ioc[.]one - OSINT Cyber Threat Intelligence Database

Breaking down NOBELIUM’s latest early-stage toolset - Microsoft Security Blog

Tags

cmtmf-attack-pattern:	Masquerading
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Execution Guardrails - T1480 Execution Guardrails - T1627 Html Smuggling - T1027.006 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Masquerading - T1036 Rundll32 - T1085 Masquerading

Show in Graph

Common Information

Type	Value
UUID	11081321-3bbe-41bf-8d9a-08f415ec7e43
Fingerprint	a4759b116faf41cd
Analysis status	DONE
Considered CTI value	1
Text language
Published	May 28, 2021, 2:36 p.m.
Added to db	Sept. 11, 2022, 12:39 p.m.
Last updated	Nov. 18, 2024, 9:32 a.m.
Headline	Breaking down NOBELIUM’s latest early-stage toolset
Title	Breaking down NOBELIUM’s latest early-stage toolset - Microsoft Security Blog
Detected Hints/Tags/Attributes	100/3/28

Source URLs

	Redirection	Url
Details	Source	https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	www.microsoft.com

Attributes

Details	Type	#Events	Value
Details	Domain	107	aka.ms
Details	Domain	4	holescontracting.com
Details	File	6	nv.html
Details	File	10	boom.exe
Details	File	4	nv.pdf
Details	File	127	c:\windows\system32\rundll32.exe
Details	File	2	c:\windows\system32\advpack.dll
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1260	explorer.exe
Details	File	5	documents.dll
Details	File	3	imgmountingservice.dll
Details	File	2	diassvcs.dll
Details	File	2	msdiskmountservice.dll
Details	File	3	mstu.dll
Details	File	3	%appdata%\microsoft\nativecache\nativecachesvc.dll
Details	File	5	nativecachesvc.dll
Details	File	1019	rundll32.exe
Details	File	9	readme.pdf
Details	File	1	%appdata%\systemcertificates\certpkiprovider.dll
Details	File	3	certpkiprovider.dll
Details	File	1	%appdata%\systemcertificates\lib\certpkiprovider.dll
Details	md5	1	432B65EF29F84E6043A80C15EBA12FD2
Details	sha256	6	48b5fb3fa3ea67c2bc0086c41ec755c39d748a7100d71b81f618e82bf1c479f0
Details	Pdb	2	c:\users\dev10vs\desktop\prog\obj\boom\boom\boom\obj\release\boom.pdb
Details	Pdb	1	c:\users\devuser\documents\visual studio 2013\projects\dll_stageless\release\dll_stageless.pdb
Details	Pdb	3	c:\users\dev\desktop\나타나게 하다\dll6\x64\release\dll6.pdb
Details	Url	4	https://aka.ms/nobelium.
Details	Windows Registry Key	2	HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MicroNativeCacheSvc