Research that builds detections
Tags
attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Powershell - T1086 Process Injection - T1055 |
Common Information
Type | Value |
---|---|
UUID | 271391a6-d92e-40fb-9e24-89dd90babe9f |
Fingerprint | ab5c011ab1de8258 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Jan. 9, 2025, midnight |
Added to db | Jan. 9, 2025, 10:22 a.m. |
Last updated | Jan. 17, 2025, 9:48 a.m. |
Headline | Wrapping up |
Title | Research that builds detections |
Detected Hints/Tags/Attributes | 43/1/32 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 72 | ✔ | VirusTotal Blog | https://blog.virustotal.com/feeds/posts/default | 2024-08-30 22:08 |
Details | 395 | ✔ | Antivirus and Security news | https://www.viruss.eu/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 398 | pastebin.com |
|
Details | Domain | 13 | more.com |
|
Details | Domain | 1 | strontic.github.io |
|
Details | Domain | 316 | microsoft.net |
|
Details | File | 1396 | powershell.exe |
|
Details | File | 75 | vbc.exe |
|
Details | File | 1 | com-edb3046610020ee614b5b81b0439895e.html |
|
Details | File | 1 | -a731372e6f6978ce25617ae01b143351.html |
|
Details | File | 2 | 'vbc.exe |
|
Details | File | 20 | attack.exe |
|
Details | File | 1 | c:\\users\\george\\desktop\\ezzz.exe |
|
Details | Github username | 33 | sigmahq |
|
Details | md5 | 1 | EDB3046610020EE614B5B81B0439895E |
|
Details | md5 | 1 | A731372E6F6978CE25617AE01B143351 |
|
Details | md5 | 1 | FCCB961AE76D9E600A558D2D0225ED43 |
|
Details | md5 | 1 | 1460E2E6D7F8ECA4240B7C78FA619D15 |
|
Details | sha1 | 1 | 61f4d9a9ee38dbc72e840b3624520cf31a3a8653 |
|
Details | sha1 | 1 | fad4742996c55d8d4663e611f84877a2b741dc46 |
|
Details | sha256 | 1 | 14d886517fff2cc8955844b252c985ab59f2f95b2849002778f03a8f07eb8aef |
|
Details | sha256 | 1 | 466876f453563a272adb5d568670eca98d805e7ecaa5a2e18c92b6d3c947df93 |
|
Details | sha256 | 1 | c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761 |
|
Details | sha256 | 1 | e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675 |
|
Details | sha256 | 1 | a1021d4086a92fd3782417a54fa5c5141d1e75c8afc9e73dc6e71ef9e1ae2e9c |
|
Details | sha256 | 1 | 8f179585d5c1249ab1ef8cec45a16d112a53f91d143aa2b0b6713602b1d19252 |
|
Details | MITRE ATT&CK Techniques | 498 | T1055 |
|
Details | Url | 1 | https://github.com/sigmahq/sigma/blob/master/rules-emerging-threats/2024/malware/lummac-stealer/proc_creation_win_malware_lummac_more_vbc.yml |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/14d886517fff2cc8955844b252c985ab59f2f95b2849002778f03a8f07eb8aef |
|
Details | Url | 1 | https://strontic.github.io/xcyclopedia/library/more.com-edb3046610020ee614b5b81b0439895e.html |
|
Details | Url | 1 | https://strontic.github.io/xcyclopedia/library/vbc.exe-a731372e6f6978ce25617ae01b143351.html |
|
Details | Url | 1 | https://github.com/sigmahq/sigma/blob/fad4742996c55d8d4663e611f84877a2b741dc46/rules-emerging-threats/2024/malware/generic/file_event_win_malware_generic_creation_configuration_rats.yml |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761 |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675 |