Lojack Becomes a Double-Agent | NETSCOUT
Tags
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 32228a9c-0bee-46e2-a565-ff0b8da3bdf2 |
| Fingerprint | a4cccb92017f26ee |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 1, 2018, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 19, 2024, 8:52 p.m. |
| Headline | Lojack Becomes a Double-Agent |
| Title | Lojack Becomes a Double-Agent | NETSCOUT |
| Detected Hints/Tags/Attributes | 48/3/20 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asert.arbornetworks.com/lojack-becomes-a-double-agent/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.absolutelojack.com |
|
| Details | Domain | 222 | www.blackhat.com |
|
| Details | Domain | 2 | sysanalyticweb.com |
|
| Details | Domain | 2 | elaxo.org |
|
| Details | Domain | 2 | ikmtrust.com |
|
| Details | Domain | 2 | lxwo.org |
|
| Details | Domain | 3 | search.namequery.com |
|
| Details | File | 5 | rpcnetp.exe |
|
| Details | md5 | 1 | cf45ec807321d12f8df35fa434591460 |
|
| Details | md5 | 1 | f1df1a795eb784f7bfc3ba9a7e3b00ac |
|
| Details | md5 | 1 | 6eaa1ff5f33df3169c209f98cc5012d0 |
|
| Details | md5 | 1 | f3c6e16f0dd2b0e55a7dad365c3877d4 |
|
| Details | md5 | 1 | f391556d9f89499fa8ee757cb3472710 |
|
| Details | md5 | 1 | e78e3b0171b189074d2539c7baaa0719 |
|
| Details | md5 | 1 | ac1a85d3ca1b6265cad4ed41b696f9b7 |
|
| Details | Threat Actor Identifier - APT | 789 | APT28 |
|
| Details | Url | 1 | https://www.absolutelojack.com |
|
| Details | Url | 1 | https://www.blackhat.com/docs/us-14/materials/us-14-kamluk-computrace-b |
|
| Details | Url | 1 | https://www.blackhat.com/docs/us-14/materials/us-14-kamlyuk-kamluk-comp |
|
| Details | Yara rule | 1 | rule ComputraceAgent {
meta:
description = "Absolute Computrace Agent Executable"
thread_level = 3
in_the_wild = true
strings:
$a = { D1 E0 F5 8B 4D 0C 83 D1 00 8B EC FF 33 83 C3 04 }
$mz = { 4D 5A }
$b1 = { 72 70 63 6E 65 74 70 2E 65 78 65 00 72 70 63 6E 65 74 70 00 }
$b2 = { 54 61 67 49 64 00 }
condition:
($mz at 0) and ($a or ($b1 and $b2))
} |