A Deep Dive into DoubleFeature, Equation Group's Post-Exploitation Dashboard - Check Point Research
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 660b8c3b-f15e-4f6d-94d9-7e09647d679a |
| Fingerprint | a58b4a112da5b2a1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 27, 2021, 11:30 a.m. |
| Added to db | Jan. 18, 2023, 8 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard |
| Title | A Deep Dive into DoubleFeature, Equation Group's Post-Exploitation Dashboard - Check Point Research |
| Detected Hints/Tags/Attributes | 117/1/44 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 6 | cve-2017-0005 |
|
| Details | Domain | 1 | strangeland.py |
|
| Details | Domain | 1 | doublefeature.py |
|
| Details | File | 1 | dszlpcore.exe |
|
| Details | File | 1 | strangeland.py |
|
| Details | File | 1 | doublefeature.py |
|
| Details | File | 1 | doublefeaturedll.dll |
|
| Details | File | 1 | addresource.exe |
|
| Details | File | 2 | doublefeaturereader.exe |
|
| Details | File | 2 | yh56816.tmp |
|
| Details | File | 1 | hidsvc.sys |
|
| Details | File | 2 | ntoskernl.exe |
|
| Details | File | 2 | msndsrv.sys |
|
| Details | File | 2 | atmdkdrv.sys |
|
| Details | File | 1 | mcl_cmd_diba_tasking.py |
|
| Details | File | 1 | mcl_cmd_kisucomms_tasking.py |
|
| Details | File | 1 | _kisu_bh_enable.py |
|
| Details | File | 1 | kisu_bh_enable.py |
|
| Details | File | 1 | mcl_cmd_kisufulllist_tasking.py |
|
| Details | File | 5 | elbycdio.sys |
|
| Details | File | 2 | fvexpy.sys |
|
| Details | File | 3 | mpdkg32.dll |
|
| Details | File | 1 | drmkflt.sys |
|
| Details | File | 1 | mpdkg64.dll |
|
| Details | File | 1 | fhsvcapi.dll |
|
| Details | File | 1 | ntevt.sys |
|
| Details | File | 1 | nethdlr.sys |
|
| Details | File | 478 | lsass.exe |
|
| Details | md5 | 1 | C454045E1299C5AD5E2932A7B0016D7A |
|
| Details | md5 | 1 | C1544A2220F5DD61A62C697D9A2C5B77 |
|
| Details | md5 | 1 | 05422319E7821018401F477B3621F8E2 |
|
| Details | md5 | 1 | 4C85F9D2D0B02E0B3BDFC34D0F63B414 |
|
| Details | md5 | 1 | 0023DE8F74BF9F932AFC9E288082E660 |
|
| Details | md5 | 1 | 58B9130DEEFF83F1185C372595CD4607 |
|
| Details | md5 | 1 | B4A78F824A7F0FA688DF729F2AEF7F7F |
|
| Details | md5 | 1 | DCE6AAAD1574BC72A25DC4551D52A2C1 |
|
| Details | md5 | 1 | F7F382A0C610177431B27B93C4C87AC1 |
|
| Details | md5 | 1 | 0182DBF3E594581A87992F80C762C099 |
|
| Details | md5 | 1 | 9C6D1ED1F5E22BF609BCF5CA6E587DEC |
|
| Details | md5 | 1 | D3DF8781249F2C404C4935CA9FFB1155 |
|
| Details | md5 | 1 | F01525C9EF763C49E28CEC6C2F6F6C60 |
|
| Details | md5 | 1 | 6156E50571571B233019C4EBB472899D |
|
| Details | md5 | 1 | AAA8999A169E39FB8B48AE49CD6AC30A |
|
| Details | Threat Actor Identifier - APT | 166 | APT31 |