Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud
Tags
attack-pattern: Data Model Cloud Services - T1021.007 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Email Addresses - T1589.002 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Visual Basic - T1059.005
Show in Graph
Common Information
Type Value
UUID 664cc1d4-7f64-48a3-ba2a-a8fa4fcbd1b9
Fingerprint a40f89f88da6868c
Analysis status DONE
Considered CTI value 2
Text language
Published March 8, 2017, 9:02 p.m.
Added to db Jan. 18, 2023, 11:31 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud
Title Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud
Detected Hints/Tags/Attributes 61/1/14
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/targeted-attack-campaigns-multi-variate-malware-observed-cloud
Details Source https://www.netskope.com/blog/targeted-attack-campaigns-multi-variate-malware-observed-cloud/
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
astralopitec.yomu.ru
Details Domain 1 
securitypoint.ddns.net
Details Domain 1 
westech-solar.co
Details File 1 
generic.js
Details File 165 
reg.exe
Details File 1 
%appdata%\oracle\bin\javaw.exe
Details md5 1 
5fcaf61df7fb44c984e5c5dcb9d2022a
Details md5 1 
a3ffac9e74fa99291d4d53ef525ed0fd
Details md5 1 
7340efcb3b352cd228a77782c74943a4
Details md5 1 
4506342ab7723d1f4cc6c98482c93433
Details md5 1 
52de0df53e1d56e3bff153bcfd8d1938
Details md5 2 
6968F0AF128C27C6C970ADC0B301D204
Details Windows Registry Key 3 
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Details Windows Registry Key 1 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell