ioc[.]one - OSINT Cyber Threat Intelligence Database

Uncorking Old Wine: Zero-Day from 2017 + Cobalt Strike Loader in Unholy Alliance

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Process Injection
country:	Poland Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Command And Scripting Interpreter - T1623 Encrypted Channel - T1521 Encrypted Channel - T1573 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Process Discovery - T1057 Process Injection - T1055 Regsvr32 - T1117 Signed Binary Proxy Execution - T1218 Software Packing - T1045

Show in Graph

Common Information

Type	Value
UUID	5c63cc83-ab02-4865-958b-e8c6e6fa008b
Fingerprint	8b0419b439959640
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 25, 2024, 1:30 p.m.
Added to db	Aug. 31, 2024, 9:27 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Uncorking Old Wine: Zero-Day from 2017 + Cobalt Strike Loader in Unholy Alliance
Title	Uncorking Old Wine: Zero-Day from 2017 + Cobalt Strike Loader in Unholy Alliance
Detected Hints/Tags/Attributes	80/4/30

Source URLs

	Redirection	Url
Details	Source	https://www.deepinstinct.com/blog/uncorking-old-wine-zero-day-cobalt-strike-loader

URL Provider

Details	Provider	Source level domain
Details	deepinstinct.com	www.deepinstinct.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	301	✔	Deep Instinct Blog: Breaking News and Updates	https://www.deepinstinct.com/blog/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	63	cve-2017-8570
Details	CVE	269	cve-2017-0199
Details	Domain	1	weavesilk.space
Details	Domain	1	petapixel.fun
Details	Domain	1	weavesilk.com
Details	Domain	3	petapixel.com
Details	File	1	617766616773726468746672726a6834.html
Details	File	155	cscript.exe
Details	File	2125	cmd.exe
Details	File	533	ntdll.dll
Details	File	172	dllhost.exe
Details	File	1	signal-2023-12-20-160512.pps
Details	md5	1	617766616773726468746672726a6834
Details	sha256	1	b0b762106c22e44f7acaa3177baabd64ea28990d16672e1f902b53f49b2027c4
Details	sha256	1	0bc0e9410f4a9703ff0b5af7ec9383a1cc929572ade09fbd2c69ed2ae1486939
Details	sha256	1	976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
Details	IPv4	1	109.107.178.241
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	93	T1059.007
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	44	T1218.010
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	163	T1573
Details	Url	1	http://weavesilk.com
Details	Url	1	https://petapixel.com
Details	Windows Registry Key	2	HKCU\Software\Microsoft\Command
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Windows\CurrentVirsion\Run