Sailing the MalSpam Ocean: A Journey Through Threat Hunting and Uncovering Malware Activity
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 468a8ce2-ae51-4020-b92e-9b2c8c9d336c |
| Fingerprint | 2c141b29afaf07ff |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 25, 2024, 3:34 a.m. |
| Added to db | Dec. 25, 2024, 5:33 a.m. |
| Last updated | Dec. 25, 2024, 5:34 a.m. |
| Headline | Sailing the MalSpam Ocean: A Journey Through Threat Hunting and Uncovering Malware Activity |
| Title | Sailing the MalSpam Ocean: A Journey Through Threat Hunting and Uncovering Malware Activity |
| Detected Hints/Tags/Attributes | 54/4/9 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 308 | microsoft.net |
|
| Details | Domain | 4 | spices.net |
|
| Details | File | 166 | msbuild.exe |
|
| Details | File | 268 | schtasks.exe |
|
| Details | File | 132 | regasm.exe |
|
| Details | File | 15 | caspol.exe |
|
| Details | md5 | 1 | a4961f7f110abdd1226d7997d0d35930 |
|
| Details | Pdb | 1 | c:\users\frede\onedrive\ambiente de trabalho\outputs\empoha.pdb |
|
| Details | Yara rule | 1 | rule MalSpam_Khufu_1 {
meta:
hash = "a4961f7f110abdd1226d7997d0d35930"
rev = 1
strings:
$ss1 = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\MSBuild.exe" ascii wide
$ss2 = "schtasks.exe" ascii wide
$ss3 = "Invoke" ascii wide
$ss4 = "set_UseShellExecute" ascii wide
$ss5 = "KhufuKeys" ascii wide
$ss6 = "KhufuDecrypt" ascii wide
$ss7 = "/Create /SC MINUTE /MO 5 /TN \"{0}\" /TR \"{1}\" /ST {2}" ascii wide
condition:
5 of ($ss*)
} |