The default: 63 6f 62 61 6c 74 strike
Tags
| attack-pattern: | Data Models Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 255b1544-e39e-4d66-8a50-58fd72adb46b |
| Fingerprint | d25dd575ddcc28ae |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 17, 2021, 4:42 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Oct. 28, 2024, 2:07 a.m. |
| Headline | The default: 63 6f 62 61 6c 74 strike |
| Title | The default: 63 6f 62 61 6c 74 strike |
| Detected Hints/Tags/Attributes | 24/1/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | clubuz.com |
|
| Details | File | 4 | ssl.jar |
|
| Details | File | 1 | x64.config |
|
| Details | File | 1 | x86.config |
|
| Details | File | 1 | %windir%\syswow64\wuauclt.exe |
|
| Details | File | 2 | %windir%\syswow64\werfault.exe |
|
| Details | File | 3 | %windir%\syswow64\dllhost.exe |
|
| Details | File | 2 | %windir%\syswow64\eventvwr.exe |
|
| Details | File | 1 | %windir%\syswow64\msdt.exe |
|
| Details | File | 1 | %windir%\syswow64\mstsc.exe |
|
| Details | File | 15 | %windir%\syswow64\rundll32.exe |
|
| Details | File | 1 | %windir%\syswow64\spoolsv.exe |
|
| Details | File | 3 | %windir%\syswow64\svchost.exe |
|
| Details | IPv4 | 1 | 121.4.213.91 |
|
| Details | IPv4 | 1 | 129.28.201.96 |
|
| Details | IPv4 | 2 | 164.138.25.191 |
|
| Details | IPv4 | 2 | 46.19.37.133 |