DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Cloud Services - T1021.007 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Regsvr32 - T1218.010 Sharepoint - T1213.002 Powershell - T1086 Regsvr32 - T1117
Show in Graph
Common Information
Type Value
UUID 44177303-dea1-4125-add1-b902a144ed3f
Fingerprint b409acd149b73585
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 18, 2019, 6:40 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
Title DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
Detected Hints/Tags/Attributes 74/2/60
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details Domain 228 
system.io
Details Domain 2 
676f6f646c75636b.gogle.co
Details Domain 1 
gogle.co
Details Domain 1 
aqhpc.akdns.live
Details Domain 1 
tbs2.microsoftonline.services
Details Domain 1 
tvs2.trafficmanager.live
Details Domain 1 
0ffice365.agency
Details Domain 1 
0ffice365.life
Details Domain 1 
0ffice365.services
Details Domain 1 
0nedrive.agency
Details Domain 1 
corewindows.agency
Details Domain 1 
microsoftonline.agency
Details Domain 1 
onedrive.agency
Details Domain 1 
sharepoint.agency
Details Domain 1 
skydrive.agency
Details Domain 1 
skydrive.services
Details Domain 2 
akamaiedge.live
Details Domain 2 
akamaized.live
Details Domain 2 
akdns.live
Details Domain 2 
edgekey.live
Details Domain 1 
hotmai1l.com
Details Domain 1 
tvs1.trafficmanager.live
Details Domain 1 
tbs1.microsoftonline.services
Details Domain 1 
brit.ns.cloudfronts.services
Details Domain 1 
dns.cloudfronts.services
Details Domain 1 
ns2.akadns.services
Details Domain 1 
britns.akadns.services
Details Domain 1 
britns.akadns.live
Details Domain 1 
ns2.akadns.live
Details Domain 1 
iecvlist-microsoft.live
Details Domain 1 
data-microsoft.services
Details Domain 1 
asimov-win-microsoft.services
Details Domain 1 
onecs-live.services
Details Domain 1 
akamaiedge.services
Details Domain 1 
phicdn.world
Details Domain 1 
azureedge.today
Details Domain 1 
nsatc.agency
Details Domain 1 
akamai.agency
Details Domain 1 
t-msedge.world
Details File 1 
%temp%\windowstemp.ps1
Details File 1 
%temp%\12-b-366.txt
Details File 1 
12-b-366.txt
Details File 459 
regsvr32.exe
Details File 62 
scrobj.dll
Details File 1 
windowstemp.ps1
Details File 36 
compression.gzip
Details File 1 
%appdata%\microsoft\windows\templates\windowstemplate.exe
Details File 1 
windowstemplate.exe
Details File 33 
nslookup.exe
Details File 1 
-u.txt
Details sha256 1 
e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022
Details sha256 1 
4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8
Details sha256 1 
513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8
Details sha256 1 
f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0
Details sha256 1 
5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c
Details sha256 1 
eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97
Details IPv4 2 
216.58.192.174
Details IPv4 1 
107.175.75.123
Details IPv4 1 
107.175.150.113
Details IPv6 3 
2a00:1450:4001:81a::200e