BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware
Common Information
| Type | Value |
|---|---|
| UUID | dcd6d032-e082-4186-9145-26cc14c2dd7a |
| Fingerprint | 6ff989f571a023d52019ac993f0db09ffcf41122f52439f65ea1fee784c0dd62 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 30, 2023, 4:56 p.m. |
| Added to db | March 10, 2024, 1:14 a.m. |
| Last updated | Aug. 31, 2024, 3:09 a.m. |
| Headline | BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware |
| Title | BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware |
| Detected Hints/Tags/Attributes | 140/4/45 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | trello.com |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 2 | totalmassasje.no |
|
| Details | Domain | 5 | schedule.zip |
|
| Details | Domain | 13 | ired.team |
|
| Details | File | 4 | ambassador_absense.docx |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 5 | schedule.zip |
|
| Details | File | 1 | schedule.php |
|
| Details | File | 1 | november_schedulexe.pdf |
|
| Details | File | 69 | vcruntime140.dll |
|
| Details | File | 5 | 7za.dll |
|
| Details | File | 34 | psapi.dll |
|
| Details | File | 8 | advapi.dll |
|
| Details | File | 42 | 7za.exe |
|
| Details | File | 1 | 140runtime.dll |
|
| Details | File | 1 | photos_and_price.exe |
|
| Details | md5 | 1 | d0c414a4641b42978bdf4af27e441f61 |
|
| Details | md5 | 1 | 2888c2f2e72c4842b31aaa7b7dd76dbf |
|
| Details | sha256 | 1 | cf160175c661efd4b1e1eecadf5f00f7203ef4c7445e36e3373d50b26086c552 |
|
| Details | sha256 | 1 | 844e902977b478eace8568f49dd9e5c91db8e534f3c5410ee663d0be02bdf7e3 |
|
| Details | sha256 | 1 | a0c3e6cd167b93f4646a7a3f2d46ed8bd4888d861b533662a66ca9711d49db1f |
|
| Details | sha256 | 2 | 381a3c6c7e119f58dfde6f03a9890353a20badfa1bfa7c38ede62c6b0692103c |
|
| Details | sha256 | 1 | 081a273ad809f650ebaeb91c11fcc7a1ad91232a7228f8e98b52191fe44cb06d |
|
| Details | sha256 | 3 | 1cffaf3be725d1514c87c328ca578d5df1a86ea3b488e9586f9db89d992da5c4 |
|
| Details | IPv4 | 7 | 105.0.0.0 |
|
| Details | MITRE ATT&CK Techniques | 66 | T1584 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1027.006 |
|
| Details | MITRE ATT&CK Techniques | 28 | T1027.007 |
|
| Details | MITRE ATT&CK Techniques | 4 | T1036.002 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1036.005 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1574.001 |
|
| Details | MITRE ATT&CK Techniques | 227 | T1574.002 |
|
| Details | MITRE ATT&CK Techniques | 298 | T1562.001 |
|
| Details | MITRE ATT&CK Techniques | 230 | T1033 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 33 | T1102.002 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Url | 1 | https://totalmassasje.no/schedule.php |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run\7za |