The Case of The Modified Binaries — Leviathan Security Group
Tags
| country: | Austria |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 843882a3-0d05-4281-b63a-c9652b43d5c1 |
| Fingerprint | 3d040b7706062396 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 23, 2024, midnight |
| Added to db | Jan. 19, 2023, 12:13 a.m. |
| Last updated | Nov. 17, 2024, 4:47 p.m. |
| Headline | The Case of The Modified Binaries |
| Title | The Case of The Modified Binaries — Leviathan Security Group |
| Detected Hints/Tags/Attributes | 37/2/35 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | patchingcheck.py |
|
| Details | Domain | 4 | check.torproject.org |
|
| Details | Domain | 18 | download.microsoft.com |
|
| Details | Domain | 2 | download.tuxfamily.org |
|
| Details | Domain | 1 | downloads.malwarebytes.org |
|
| Details | Domain | 11 | live.sysinternals.com |
|
| Details | Domain | 258 | nmap.org |
|
| Details | Domain | 36 | malwr.com |
|
| Details | Domain | 5 | www.ntcore.com |
|
| Details | Domain | 1 | www.spybotupdates.com |
|
| Details | File | 1 | patchingcheck.py |
|
| Details | File | 2 | vcredist_x86.exe |
|
| Details | File | 1 | vcredist_x64.exe |
|
| Details | File | 57 | installer.exe |
|
| Details | File | 12 | live.sys |
|
| Details | File | 122 | psexec.exe |
|
| Details | File | 29 | tcpview.exe |
|
| Details | File | 1 | 47-setup.exe |
|
| Details | File | 1 | explorersuite.exe |
|
| Details | File | 3 | 57.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | sha1 | 1 | 8361a794dfa231d863e109fc9eeef21f4cf09ddd |
|
| Details | IPv4 | 1 | 78.24.222.229 |
|
| Details | IPv4 | 2 | 2.0.5.57 |
|
| Details | Url | 1 | https://check.torproject.org/exit-addresses |
|
| Details | Url | 1 | http://download.microsoft.com/download/5/b/c/5bc5dbb3-652d-4dce-b14a-475ab85eef6e/vcredist_x86.exe |
|
| Details | Url | 1 | http://download.microsoft.com/download/3/2/2/3224b87f-cfa0-4e70-bda3-3de650efeba5/vcredist_x64.exe |
|
| Details | Url | 1 | http://download.tuxfamily.org/notepadplus/6.6.9/npp.6.6.9.installer.exe |
|
| Details | Url | 1 | http://downloads.malwarebytes.org/file/mbam |
|
| Details | Url | 1 | http://live.sysinternals.com/psexec.exe |
|
| Details | Url | 2 | http://live.sysinternals.com/tcpview.exe |
|
| Details | Url | 1 | http://nmap.org/dist/nmap-6.47-setup.exe |
|
| Details | Url | 1 | http://www.ntcore.com/files/explorersuite.exe |
|
| Details | Url | 1 | http://www.spybotupdates.com/files/filealyz-2.0.5.57.exe |
|
| Details | Url | 1 | http://live.sysinternals.com/procexp.exe |