Heading goes here
Common Information
| Type | Value |
|---|---|
| UUID | ddf5e63c-f38f-4920-9dff-791751d71f21 |
| Fingerprint | 6e03c4607932ec7359a6f7be6a5cf3a7304efddbd504e7a209b77728bc5a95fe |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 24, 2024, 10:16 a.m. |
| Added to db | April 5, 2024, 3:57 p.m. |
| Last updated | Aug. 31, 2024, 8:33 a.m. |
| Headline | Heading goes here |
| Title | Heading goes here |
| Detected Hints/Tags/Attributes | 33/2/34 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 7 | jp.security.ntt |
|
| Details | Domain | 118 | sekoia.io |
|
| Details | Domain | 58 | blog.sekoia.io |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 45 | hack.lu |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 452 | msrc.microsoft.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | File | 153 | config.json |
|
| Details | File | 2 | startingscriptwrapper.ps1 |
|
| Details | File | 9 | appxmanifest.xml |
|
| Details | File | 1 | vc10.dll |
|
| Details | File | 1 | makeappx.exe |
|
| Details | File | 1 | show_message.exe |
|
| Details | File | 1 | makepri.exe |
|
| Details | File | 3 | aistubx64.exe |
|
| Details | File | 5 | run.ps1 |
|
| Details | File | 5 | appxblockmap.xml |
|
| Details | Github username | 1 | pan- |
|
| Details | MITRE ATT&CK Techniques | 3 | T1546.016 |
|
| Details | MITRE ATT&CK Techniques | 43 | T1546 |
|
| Details | Url | 1 | https://twitter.com/nao_sec/status/1630435399905705986 |
|
| Details | Url | 1 | https://jp.security.ntt/tech_blog/102ignh |
|
| Details | Url | 1 | https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates- |
|
| Details | Url | 1 | https://www.elastic.co/security-labs/ghostpulse- |
|
| Details | Url | 1 | https://learn.microsoft.com/ja-jp/windows/msix/overview |
|
| Details | Url | 1 | https://learn.microsoft.com/ja-jp/windows/msix/psf/package-support-framework |
|
| Details | Url | 1 | https://msrc.microsoft.com/blog/2024/01/microsoft-addresses-app-installer-abuse-ja |
|
| Details | Url | 1 | https://github.com/pan- |
|
| Details | Url | 1 | https://attack.mitre.org/techniques/t1546/016 |
|
| Details | Url | 1 | https://learn.microsoft.com/ja-jp/uwp/schemas/appxpackage/uapmanifestschema/element-application |
|
| Details | Yara rule | 1 | rule hunting_msix_appx {
strings:
$a00 = "AppxManifest.xml"
$a01 = "AppxBlockMap.xml"
$a03 = "AppxSignature.p7x"
condition:
uint16(0) == 0x4b50 and all of them
} |