Looking behind the curtain. How RSA Netwitness Packets and Endpoint see a Cerber Ransomware compromise
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Ssh - T1021.004 Tool - T1588.002 Connection Proxy - T1090 Mshta - T1170 Scripting - T1064 Windows Management Instrumentation - T1047 Scripting
Show in Graph
Common Information
Type Value
UUID 32b6793e-0513-46de-ae55-583e0e76f51f
Fingerprint 34501831103ca491
Analysis status DONE
Considered CTI value 1
Text language
Published Nov. 23, 2016, 5:38 p.m.
Added to db Jan. 18, 2023, 9:22 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline NetWitness Community
Title Looking behind the curtain. How RSA Netwitness Packets and Endpoint see a Cerber Ransomware compromise
Detected Hints/Tags/Attributes 64/1/17
Source URLs
Redirection Url
Details Source https://community.rsa.com/community/products/netwitness/blog/2016/11/23/looking-behind-the-curtain-how-rsa-netwitness-packets-and-endpoint-see-a-cerber-ransomware-compromise
URL Provider
Details Provider Source level domain
Details rsa.com community.rsa.com
Attributes
Details Type #Events CTI Value
Details Domain 88 
malware-traffic-analysis.net
Details Domain 1 
red.mobilaile.com
Details File 11 
index2.html
Details File 263 
iexplore.exe
Details File 2127 
cmd.exe
Details File 376 
wscript.exe
Details File 1 
'rad9612f.tmp
Details File 11 
'system.dll
Details File 1 
c:\users\analyst\appdata\local\temp\nslc925.tmp
Details File 1 
'rad29123.tmp
Details File 1 
rad29123.tmp
Details File 4 
'wmic.exe
Details File 456 
mshta.exe
Details File 1 
rad9612f.tmp
Details IPv4 5 
4.2.0.2
Details Threat Actor Identifier - APT 297 
APT27
Details Url 1 
http://malware-traffic-analysis.net/2016/11/21/index2.html