DeathStalker targets legal entities with new Janicab variant
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 3d8c3c31-4dc3-4452-b437-41c3c39a544c |
| Fingerprint | a6099a112da08fe3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 8, 2022, 10 a.m. |
| Added to db | Dec. 8, 2022, 11:41 a.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | DeathStalker targets legal entities with new Janicab variant |
| Title | DeathStalker targets legal entities with new Janicab variant |
| Detected Hints/Tags/Attributes | 109/3/93 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 223 | ✔ | Securelist | https://securelist.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 338 | kaspersky.com |
|
| Details | Domain | 2 | cab.cab |
|
| Details | Domain | 2 | replacer.py |
|
| Details | Domain | 3 | pythonproxy.py |
|
| Details | Domain | 3 | ftp.py |
|
| Details | Domain | 5 | runner.py |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 154 | youtu.be |
|
| Details | 147 | intelreports@kaspersky.com |
||
| Details | File | 2 | 1.vb |
|
| Details | File | 3 | 2.vb |
|
| Details | File | 2 | cab.cab |
|
| Details | File | 1 | %userprofile%.vb |
|
| Details | File | 2 | snapit.exe |
|
| Details | File | 1 | adobeupdater.dll |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | ie.vb |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 2 | k.dll |
|
| Details | File | 5 | map.txt |
|
| Details | File | 2 | replacer.py |
|
| Details | File | 4 | vc90.crt |
|
| Details | File | 12 | msvcr90.dll |
|
| Details | File | 65 | python.exe |
|
| Details | File | 10 | python27.dll |
|
| Details | File | 1 | pythoncom27.dll |
|
| Details | File | 2 | pywintypes27.dll |
|
| Details | File | 3 | _socket.py |
|
| Details | File | 3 | select.py |
|
| Details | File | 3 | pythonproxy.py |
|
| Details | File | 3 | ftp.py |
|
| Details | File | 4 | junction.exe |
|
| Details | File | 28 | plink.exe |
|
| Details | File | 8 | runner.py |
|
| Details | File | 17 | log.log |
|
| Details | File | 2 | killkl.txt |
|
| Details | File | 1 | killrunner.txt |
|
| Details | File | 1 | icmpxa.exe |
|
| Details | File | 2 | status2.php |
|
| Details | File | 8 | status.php |
|
| Details | File | 14 | a.php |
|
| Details | File | 2 | alive.php |
|
| Details | File | 3 | gid.php |
|
| Details | File | 1 | generateid.php |
|
| Details | File | 2 | rit.php |
|
| Details | File | 1 | reportit.php |
|
| Details | File | 13 | c.php |
|
| Details | File | 1 | getcli.php |
|
| Details | File | 2 | rs.php |
|
| Details | File | 1 | receivescreenshot.php |
|
| Details | File | 2 | rk.php |
|
| Details | File | 1 | receivekl.php |
|
| Details | File | 2 | sm.php |
|
| Details | File | 1 | startup.php |
|
| Details | File | 29 | d.php |
|
| Details | File | 1 | serial.txt |
|
| Details | File | 1 | smpt-error.txt |
|
| Details | File | 1 | snapshot.dll |
|
| Details | File | 1 | screenshots.dll |
|
| Details | File | 10 | unrar.exe |
|
| Details | File | 27 | procdump.exe |
|
| Details | File | 96 | rar.exe |
|
| Details | md5 | 1 | 3f1e0540793d9b9dbd26d6fadceacb71 |
|
| Details | md5 | 1 | 5F1A9913AEC43A61F0B3AD7B529B397E |
|
| Details | md5 | 1 | F1B5675E1A60049C7CD823EBA93FE977 |
|
| Details | md5 | 1 | 7EA6F821523003A04ABE5AE3AC546150 |
|
| Details | md5 | 1 | 03CFA51AA7F0893F1D0FEB32B521CC61 |
|
| Details | md5 | 1 | B5190D7CC4D7A59AD4962B8614DB8521 |
|
| Details | md5 | 1 | F086C3DBCDE4228CA274BE45C80C6F0F |
|
| Details | md5 | 1 | 8D3D2364220D376E6F8D123E57CF4551 |
|
| Details | md5 | 1 | DB1EB8B831332143349B6E6AD9AB12A2 |
|
| Details | md5 | 1 | 48E4DBC53C611CD324FCAF6418E06A52 |
|
| Details | md5 | 1 | F1F23D4DF41C5DA5444C97781FF2CAB7 |
|
| Details | md5 | 1 | B5450C8553DEF4996426AB46996B2E55 |
|
| Details | md5 | 1 | 37382F2F1495F61F3504320EE4ECAF6A |
|
| Details | md5 | 1 | AD2195E2977BFB824C8AFDAB38E531B2 |
|
| Details | md5 | 1 | 96EBCFB2CC9E6C5D0AD2CEC2522F1274 |
|
| Details | md5 | 1 | 84AA12FE7C7AB241A2E0CA2DB5DB2865 |
|
| Details | md5 | 1 | B2E25926FE6DDCB049737CB514752A72 |
|
| Details | md5 | 1 | EF8B8426861D7B633615FD3014021FC4 |
|
| Details | md5 | 1 | F73C54B08B84DF11D90B3A009D07748F |
|
| Details | sha1 | 1 | aacd0752289f3b0c6be3fadba368a9a71e46a228 |
|
| Details | sha256 | 1 | 33f9780a2f0838e43457a8190616bec9e5489e1a112501e950fc40e0a3b2782e |
|
| Details | IPv4 | 1 | 87.120.254.100 |
|
| Details | IPv4 | 1 | 87.120.37.68 |
|
| Details | IPv4 | 1 | 87.120.37.192 |
|
| Details | IPv4 | 1 | 176.223.165.196 |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/sysinternals/downloads/junction. |
|
| Details | Url | 1 | https://youtu.be/aaprxqojls4 |
|
| Details | Url | 1 | https://youtu.be/tn7l5ryralm |
|
| Details | Url | 1 | https://youtu.be/azrjqdwn4-g |
|
| Details | Windows Registry Key | 8 | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows |