Анализ APT-фреймворка CloudWizard
Tags
| attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 21030f89-9761-4632-837e-be020a7333e8 |
| Fingerprint | 469751b13985f458 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 19, 2023, 3:51 p.m. |
| Added to db | June 5, 2023, 11:37 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | APT-угроза CloudWizard: история CommonMagic продолжается |
| Title | Анализ APT-фреймворка CloudWizard |
| Detected Hints/Tags/Attributes | 33/1/34 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.ru/cloudwizard-apt/107420/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 224 | ✔ | Securelist | https://securelist.ru/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 49 | mail.google.com |
|
| Details | File | 2 | c:\programdata\apparition storage\syncobjsup.dll |
|
| Details | File | 4 | syncobjsup.dll |
|
| Details | File | 12 | main.dll |
|
| Details | File | 2 | crypton.dll |
|
| Details | File | 2 | internet.dll |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 2 | c:\programdata\microsoft\wwansvc\winsubsvc.exe |
|
| Details | File | 2 | c:\programdata\microsoft\mf\etwdrv.dll |
|
| Details | File | 2 | winsubsvc.exe |
|
| Details | File | 3 | lcrpsdnew.dll |
|
| Details | File | 1 | мс.dat |
|
| Details | md5 | 2 | a2c27e73bc5dec88884e9c165e9372c9 |
|
| Details | md5 | 2 | 406494bf3cabbd34ff56dcbeec46f5d6 |
|
| Details | md5 | 2 | F8BDE730EA3843441A657A103E90985E |
|
| Details | md5 | 2 | 39B01A6A025F672085835BD699762AEC |
|
| Details | md5 | 2 | 16793D6C3F2D56708E5FC68C883805B5 |
|
| Details | md5 | 2 | 26E55D10020FBC75D80589C081782EA2 |
|
| Details | md5 | 2 | EB56F9F7692F933BEE9660DFDFABAE3A |
|
| Details | md5 | 2 | BFF64B896B5253B5870FE61221D9934D |
|
| Details | md5 | 2 | 84BDB1DC4B037F9A46C001764C115A32 |
|
| Details | md5 | 2 | 7C0E5627FD25C40374BC22035D3FADD8 |
|
| Details | md5 | 2 | 0edd23bbea61467f144d14df2a5a043e |
|
| Details | md5 | 2 | a2050f83ba2aa1c4c95567a5ee155dca |
|
| Details | md5 | 2 | 0ca329fe3d99acfaf209cea559994608 |
|
| Details | sha1 | 3 | 7275a6ed8ee314600a9b93038876f853b957b316 |
|
| Details | sha256 | 2 | 177f1216b55058e30a3ce319dc1c7a9b1e1579ea3d009ba965b18f795c1071a4 |
|
| Details | sha256 | 2 | 041e4dcdc0c7eea5740a65c3a15b51ed0e1f0ebd6ba820e2c4cd8fa34fb891a2 |
|
| Details | sha256 | 2 | 11012717a77fe491d91174969486fbaa3d3e2ec7c8d543f9572809b5cf0f2119 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | Pdb | 2 | d:\my\projects_all\2015\wallex\iomus1_gz\release\iomus.pdb |
|
| Details | Pdb | 2 | d:\my\projects_all\2016\iomus0_gz\release\usdlg.pdb |
|
| Details | Pdb | 2 | d:\projects\work_2017\service\interactive service_system\release\service.pdb |
|
| Details | Url | 2 | https://mail.google.com/mail/u |