ioc[.]one - OSINT Cyber Threat Intelligence Database

MisterioLNK: The Open-Source Builder Behind Malicious Loaders - Cyble

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Masquerading Obfuscated Files Or Information
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Command Obfuscation - T1027.010 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerade File Type - T1036.008 Masquerading - T1655 Obfuscated Files Or Information - T1406 Software - T1592.002 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Protocols - T1437.001 Tool - T1588.002 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Masquerading - T1036 Obfuscated Files Or Information - T1027 Scripting - T1064 User Execution - T1204 Masquerading Scripting User Execution

Show in Graph

Common Information

Type	Value
UUID	29be64e9-5bb5-42a8-af97-eacd026c611c
Fingerprint	9452397221bf8e8e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 8, 2024, 8:23 a.m.
Added to db	Oct. 8, 2024, 2:34 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	MisterioLNK: The Open-Source Builder Behind Malicious Loaders
Title	MisterioLNK: The Open-Source Builder Behind Malicious Loaders - Cyble
Detected Hints/Tags/Attributes	61/3/21

Source URLs

	Redirection	Url
Details	Source	https://cyble.com/blog/misteriolnk-the-open-source-builder-behind-malicious-loaders/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	98	✔	Cyble	https://cyble.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	11	live.sysinternals.com
Details	File	2	misterio.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	12	live.sys
Details	File	2	du.exe
Details	File	1	%temp%\ntvy4adp.exe
Details	File	2125	cmd.exe
Details	sha256	2	3bcde12b9388e30df1dee8925999e6101718fde3040d2708adbbc93b400e4a17
Details	sha256	2	dba195e6ccc386f9d260f09e2c5d84c1a5f8b28c707e1a353f72dba9ffa2b850
Details	sha256	2	1be9fcca5fd587accd9dbfa1b6a67a2e6bb58465dd78f775c40f6eb6480bfb5f
Details	sha256	2	64fd11a9befea1310503336a6a8194fca7ab7af291562787c4985d1a1f06b4e1
Details	sha256	2	0d32a67ee4193520116d2435d1d579811c5ab71c7550d433948eb82e027cc601
Details	sha256	2	7f8737e14ca51c1724c0f65a568cefa4d9e1536416ddf89569eab2cce8ae2e01
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	21	T1036.008
Details	MITRE ATT&CK Techniques	25	T1027.010
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	Url	1	https://live.sysinternals.com/du.exe