Upatre Continued to Evolve with new Anti-Analysis Techniques
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Junk Data - T1001.001 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Python - T1059.006 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 212ce359-2673-4477-a7c6-d3d22ac1cbd2
Fingerprint 3c85197d49778245
Analysis status DONE
Considered CTI value 0
Text language
Published July 13, 2018, noon
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Upatre Continued to Evolve with new Anti-Analysis Techniques
Title Upatre Continued to Evolve with new Anti-Analysis Techniques
Detected Hints/Tags/Attributes 73/2/15
Source URLs
Redirection Url
Details Source https://researchcenter.paloaltonetworks.com/2018/07/unit42-upatre-continues-evolve-new-anti-analysis-techniques/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com researchcenter.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details IPv4 5 
104.238.186.189
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Details File 74 
vmtoolsd.exe
Details File 26 
vmacthlp.exe
Details File 65 
python.exe
Details File 269 
msiexec.exe
Details File 149 
msbuild.exe
Details sha256 1 
94a8b4b22dab4171edde5b1bafbf2f17dbe3c3c4c01335c36ba3b6e5d3635b83
Details sha256 1 
8ac7909730269d62efaf898d1a5e87251aadccf4349cd95564ad6a3634ba4ef4
Details IPv4 4 
31.3.135.232
Details IPv4 8 
193.183.98.154
Details IPv4 10 
5.135.183.146
Details IPv4 3 
84.201.32.108
Details IPv4 3 
185.133.72.100
Details IPv4 3 
96.90.175.167