ioc[.]one - OSINT Cyber Threat Intelligence Database

Dismantling a fileless campaign: Microsoft Defender ATP's Antivirus exposes Astaroth attack - Microsoft Security Blog

Tags

cmtmf-attack-pattern:	Obfuscated Files Or Information
country:	Portugal
attack-pattern:	Data Credentials - T1589.001 Financial Theft - T1657 Javascript - T1059.007 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Regsvr32 - T1218.010 Software - T1592.002 Xsl Script Processing - T1220 Trap - T1546.005 Tool - T1588.002 Connection Proxy - T1090 Deobfuscate/Decode Files Or Information - T1140 Execution Through Module Load - T1129 Obfuscated Files Or Information - T1027 Regsvr32 - T1117 Scripting - T1064 Windows Management Instrumentation - T1047 Trap - T1154 Scripting

Show in Graph

Common Information

Type	Value
UUID	591d2c7e-1dd2-454f-ba40-5458b350dcb2
Fingerprint	2554091045c78e8b
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 8, 2019, 9 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Title	Dismantling a fileless campaign: Microsoft Defender ATP's Antivirus exposes Astaroth attack - Microsoft Security Blog
Detected Hints/Tags/Attributes	75/3/18

Source URLs

	Redirection	Url
Details	Source	https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	www.microsoft.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		certidao.htm.zip
Details	File	1		certidao.htm
Details	File	1		abrir_documento.htm
Details	File	1		pedido.htm
Details	File	240		wmic.exe
Details	File	3		v.txt
Details	File	1		vv.txt
Details	File	1		falxconxrenwgx.gif
Details	File	1		falxfonxrenwg.gif
Details	File	50		userinit.exe
Details	File	1		falxconxrenwg.gif
Details	MITRE ATT&CK Techniques	310		T1047
Details	MITRE ATT&CK Techniques	14		T1220
Details	MITRE ATT&CK Techniques	80		T1064
Details	MITRE ATT&CK Techniques	627		T1027
Details	MITRE ATT&CK Techniques	504		T1140
Details	MITRE ATT&CK Techniques	15		T1117
Details	MITRE ATT&CK Techniques	120		T1129