ioc[.]one - OSINT Cyber Threat Intelligence Database

CrimsonIAS: Listening for an 3v1l User

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter
country:	Hong Kong Mongolia Vietnam
attack-pattern:	Command And Scripting Interpreter - T1623 Disable Or Modify System Firewall - T1562.004 Dll Side-Loading - T1574.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 Traffic Signaling - T1205 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Services - T1569 Windows Command Shell - T1059.003 Windows Service - T1543.003 Tool - T1588.002 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exfiltration Over Command And Control Channel - T1041 Remote File Copy - T1105 Service Execution - T1035

Show in Graph

Common Information

Type	Value
UUID	89040f8e-c823-4869-a140-829d96ca8823
Fingerprint	251dbbb866bc8ed3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 27, 2021, 9:43 a.m.
Added to db	Sept. 11, 2022, 12:42 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Cyber Threat Intelligence Research
Title	CrimsonIAS: Listening for an 3v1l User
Detected Hints/Tags/Attributes	74/3/20

Source URLs

	Redirection	Url
Details	Source	https://threatconnect.com/blog/crimsonias-listening-for-an-3v1l-user/

URL Provider

Details	Provider	Source level domain
Details	threatconnect.com	threatconnect.com

Attributes

Details	Type	#Events	Value
Details	File	76	netsh.exe
Details	File	17	dll.dll
Details	sha256	2	acfd58369c0a7dbc866ad4ca9cb0fe69d017587af88297f1eaf62a9a8b1b74b4
Details	sha256	1	891ece4c40a7bf31f414200c8c2c31192fd159c1316012724f3013bd0ab2a68e
Details	sha256	1	3bc96b4cce0dd550eeb3a563f7ef203614e36fbbbf990726e1afd5d3dcec33e1
Details	sha256	1	bde63cd5c3aefed249d2610ca2ee834bde0c0ec06193119363972e3761fb3c63
Details	sha256	1	194c0f6c5001b929080d700362e8d8e8009973c82d9409094af2a7ad33506228
Details	sha256	1	5021a19f439d31946e61b7529f8e930ebc9829b1ab1f2274b281b23124113cb1
Details	sha256	1	306175ffc59091515a8a0b211c356843f09fcb65395decd9fe72c9807c17288a
Details	sha256	1	63e144fbe0377e0c365c126d2c03ee5da215db275c5376e78187f0611234c9b0
Details	sha256	1	b19fea36cb7ea1cf1663d59b6dcf51a14e207918c228b8b76f9a79ff3a8de36c
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	70	T1562.004
Details	MITRE ATT&CK Techniques	19	T1205
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	174	T1569.002