ioc[.]one - OSINT Cyber Threat Intelligence Database

Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Obfuscated Files Or Information
country:	South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Botnet - T1583.005 Botnet - T1584.005 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Inhibit System Recovery - T1490 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Software Packing - T1027.002 Software Packing - T1406.002 Tool - T1588.002 Data From Local System - T1005 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Indirect Command Execution - T1202 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Software Packing - T1045 System Information Discovery - T1082

Show in Graph

Common Information

Type	Value
UUID	27496184-7fed-4d91-9619-e91b3b56eac9
Fingerprint	9706889b8e7dafcc
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2023, midnight
Added to db	June 1, 2023, 10:44 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family
Title	Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family
Detected Hints/Tags/Attributes	75/4/24

Source URLs

	Redirection	Url
Details	Source	https://www.sentinelone.com/blog/recent-tzw-campaigns-revealed-as-part-of-globeimposter-malware-family/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	www.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion
Details	Domain	1	obzuqvr5424kkc4unbq2p2i67ny3zngce3tbdr37nicjqesgqcgomfqd.onion
Details	Domain	1	linux.3bcd0a.com
Details	sha1	2	4585da0ff7a763be1a46d78134624f7cd13e6940
Details	sha1	2	14be1c43fbfb325858cda78a126528f82cf77ad2
Details	sha1	2	dc98b516c9c589c2b40bc754732ad5f16deb7c82
Details	sha1	2	d034880d1233d579854e17b6ffad67a18fb33923
Details	sha1	2	858f3f7f656397fcf43ac5ea13d6d4cbe7a5ca11
Details	sha1	2	9a080cd497b8aa0006dc953bd9891155210c609c
Details	sha1	2	8c64e820a4c5075c47c4fbaea4022dc05b3fd10b
Details	sha1	2	3326708ba36393b1b4812aa8c88a03d72689ac24
Details	sha1	2	cf5ab37612f24ed422a85e3745b681945c96190e
Details	sha1	2	cf21028b54c4d60d4e775bf05efa85656de43b68
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	60	T1202
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	380	T1547.001