CCleaner Command and Control Causes Concern
Tags
country: China
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 8a92a7bf-9530-4b64-b4b1-bc0955346673
Fingerprint ed0e389d45a38781
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 20, 2017, 5:57 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 8:35 a.m.
Headline Vulnerability Information
Title CCleaner Command and Control Causes Concern
Detected Hints/Tags/Attributes 61/2/21
Source URLs
Redirection Url
Details Source http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Details Source https://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 164 
cisco.com
Details Domain 4129 
github.com
Details Domain 69 
wordpress.com
Details Domain 1 
get.adoble.net
Details File 11 
'index.php
Details File 1 
'x.php
Details File 2 
'init.php
Details File 5 
init.php
Details File 1 
'ccleaner.exe
Details File 2 
geesetup_x86.dll
Details File 8 
tsmsisrv.dll
Details File 5 
efacli64.dll
Details File 1 
ccbkdr.dll
Details sha256 2 
2bc2dee73f9f854fe1e0e409e1257369d9c0a1081cf5fb503264aa1bfe8aa06f
Details sha256 2 
0375b4216334c85a4b29441a3d37e61d7797c2e1cb94b14cf6292449fb25c7b2
Details sha256 3 
dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83
Details sha256 3 
128aca58be325174f0220bd7ca6030e4e206b4378796e82da460055733bb6f4f
Details sha256 3 
07fb252d2e853a9b1b32f30ede411f2efbb9f01e4a7782db5eacf3f55cf34902
Details sha256 3 
f0d1f88c59a005312faad902528d60acbf9cd5a7b36093db8ca811f763e1292a
Details Threat Actor Identifier - APT 66 
APT17
Details Windows Registry Key 49 
HKLM\Software\Microsoft\Windows