深度研究APT组织Strom0978的高级注入技术StepBear | CTF导航
Tags
| attack-pattern: | Data Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 462de142-cd84-490f-8e26-7be3d4a9aa53 |
| Fingerprint | 6601ee792b1f4420 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | April 23, 2024, midnight |
| Added to db | Oct. 28, 2024, 4:10 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | 深度研究APT组织Strom0978的高级注入技术StepBear |
| Title | 深度研究APT组织Strom0978的高级注入技术StepBear | CTF导航 |
| Detected Hints/Tags/Attributes | 20/1/28 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.ctfiot.com/211992.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 4 | modexp.wordpress.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 2 | key08.com |
|
| Details | File | 1 | 可能是什么xx钓鱼.exe |
|
| Details | File | 1 | xx简历.exe |
|
| Details | File | 1 | 这里不做讨论.docm |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 2 | memorybasicinfo.reg |
|
| Details | File | 1 | 1816722762.png |
|
| Details | Github username | 1 | wine-mirror |
|
| Details | Github username | 2 | odzhan |
|
| Details | Github username | 1 | ufwt |
|
| Details | Github username | 1 | huoji120 |
|
| Details | sha1 | 1 | 1134834b7478632da9c60f36d4a7cf254729242c |
|
| Details | sha1 | 1 | d521b6360fcff4294ae6c5651c539f1b9a6cbb49 |
|
| Details | Microsoft Threat Actor Naming Taxonomy (Groups in development) | 79 | Storm-0978 |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/the-nightmare-of-edr-storm-0978-uti... |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/the-nightmare-of-edr-storm-0978-utilizing-new-kernel-injection-technique-step-bear-cn |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/windows/win32/winmsg/about-window-classes?redirectedfrom=msdn |
|
| Details | Url | 1 | https://github.com/wine-mirror/wine/blob/1134834b7478632da9c60f36d4a7cf254729242c/dlls/win32u/class.c#l705 |
|
| Details | Url | 1 | https://modexp.wordpress.com/2020/07/07/wpi-wm-paste |
|
| Details | Url | 1 | https://github.com/odzhan/injection/blob/master/eminject/poc.c#l38 |
|
| Details | Url | 1 | https://key08.com/usr/uploads/2024/10/1816722762.png |
|
| Details | Url | 1 | https://github.com/ufwt/windows-xp-sp1/blob/d521b6360fcff4294ae6c5651c539f1b9a6cbb49/xpsp1/nt/com/rpc/ndr64/srvcall.cxx#l694c31 |
|
| Details | Url | 1 | https://github.com/ufwt/windows-xp-sp1/blob/d521b6360fcff4294ae6c5651c539f1b9a6cbb49/xpsp1/nt/com/rpc/ndr64/srvcall.cxx#l685 |
|
| Details | Url | 1 | https://github.com/huoji120/apt_step_bear_inject |