A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan | Mandiant
Tags
cmtmf-attack-pattern: Masquerading
attack-pattern: Data Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Masquerading - T1036 Scheduled Task - T1053 Masquerading
Show in Graph
Common Information
Type Value
UUID 3a46231d-1ddb-4249-8113-1aad936eea78
Fingerprint ec25997a8dbb22d3
Analysis status DONE
Considered CTI value 0
Text language
Published May 14, 2018, midnight
Added to db Nov. 6, 2023, 7:08 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
Title A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan | Mandiant
Detected Hints/Tags/Attributes 58/2/50
Source URLs
Redirection Url
Details Source https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html
Details Source https://www.mandiant.com/resources/blog/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan
URL Provider
Details Provider Source level domain
Details fireeye.com www.fireeye.com
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
latorre.com.au
Details Domain 1 
latorre.com
Details Domain 1 
grobiosgueng.su
Details File 1122 
svchost.exe
Details File 263 
iexplore.exe
Details File 533 
ntdll.dll
Details File 14 
vmware.exe
Details File 3 
vmount2.exe
Details File 14 
vmusrvc.exe
Details File 14 
vmsrvc.exe
Details File 42 
vboxservice.exe
Details File 44 
vboxtray.exe
Details File 9 
xenservice.exe
Details File 19 
joeboxserver.exe
Details File 19 
joeboxcontrol.exe
Details File 71 
wireshark.exe
Details File 2 
sniffhit.exe
Details File 13 
sysanalyzer.exe
Details File 29 
filemon.exe
Details File 64 
procexp.exe
Details File 74 
procmon.exe
Details File 22 
regmon.exe
Details File 30 
autoruns.exe
Details File 2 
hgfs.sys
Details File 6 
vmhgfs.sys
Details File 2 
prleth.sys
Details File 2 
prlfs.sys
Details File 2 
prlmouse.sys
Details File 2 
prlvideo.sys
Details File 2 
prl_pv32.sys
Details File 1 
vpcs3.sys
Details File 2 
vmsrvc.sys
Details File 3 
vmx86.sys
Details File 2 
vmnet.sys
Details File 2 
dbhelp.dll
Details File 21 
api_log.dll
Details md5 1 
30f03b09d2073e415a843a4a1d8341af
Details md5 1 
99787d194cbd629d12ef172874e82738
Details IPv4 2 
169.239.129.17
Details Windows Registry Key 1 
HKLM\HARDWARE\ACPI\DSDT
Details Windows Registry Key 1 
HKLM\HARDWARE\ACPI\FADT
Details Windows Registry Key 1 
HKLM\HARDWARE\ACPI\RSDT
Details Windows Registry Key 4 
HKLM\SYSTEM\CurrentControlSet\Services\Disk\Enum
Details Windows Registry Key 1 
HKLM\SYSTEM\ControlSet001\Services\Disk\Enum
Details Windows Registry Key 11 
HKLM\SOFTWARE\Microsoft
Details Windows Registry Key 14 
HKLM\SOFTWARE
Details Windows Registry Key 1 
HKLM\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Details Windows Registry Key 1 
HKLM\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Details Windows Registry Key 2 
HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi
Details Windows Registry Key 4 
HKLM\SOFTWARE\Oracle\VirtualBox