Add PE Code Signing to Backdoor Factory (BDF)
Tags
| attack-pattern: | Code Signing - T1553.002 Code Signing - T1116 Sudo - T1169 |
Common Information
| Type | Value |
|---|---|
| UUID | 7a147779-f026-476f-858c-bffdda788bed |
| Fingerprint | 38e2fa79ff2f7dd6 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 16, 2015, 8:31 p.m. |
| Added to db | Jan. 18, 2023, 9:39 p.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | Secure All The Things |
| Title | Add PE Code Signing to Backdoor Factory (BDF) |
| Detected Hints/Tags/Attributes | 14/1/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | git.code.sf.net |
|
| Details | Domain | 8 | autogen.sh |
|
| Details | Domain | 1 | www.duosecurity.com |
|
| Details | Domain | 1 | dellcertificates.zip |
|
| Details | Domain | 11 | live.sysinternals.com |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 2 | pebin.py |
|
| Details | File | 1 | dellcertificates.zip |
|
| Details | File | 1 | verisign.pas |
|
| Details | File | 1 | verisign.pfx |
|
| Details | File | 1 | edellroot.cer |
|
| Details | File | 1 | edellrootlocalhost.cer |
|
| Details | File | 1 | verisign.cer |
|
| Details | File | 12 | live.sys |
|
| Details | File | 29 | tcpview.exe |
|
| Details | File | 1 | sig.txt |
|
| Details | File | 1 | tcpview_signed.exe |
|
| Details | File | 1 | sig1.txt |
|
| Details | File | 2 | pebin.py |
|
| Details | sha256 | 1 | 65b06e906b17c9f164937826575fc45f4c5f152ef8abfc324368eb46bb0028dc |
|
| Details | Url | 1 | https://www.duosecurity.com/static/files/dellcertificates.zip |
|
| Details | Url | 2 | http://live.sysinternals.com/tcpview.exe |
|
| Details | Url | 1 | http://pastebin.com/my9uhyjs |
|
| Details | Url | 1 | http://pastebin.com/bsezgs5q |
|
| Details | Url | 1 | https://www.virustotal.com/en/file/65b06e906b17c9f164937826575fc45f4c5f152ef8abfc324368eb46bb0028dc/analysis/1450316795 |