Cyble Researchers Uncover Sophisticated Attack Using VSCode for Remote Access
Tags
| attack-pattern: | Python - T1059.006 Scheduled Task - T1053.005 Software - T1592.002 Tool - T1588.002 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | 46f95335-b143-478c-bbe7-dca42fecd6c3 |
| Fingerprint | a4891d182105ebca |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 1, 2024, 9:22 p.m. |
| Added to db | Oct. 2, 2024, 12:15 a.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | Cyble Researchers Uncover Sophisticated Attack Using VSCode for Remote Access |
| Title | Cyble Researchers Uncover Sophisticated Attack Using VSCode for Remote Access |
| Detected Hints/Tags/Attributes | 30/1/11 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 99 | ✔ | Cyware News - Latest Cyber News | https://cyware.com/allnews/feed | 2024-08-30 22:08 |
| Details | 248 | ✔ | The Cyber Express | https://thecyberexpress.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | python-3.12.5-embed-amd64.zip |
|
| Details | Domain | 45 | paste.ee |
|
| Details | Domain | 9 | update.py |
|
| Details | File | 3 | 5-embed-amd64.zip |
|
| Details | File | 1 | %localappdata%\microsoft\python and extracts the contents of the zip archive using tar.exe |
|
| Details | File | 9 | update.py |
|
| Details | File | 27 | pythonw.exe |
|
| Details | File | 41 | code.exe |
|
| Details | sha1 | 2 | 97dec172d3256f8ca4bfb2143f3f76b503ca0534 |
|
| Details | Url | 3 | https://paste.ee/r/dqjrd/0 |
|
| Details | Url | 2 | https://az764295.vo.msecnd.net/stable/97dec172d3256f8ca4bfb2143f3f76b503ca0534/vscode_cli_win32_x64_cli.zip |