Analyzing the Awaken Likho APT group implant: new tools and techniques
Tags
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Software - T1592.002 System Services - T1569 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 79a09451-8215-40fd-9500-a73b467ce836
Fingerprint ac822d0b2f27ce89
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 7, 2024, 10 a.m.
Added to db Oct. 7, 2024, 12:53 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Awaken Likho is awake: new techniques of an APT group
Title Analyzing the Awaken Likho APT group implant: new tools and techniques
Detected Hints/Tags/Attributes 49/3/23
Source URLs
Redirection Url
Details Source https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
Details Source https://malware.news/t/awaken-likho-is-awake-new-techniques-of-an-apt-group/87135
URL Provider
Details Provider Source level domain
Details malware.news malware.news
Details securelist.com securelist.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Details 223 Securelist https://securelist.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 5 
kwazindernuren.com
Details File 9 
microsoftstores.exe
Details File 4 
networkdrivers.exe
Details File 2126 
cmd.exe
Details md5 5 
603eead3a4dd56a796ea26b1e507a1a3
Details md5 5 
deae4a955e1c38aae41bec5e5098f96f
Details md5 5 
892c55202ce3beb1c82183c1ad81c7a0
Details md5 5 
63302bc6c9aebe8f0cdafdd2ecc2198a
Details md5 5 
912ebcf7da25c56e0a2bd0dfb0c9adff
Details md5 5 
c495321edebe32ce6731f7382e474a0e
Details sha1 4 
56d6ef744adbc484b15697b320fd69c5c0264f89
Details sha1 4 
a45d8d99b6bc53fa392a9dc374c4153a62a11e2a
Details sha1 4 
976b5bc7aafc32450f0b59126f50855074805f28
Details sha1 4 
f4e2c56e1e5e73aa356a68da0ae986103c9a7bad
Details sha1 4 
a76601fc29c523a3039ed9e7a1fc679b963db617
Details sha1 4 
bcd91cad490d0555853f289f084033062fa1ffaa
Details sha256 4 
7491991dd42dabb123b46e33850a89bed0a2790f892d16a592e787d3fee8c0d5
Details sha256 4 
f11423a3c0f3f30d718b45f2dcab394cb8bdcd473c47a56544e706b9780f1495
Details sha256 4 
f3421e5392e3fce07476b3c34153a7db0f6c8f873bd8887373f7821bd0281dcc
Details sha256 4 
37895c19d608aba8223e7aa289267faea735c8ee13676780a1a0247ad371b9b8
Details sha256 4 
c31faf696c44e6b1aeab4624e5330dc748633e2d8a25d624fc66fed384797f69
Details sha256 4 
82415a52885b2731214ebd5b33ceef379208478baeb2a09bc985c9ce8c62e003
Details IPv4 5 
38.180.101.12