Новая версия бэкдора Loki для фреймворка Mythic атакует российские компании
Tags
| attack-pattern: | Data |
Common Information
| Type | Value |
|---|---|
| UUID | 044c08bb-c868-4430-a3f2-527d5de48518 |
| Fingerprint | 78546eb0501f3460 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 9, 2024, 10 a.m. |
| Added to db | Sept. 9, 2024, 9:20 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Loki: новый приватный агент для популярного фреймворка Mythic |
| Title | Новая версия бэкдора Loki для фреймворка Mythic атакует российские компании |
| Detected Hints/Tags/Attributes | 15/1/40 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.ru/loki-agent-for-mythic/110361/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 224 | ✔ | Securelist | https://securelist.ru/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | nsitelecom.ru |
|
| Details | Domain | 5 | document.info-cloud.ru |
|
| Details | Domain | 5 | ui.telecomz.ru |
|
| Details | File | 4 | 2024.exe |
|
| Details | File | 6 | winit.exe |
|
| Details | File | 37 | 1.dll |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 46 | runtimebroker.exe |
|
| Details | File | 3 | перечень_документов.iso |
|
| Details | md5 | 3 | 375CFE475725CAA89EDF6D40ACD7BE70 |
|
| Details | md5 | 3 | 46505707991E856049215A09BF403701 |
|
| Details | md5 | 3 | EB7886DDC6D28D174636622648D8E9E0 |
|
| Details | md5 | 4 | 46505707991e856049215a09bf403701 |
|
| Details | md5 | 4 | f0b6e7c0f0829134fe73875fadf3942f |
|
| Details | md5 | 4 | 796bdba64736a0bd6d2aafe773acba52 |
|
| Details | md5 | 4 | 5ec03e03b908bf76c0bae7ec96a2ba83 |
|
| Details | md5 | 4 | 0632799171501fbeeba57f079ea22735 |
|
| Details | md5 | 4 | 97357d0f1bf2e4f7777528d78ffeb46e |
|
| Details | md5 | 4 | f2132a3e82c2069eb5d949e2f1f50c94 |
|
| Details | md5 | 4 | 7f85e956fc69e6f76f72eeaf98aca731 |
|
| Details | md5 | 4 | 375cfe475725caa89edf6d40acd7be70 |
|
| Details | md5 | 4 | dff5fa75d190dde0f1bd22651f8d884d |
|
| Details | md5 | 4 | 05119e5ffceb21e3b447df49b52ab608 |
|
| Details | md5 | 4 | 724c8e3fc74dde15ccd6441db460c4e4 |
|
| Details | md5 | 4 | 834f7e48aa21c18c0f6e5285af55b607 |
|
| Details | md5 | 4 | e8b110b51f45f2d64af6619379aeef62 |
|
| Details | md5 | 4 | eb7886ddc6d28d174636622648d8e9e0 |
|
| Details | md5 | 4 | 1178e7ff9d4adfe48064c507a299a628 |
|
| Details | md5 | 4 | dd8445e9b7daced487243ecba2a5d7a8 |
|
| Details | md5 | 4 | 4afad607f9422da6871d7d931fe63402 |
|
| Details | sha1 | 3 | 8326b2b0569305254a8ce9f186863e09605667e7 |
|
| Details | sha1 | 3 | 21cdde4f6916f7e4765a377f6f40a82904a05431 |
|
| Details | sha1 | 3 | 98cffa5906adb7bbbb9a6aa7c0bf18587697cf10 |
|
| Details | sha256 | 3 | 81801823c6787b737019f3bd9bd53f15b1d09444f0fe95fad9b568f82cc7a68d |
|
| Details | sha256 | 4 | ff605df63ffe6d7123ad67e96f3bc698e50ac5b982750f77bbc75da8007625bb |
|
| Details | sha256 | 4 | aa544118deb7cb64ded9fdd9455a277d0608c6985e45152a3cbb7422bd9dc916 |
|
| Details | Url | 3 | https://y.nsitelecom.ru/certcenter. |
|
| Details | Url | 5 | http://y.nsitelecom.ru/certcenter |
|
| Details | Url | 5 | http://document.info-cloud.ru/data |
|
| Details | Url | 5 | http://ui.telecomz.ru/data |