Wolfsbane Malware Threat Intel
Tags
cmtmf-attack-pattern: Acquire Infrastructure Boot Or Logon Autostart Execution Command-Line Interface Develop Capabilities Event Triggered Execution Masquerading Obfuscated Files Or Information
country: China
attack-pattern: Acquire Infrastructure Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Acquire Infrastructure - T1583 Boot Or Logon Autostart Execution - T1547 Boot Or Logon Initialization Scripts - T1398 Clear Persistence - T1070.009 Command-Line Interface - T1605 Create Or Modify System Process - T1543 Cron - T1053.003 Develop Capabilities - T1587 Domains - T1583.001 Domains - T1584.001 Dynamic Linker Hijacking - T1574.006 Embedded Payloads - T1027.009 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Input Capture - T1417 Linux And Mac File And Directory Permissions Modification - T1222.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Rc Scripts - T1037.004 Server - T1583.004 Server - T1584.004 Setuid And Setgid - T1548.001 Ssh - T1021.004 Systemd Service - T1543.002 Systemd Service - T1501 Unix Shell - T1059.004 Timestomp - T1070.006 Unix Shell Configuration Modification - T1546.004 Xdg Autostart Entries - T1547.013 Vulnerabilities - T1588.006 Unix Shell - T1623.001 .Bash_Profile And .Bashrc - T1156 Logon Scripts - T1037 Command-Line Interface - T1059 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 File Deletion - T1107 Hidden Files And Directories - T1158 Indicator Removal On Host - T1070 Input Capture - T1056 Masquerading - T1036 Obfuscated Files Or Information - T1027 Rootkit - T1014 Setuid And Setgid - T1166 System Information Discovery - T1082 Timestomp - T1099 Command-Line Interface Masquerading Rootkit
Common Information
Type Value
UUID 83dc88bc-faf4-488a-b0b4-a44567ce908a
Fingerprint a52f996bcdb59ad3
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 26, 2024, 1:28 p.m.
Added to db Nov. 26, 2024, 3:08 p.m.
Last updated Dec. 4, 2024, 4:48 p.m.
Headline Wolfsbane Malware Threat Intel
Title Wolfsbane Malware Threat Intel
Detected Hints/Tags/Attributes 96/3/51
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 4
dsdsei.com
Details Domain 3
asidomain.com
Details Domain 5
libselinux.so
Details Domain 2
china-apt-trojan.zip
Details Domain 2
xl1.zip
Details Domain 3
profile.sh
Details File 2
yy1.jsp
Details File 26
login.jsp
Details File 2
china-apt-trojan.zip
Details File 2
xl1.zip
Details File 7
a.jsp
Details File 2
zijtkldse.tmp
Details sha1 2
0fef89711da11c550d3914debc0e663f5d2fb86c
Details sha1 2
44947903b2bc760ac2e736b25574be33bf7af40b
Details sha1 2
0ab53321bb9699d354a032259423175c08fec1a4
Details sha1 2
8532eca04c0f58172d80d8a446ae33907d509377
Details sha1 2
b2a14e77c96640914399e5f46e1dec279e7b940f
Details sha1 2
209c4994a42af7832f526e09238fb55d5aab34e5
Details sha1 2
f43d4d46bae9ad963c2eb05ef43e90aa3a5d88e3
Details sha1 2
9f7790524bd759373ab57ee2aafa6f5d8bcb918a
Details sha1 2
238c8e8eb7a732d85d8a7f7ca40b261d8ae4183d
Details sha1 2
f1df0c5a74c9885cb5934e3eee5e7d3cf4d291c0
Details sha1 2
b3dfb40336c2f17ec74051844ffaf65ddb874cfc
Details sha1 2
85528eac10090ae743bcf102b4ae7007b6468255
Details sha1 2
cdbbb6617d8937d17a1a9ef12750bee1cddf4562
Details sha1 2
843d6b0054d066845628e2d5db95201b20e12cd2
Details sha1 2
600c59733444bc8a5f71d41365368f3002465b10
Details sha1 2
bed9efb245fac8cfff8333ae37ad78ccfb7e2198
Details sha1 2
72db8d1e3472150c1be93b68f53f091aacc2234d
Details MITRE ATT&CK Techniques 1017
T1082
Details MITRE ATT&CK Techniques 594
T1083
Details MITRE ATT&CK Techniques 302
T1070.004
Details MITRE ATT&CK Techniques 95
T1070.006
Details MITRE ATT&CK Techniques 7
T1070.009
Details MITRE ATT&CK Techniques 98
T1564.001
Details MITRE ATT&CK Techniques 36
T1222.002
Details MITRE ATT&CK Techniques 42
T1027.009
Details MITRE ATT&CK Techniques 46
T1014
Details MITRE ATT&CK Techniques 186
T1036.005
Details MITRE ATT&CK Techniques 11
T1037.004
Details MITRE ATT&CK Techniques 24
T1543.002
Details MITRE ATT&CK Techniques 18
T1574.006
Details MITRE ATT&CK Techniques 7
T1547.013
Details MITRE ATT&CK Techniques 12
T1546.004
Details MITRE ATT&CK Techniques 13
T1548.001
Details MITRE ATT&CK Techniques 101
T1587.001
Details MITRE ATT&CK Techniques 84
T1583.001
Details MITRE ATT&CK Techniques 34
T1583.004
Details MITRE ATT&CK Techniques 88
T1059.004
Details MITRE ATT&CK Techniques 156
T1056
Details MITRE ATT&CK Techniques 430
T1041