ioc[.]one - OSINT Cyber Threat Intelligence Database

Thread Name-Calling - using Thread Name for offense - Check Point Research

Tags

cmtmf-attack-pattern:	Code Injection Process Injection
attack-pattern:	Data Direct Asynchronous Procedure Call - T1055.004 Code Injection - T1540 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Connection Proxy - T1090 Hooking - T1179 Process Injection - T1055 Hooking

Show in Graph

Common Information

Type	Value
UUID	06694ce3-c8e0-4e13-9f43-41bea637bef0
Fingerprint	ae389917bc205661
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 25, 2024, 9:16 a.m.
Added to db	Aug. 31, 2024, 4:33 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Thread Name-Calling – using Thread Name for offense
Title	Thread Name-Calling - using Thread Name for offense - Check Point Research
Detected Hints/Tags/Attributes	63/2/33

Source URLs

	Redirection	Url
Details	Source	https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/

URL Provider

Details	Provider	Source level domain
Details	checkpoint.com	research.checkpoint.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	204	✔	Check Point Research	https://research.checkpoint.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4127	github.com
Details	Domain	1	blahcat.github.io
Details	Domain	1	www.lodsb.com
Details	Domain	154	youtu.be
Details	Domain	4	behavioral.win
Details	Domain	360	attack.mitre.org
Details	Domain	1373	twitter.com
Details	Domain	67	gitlab.com
Details	Domain	4	modexp.wordpress.com
Details	Domain	2	repnz.github.io
Details	Domain	17	www.deepinstinct.com
Details	File	82	kernelbase.dll
Details	File	125	ntoskrnl.exe
Details	File	1	src.max
Details	File	533	ntdll.dll
Details	File	1	small-dumps-in-the-big-pool.html
Details	Github username	2	lloydlabs
Details	Github username	35	hasherezade
Details	Gitlab username	1	orca000
Details	MITRE ATT&CK Techniques	440	T1055
Details	Url	1	https://github.com/lloydlabs/dearg-thread-ipc-stealth
Details	Url	1	https://www.lodsb.com/shellcode-injection-using-threadnameinformation
Details	Url	1	https://youtu.be/1bjaxhh91p4
Details	Url	1	https://youtu.be/8csnge3gzxy
Details	Url	1	https://github.com/hasherezade/thread_namecalling
Details	Url	8	https://attack.mitre.org/techniques/t1055
Details	Url	1	https://twitter.com/hexacorn/status/1317424213951733761
Details	Url	1	https://twitter.com/_gal_yaniv/status/1353630677493837825
Details	Url	1	https://blahcat.github.io/posts/2019/03/17/small-dumps-in-the-big-pool.html
Details	Url	1	https://gitlab.com/orca000/t.d.p
Details	Url	1	https://modexp.wordpress.com/2019/08/27/process-injection-apc
Details	Url	1	https://repnz.github.io/posts/apc/user-apc/#ntqueueapcthreadex
Details	Url	1	https://www.deepinstinct.com/blog/inject-me-x64-injection-less-code-injection