Vietnamese Threat Actor’s Multi-Layered Strategy On Digital Marketing Professionals - Cyble
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Obfuscated Files Or Information Process Injection
country: United States Of America U.S. Virgin Islands
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Cmstp - T1218.003 Command And Scripting Interpreter - T1623 Disable Or Modify Tools - T1562.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Encrypted/Encoded File - T1027.013 Hardware - T1592.001 Lnk Icon Smuggling - T1027.012 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Command Shell - T1059.003 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Cmstp - T1191 Command-Line Interface - T1059 Disabling Security Tools - T1089 Hypervisor - T1062 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 System Information Discovery - T1082 Windows Management Instrumentation - T1047
Show in Graph
Common Information
Type Value
UUID 2ad9dc26-3067-494b-a608-656835700954
Fingerprint e8b599b62db18f08
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 18, 2024, 5:39 a.m.
Added to db Oct. 18, 2024, 12:23 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Vietnamese Threat Actor’s Multi-Layered Strategy on Digital Marketing Professionals
Title Vietnamese Threat Actor’s Multi-Layered Strategy On Digital Marketing Professionals - Cyble
Detected Hints/Tags/Attributes 130/4/56
Source URLs
Redirection Url
Details Source https://cyble.com/blog/vietnamese-threat-actors-multi-layered-strategy-on-digital-marketing-professionals/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 98 Cyble https://cyble.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 2 
positionapplied_voymedia.pdf
Details File 2 
output.bat
Details File 1208 
powershell.exe
Details File 83 
sbiedll.dll
Details File 12 
cmdvrt32.dll
Details File 4 
cmdvrt64.dll
Details File 16 
sxin.dll
Details File 3 
cuckoomon.dll
Details File 748 
kernel32.dll
Details File 1 
balloon.sys
Details File 2 
netkvm.sys
Details File 1 
viofs.sys
Details File 1 
vioser.sys
Details File 5 
vboxmouse.sys
Details File 6 
vboxguest.sys
Details File 3 
vboxsf.sys
Details File 5 
vboxvideo.sys
Details File 7 
vmmouse.sys
Details File 3 
vboxogl.dll
Details File 533 
ntdll.dll
Details File 99 
c:\windows\explorer.exe
Details File 1 
rbx-co2.bat
Details File 2125 
cmd.exe
Details File 1 
1789d7d0-48bf-48f5-bad6-e0262117d577.tmp
Details File 1 
cnt-co2.exe
Details File 11 
application.exe
Details File 1 
career_development_plan_for_meta_ads_specialist_hotpoint_with_numerical.rar
Details File 2 
sav2_encrypt.txt
Details File 3 
payload_1.ps1
Details File 1 
positionapplied_voymedia.rar
Details File 2 
payload_1.bin
Details sha256 2 
dc616cc55a345e448a058368aea7c99ab9dd2a9c8ec42674312b66dbc29b7878
Details sha256 2 
3de5e0b27c69c93b4c4b4812ed4453d4b81e99b7d407640a752e62e33b1ede2a
Details sha256 2 
9a00d0859bc7a81d6e289a414c39aa2bd95319fa3d1d0e5f1be6d348604d640c
Details sha256 2 
b35452610c2cbc5a6a2bebd82af7c3883037b40be7072e43fc5989298bb26ea5
Details sha256 2 
d8bc59a1acf2f9a14a2fb96de979672dbed27d798eecc9454021f352f2bf973a
Details sha256 2 
16ef774020e5754e4a8890789b7c798376a9521823c8897f9c97af5b33b27013
Details sha256 2 
8229f281a93f18612a47843aa69e94312b52180e7f775fd58e5ea04608e23bd0
Details IPv4 1 
144.76.68.248
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 7 
T1218.003
Details MITRE ATT&CK Techniques 6 
T1027.012
Details MITRE ATT&CK Techniques 13 
T1027.013
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 238 
T1497
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 501 
T1012
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 163 
T1573
Details MITRE ATT&CK Techniques 444 
T1071
Details Url 1 
https://www.dropbox.com/scl/fi/b9diosgl68vg9xlaytsbz/sav3_encrypt.txt?rlkey=k2ojylfvks6xyef3vb21n45gp&st=suprpdhv&dl=1
Details Url 2 
https://www.dropbox.com/scl/fi/9p8no6tz85e09vg59kfwk/sav2_encrypt.txt?rlkey=hw7c83mq8uws216q3d4b1cfyi&st=4oycb9or&dl=1
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity