Aria-Body Loader? Is that you?
Tags
| cmtmf-attack-pattern: | Process Injection |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Python - T1059.006 Rundll32 - T1218.011 Process Injection - T1055 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 73feb6ab-05ac-4d2a-affa-4099f09f6a87 |
| Fingerprint | 3c433bd0efbd0501 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 29, 2021, 6:28 a.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Aria-Body Loader? Is that you? |
| Title | Aria-Body Loader? Is that you? |
| Detected Hints/Tags/Attributes | 36/2/8 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://medium.com/insomniacs/aria-body-loader-is-that-you-53bdd630f8a1 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | Domain | 1 | news.nyhedmgtxck.com |
|
| Details | Domain | 1 | www.etnwtmrkh.com |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 172 | dllhost.exe |
|
| Details | sha256 | 1 | 1e56c3f05bb53d2dfa60bc016e8509b12fd3beb5f567d274a184bb67af1eb19c |
|
| Details | sha256 | 1 | c5696e660f3cfa9232756418e40ad18729cfe32fb284bba2314dd523ba527258 |
|
| Details | Url | 1 | http://research.checkpoint.com/2020/nikon-apt-cyber-espionage-reloaded |