AQUATIC PANDA in Possession of Log4Shell Exploit Tools | CrowdStrike
Tags
| country: | China |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Hijack Execution Flow - T1574 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Credential Dumping - T1003 Data Encoding - T1132 |
Common Information
| Type | Value |
|---|---|
| UUID | 800b401b-de0b-4b20-9363-989a0e216002 |
| Fingerprint | 201111858656949f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 7, 2024, midnight |
| Added to db | Nov. 12, 2024, 11:52 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt |
| Title | AQUATIC PANDA in Possession of Log4Shell Exploit Tools | CrowdStrike |
| Detected Hints/Tags/Attributes | 48/3/14 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | File | 16 | 0.jar |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 4 | rdrleakdiag.exe |
|
| Details | File | 2 | cdump.exe |
|
| Details | File | 4 | createdump.exe |
|
| Details | MITRE ATT&CK Techniques | 96 | T1132 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 164 | T1574 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | Url | 6 | https://attack.mitre.org/techniques/t1132/001 |
|
| Details | Url | 3 | https://attack.mitre.org/techniques/t1059/001/. |
|
| Details | Url | 4 | https://attack.mitre.org/techniques/t1574/001/. |
|
| Details | Url | 3 | https://attack.mitre.org/techniques/t1003/001/. |