TargetCompany Ransomware Abuses FUD Obfuscator Packers
Tags
attack-pattern: Data Local Account - T1087.001 Local Account - T1136.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 4f16ee73-ab9d-4bcb-8f7a-ba256a9541ad
Fingerprint a52c119b0d071f56
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 7, 2023, midnight
Added to db Oct. 16, 2024, 2:07 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline TargetCompany Ransomware Abuses FUD Obfuscator Packers
Title TargetCompany Ransomware Abuses FUD Obfuscator Packers
Detected Hints/Tags/Attributes 43/1/26
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_sg/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details File 3 
drtse.exe
Details File 2 
%temp%\tzt.exe
Details File 4 
%temp%\updt.ps1
Details File 3 
lighting.exe
Details File 3 
ayhhny.exe
Details File 3 
lawer.exe
Details File 2 
%temp%\1dkpckm7.exe
Details File 2 
%temp%\vocndgb2.exe
Details File 3 
bwarp.exe
Details File 2 
%temp%\wimzj19d.exe
Details File 2 
%temp%\ylj7zvt0.exe
Details File 3 
auptxums.bat
Details File 4 
%temp%\tzt.bat
Details File 2 
c:\temp\straightforward.exe
Details File 2 
c:\windows\syswow64\naet.exe
Details File 2 
or.bat
Details File 1209 
powershell.exe
Details File 11 
ap.php
Details IPv4 8 
80.66.75.37
Details IPv4 4 
185.209.230.21
Details Url 3 
http://80.66.75.37/drtse.exe
Details Url 2 
http://185.209.230.21:8080/lighting.exe
Details Url 3 
http://80.66.75.37/ayhhny.exe
Details Url 3 
http://80.66.75.37/lawer.exe
Details Url 3 
http://80.66.75.37/bwarp.exe
Details Url 3 
http://185.209.230.21:8080/auptxums.bat