp\\mldr2.ps1 |
|
| Details | File | 1 | c:\\windows\\temp\\sh.ps1 |
|
| Details | md5 | 1 | f9eef8b27ff68f41a8eb0b8739370640 |
|
| Details | sha1 | 1 | 786c34ba841a259d0c8945503d0b6d89c46e9245 |
|
| Details | sha256 | 1 | 3b185ff12a5fface0148adaf07037d7d17f8a0d49b64cf802f72be1970ac4241 |
|
| Details | sha256 | 1 | a9dcdf037d39e88bc71ae844971e63aa78379d50ce47e8aaad0e4b1baf6c7040 |
|
| Details | sha256 | 1 | da89d50220da32060ef38546d1160162637ff72e3c3fa2268febca9331eb5adc |
|
| Details | sha256 | 1 | 8637b972d5db5c4cb152b0a42f4866c9b574e68023b7620911af8e3d472d4701 |
|
| Details | sha256 | 1 | 5634140992891d2382fa103031b96023b75470ecd1bf0cf88006a45e63ef41bc |
|
| Details | sha256 | 1 | ee188b38b4ab978e71a84fe20b9609d888832f2f543a5ec6aa112d61450986d1 |
|
| Details | sha256 | 1 | 6f0f702fc0f0a5420a1dbaf1aa88b13b557bebc2631a4157b8e026d80f7651b2 |
|
| Details | sha256 | 1 | 32863daa615afbb3e90e3dad35ad47199050333a2aaed57e5065131344206fe1 |
|
| Details | sha256 | 1 | e058280f4b15c1be6488049e0bdba555f1baf42e139b7251d6b2c230e28e0aef |
|
| Details | sha256 | 1 | aa07611ce06d7482c1d2d2f26c8721d6833718abd72360b81598bc2935811dcb |
|
| Details | sha256 | 1 | cb28e7980ba2f1c718cd96401b9290719e7748ab9987abcf9ad9e376f6f60b37 |
|
| Details | sha256 | 1 | dbb3a665f9460343eb7625f8625815179e63aaa83f91b9283a296142ec4b2bbb |
|
| Details | sha256 | 1 | c328b3714df8400f4d4c071edb1f6d3b82d42488ebf8d9437c300bec9108755b |
|
| Details | sha256 | 1 | 981ecfc67d7192f0e82f3f8042d7c26c78396a3a62e5e34c717db31aee566eca |
|
| Details | sha256 | 1 | 428cf5d05d9c3d4f7601ff785a175c1d86a90fe060a1f33976b363e8f9530a88 |
|
| Details | sha256 | 1 | 355d200eebf9d9102d5f2ba0c8a576948aef43640ae8f0eedf101e0e881be0b0 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | IPv4 | 2 | 192.52.167.199 |
|
| Details | IPv4 | 2 | 104.168.145.204 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 1 | 198.46.140.52 |
|
| Details | IPv4 | 1 | 192.129.189.73 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 9 | T1055.004 |
|
| Details | MITRE ATT&CK Techniques | 116 | T1134 |
|
| Details | MITRE ATT&CK Techniques | 24 | T1134.002 |
|
| Details | MITRE ATT&CK Techniques | 43 | T1546 |
|
| Details | MITRE ATT&CK Techniques | 22 | T1546.003 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1016 |
|
| Details | MITRE ATT&CK Techniques | 65 | T1069 |
|
| Details | MITRE ATT&CK Techniques | 74 | T1069.002 |
|
| Details | MITRE ATT&CK Techniques | 230 | T1033 |
|
| Details | MITRE ATT&CK Techniques | 119 | T1049 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | MITRE ATT&CK Techniques | 173 | T1003.001 |
|
| Details | MITRE ATT&CK Techniques | 124 | T1482 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1047 |
|
| Details | Threat Actor Identifier - FIN | 68 | FIN8 |
|
| Details | Url | 1 | https://192-129-189-73.sslip.io |
|
| Details | Url | 1 | https://192-129-189-73.sslip |
|
| Details | Url | 1 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab? |
|
| Details | Url | 1 | https://192-129-189-73.sslip.io/yo |
|
| Details | Url | 1 | https://192-129-189-73.sslip.io/80 |
|
| Details | Url | 1 | https://198-46-140-52.sslip.io/xxx |