Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques | Mandiant
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Regsvr32 - T1218.010 Powershell - T1086 Regsvr32 - T1117 |
Common Information
| Type | Value |
|---|---|
| UUID | 03a238cb-f0aa-4be7-9554-65af24cc46c2 |
| Fingerprint | f661997028879fa9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 30, 2017, midnight |
| Added to db | Nov. 9, 2023, 12:26 a.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques |
| Title | Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques | Mandiant |
| Detected Hints/Tags/Attributes | 40/2/12 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 3 | glynn.doc |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | md5 | 1 | cc89ddac1afe69069eb18bac58c6a9e4 |
|
| Details | Threat Actor Identifier - APT | 24 | APT19 |
|
| Details | Threat Actor Identifier - APT | 132 | APT32 |
|
| Details | Threat Actor Identifier - FIN | 68 | FIN8 |
|
| Details | Threat Actor Identifier - FIN | 377 | FIN7 |