Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
Tags
country: Pakistan
attack-pattern: Data Dead Drop Resolver - T1102.001 Dead Drop Resolver - T1481.001 Exploits - T1587.004 Exploits - T1588.005 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 1ac76313-e58a-48d2-9fcc-55b96268cf43
Fingerprint e421bb940db60183
Analysis status DONE
Considered CTI value 2
Text language
Published March 7, 2018, 3 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
Title Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
Detected Hints/Tags/Attributes 55/2/40
Source URLs
Redirection Url
Details Source https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com researchcenter.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 30 
cve-2015-2545
Details CVE 13 
cve-2017-0261
Details Domain 3 
feeds.rapidfeeds.com
Details Domain 4 
feed43.com
Details Domain 4 
www.webrss.com
Details Domain 5 
blowfish.new
Details Domain 54 
re.search
Details File 1 
%programdata%\microsoft\devicesync\vmwarecpllauncher.exe
Details File 1 
%programdata%\microsoft\devicesync\vmtools.dll
Details File 1 
%programdata%\microsoft\devicesync\msbuild.exe
Details File 1 
vmwarecpllauncher.exe
Details File 11 
vmtools.dll
Details File 149 
msbuild.exe
Details File 2 
9pt568.dat
Details File 3 
tpx498.dat
Details File 2 
edg499.dat
Details File 2 
tpx499.dat
Details File 2 
adbfle.tmp
Details File 2 
abdyot0nxyg.php
Details File 2 
uyefgepxaoe.php
Details File 1 
8166706728852850.xml
Details File 1 
3210021137734622.xml
Details File 3 
createfeed.php
Details md5 1 
79ad2084b057847ce2ec2e48fda64073
Details md5 2 
e3e7e71a0b28b5e96cc492e636722f73
Details md5 2 
DD1876848203D9E10ABCEEC07282FF37
Details sha256 1 
a67220bcf289af6a99a9760c05d197d09502c2119f62762f78523aa7cbc96ef1
Details sha256 1 
07d5509988b1aa6f8d5203bc4b75e6d7be6acf5055831cc961a51d3e921f96bd
Details sha256 1 
b8abf94017b159f8c1f0746dca24b4eeaf7e27d2ffa83ca053a87deb7560a571
Details sha256 1 
d486ed118a425d902044fb7a84267e92b49169c24051ee9de41327ee5e6ac7c2
Details sha256 1 
fd8394b2ff9cd00380dc2b5a870e15183f1dc3bd82ca6ee58f055b44074c7fd4
Details sha256 1 
290ac98de80154705794e96d0c6d657c948b7dff7abf25ea817585e4c923adb2
Details sha256 1 
ab4f86a3144642346a3a40e500ace71badc06a962758522ca13801b40e9e7f4a
Details IPv4 3 
185.203.118.115
Details IPv4 1 
192.168.217.141
Details IPv4 3 
94.156.35.204
Details Url 1 
http://feed43.com/8166706728852850.xml
Details Url 1 
http://feed43.com/3210021137734622.xml
Details Url 1 
http://www.webrss.com/createfeed.php?feedid=49966
Details Url 1 
http://feeds.rapidfeeds.com/88604