TargetCompany Ransomware Abuses FUD Obfuscator Packers
Tags
attack-pattern: Data Local Account - T1087.001 Local Account - T1136.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 7744f74a-1bdd-48bb-9c43-0bb404d5bc86
Fingerprint a52c119b0d271f57
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published Aug. 7, 2023, midnight
Added to db Aug. 13, 2023, 1:45 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline TargetCompany Ransomware Abuses FUD Obfuscator Packers
Title TargetCompany Ransomware Abuses FUD Obfuscator Packers
Detected Hints/Tags/Attributes 45/1/26
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
Details Source https://www.trendmicro.com/en_us/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html?&web_view=true
Details Source https://www.trendmicro.com/en_be/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
Details Source https://www.trendmicro.com/en_nl/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
Details Source https://www.trendmicro.com/en_ca/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
Details Source https://www.trendmicro.com/en_dk/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 99 Cyware News - Latest Cyber News https://cyware.com/allnews/feed 2024-08-30 22:08
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 3 
drtse.exe
Details File 2 
%temp%\tzt.exe
Details File 4 
%temp%\updt.ps1
Details File 3 
lighting.exe
Details File 3 
ayhhny.exe
Details File 3 
lawer.exe
Details File 2 
%temp%\1dkpckm7.exe
Details File 2 
%temp%\vocndgb2.exe
Details File 3 
bwarp.exe
Details File 2 
%temp%\wimzj19d.exe
Details File 2 
%temp%\ylj7zvt0.exe
Details File 3 
auptxums.bat
Details File 4 
%temp%\tzt.bat
Details File 2 
c:\temp\straightforward.exe
Details File 4 
c:\windows\syswow64\net.exe
Details File 2 
or.bat
Details File 1209 
powershell.exe
Details File 11 
ap.php
Details IPv4 8 
80.66.75.37
Details IPv4 4 
185.209.230.21
Details Url 3 
http://80.66.75.37/drtse.exe
Details Url 2 
http://185.209.230.21:8080/lighting.exe
Details Url 3 
http://80.66.75.37/ayhhny.exe
Details Url 3 
http://80.66.75.37/lawer.exe
Details Url 3 
http://80.66.75.37/bwarp.exe
Details Url 3 
http://185.209.230.21:8080/auptxums.bat