Malvertising Targeting European Transit Users | Zscaler
Tags
| country: | Brazil |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 0fd79ea6-b21e-40d0-b624-7b6ecea0a6eb |
| Fingerprint | 6c35bb4fbba2a485 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 11, 2015, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Malvertising Targeting European Transit Users |
| Title | Malvertising Targeting European Transit Users | Zscaler |
| Detected Hints/Tags/Attributes | 58/3/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 2 | svchoste.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 14 | consent.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 131 | spoolsv.exe |
|
| Details | File | 1 | rgjdu.exe |
|
| Details | File | 1 | afwqs.exe |
|
| Details | File | 13 | link.php |
|
| Details | File | 1 | connections.reg |
|
| Details | IPv4 | 1 | 1.9.6.8 |
|
| Details | Windows Registry Key | 4 | HKLM\SOFTWARE\Microsoft\Security |
|
| Details | Windows Registry Key | 1 | HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\DomainProfile |
|
| Details | Windows Registry Key | 1 | HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\publicprofile |
|
| Details | Windows Registry Key | 1 | HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\standardprofile |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 3 | HKLM\SOFTWARE\Microsoft\Microsoft |