Fuel Pumps II – PoSlurp.B – One Night in Norfolk
Tags
| cmtmf-attack-pattern: | Process Injection |
| attack-pattern: | Data Direct Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | 0d232a67-c864-420a-b84d-d491b9ce35a6 |
| Fingerprint | ac2c9b212cb90483 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 31, 2019, 6:51 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Fuel Pumps II – PoSlurp.B |
| Title | Fuel Pumps II – PoSlurp.B – One Night in Norfolk |
| Detected Hints/Tags/Attributes | 39/2/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://norfolkinfosec.com/fuel-pumps-ii-poslurp-b/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 440 | ✔ | One Night in Norfolk | https://norfolkinfosec.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1 | injection_target.exe |
|
| Details | File | 1 | process_to_be_scraped.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | c:\users\public\music\wmsetup.tmp |
|
| Details | md5 | 1 | b54283d17b7c13329943168b898ff07e |
|
| Details | md5 | 1 | 3d5ae56c6746e0b3ed5b15124264a0d2 |
|
| Details | md5 | 1 | 82953a819daff3a81e678c75ce7736b3 |
|
| Details | sha1 | 1 | 67a06663b0c8a885d444b8bedb8261b28f050a39 |
|
| Details | sha1 | 1 | f92c886f85928041148d0dcd7c4fb9623b157f94 |
|
| Details | sha256 | 1 | e78d9a6cd94bd8ec3095a0ecbbc9c4add78d3281d2bf46497164d0406c346395 |
|
| Details | sha256 | 1 | d9e442cd69d1f656a3e8cfd0792333a8f0108193e052a4ee2d7f9138a4b253b2 |
|
| Details | Threat Actor Identifier - FIN | 68 | FIN8 |