How to analyze malicious documents – Case study of an attack targeting Ukrainian Organizations – CYBER GEEKS
Tags
| country: | Ukraine |
| attack-pattern: | Component Object Model - T1559.001 Javascript - T1059.007 Malicious File - T1204.002 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 921cad1d-048c-4937-8cf0-81d5db23824c |
| Fingerprint | a4c229141d2529cb |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Feb. 28, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | How to analyze malicious documents – Case study of an attack targeting Ukrainian Organizations |
| Title | How to analyze malicious documents – Case study of an attack targeting Ukrainian Organizations – CYBER GEEKS |
| Detected Hints/Tags/Attributes | 31/2/31 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 112 | cdn.discordapp.com |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 16 | zeltser.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 53 | oledump.py |
|
| Details | Domain | 27 | zipdump.py |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1 | ugrfa.bat |
|
| Details | File | 17 | core.xml |
|
| Details | File | 9 | workbook.xml |
|
| Details | File | 29 | vbaproject.bin |
|
| Details | File | 58 | document.xml |
|
| Details | File | 55 | putty.exe |
|
| Details | File | 1 | googlechromeupdate.exe |
|
| Details | File | 1 | analyzing-malicious-document-files.pdf |
|
| Details | File | 49 | oledump.py |
|
| Details | File | 25 | zipdump.py |
|
| Details | Github username | 15 | decalage2 |
|
| Details | Github username | 6 | didierstevens |
|
| Details | sha256 | 1 | c2672e6fd55b129125a19c7837943c0844c03ec02dcf165af183f9e4df4dccbc |
|
| Details | sha256 | 1 | 992df82cf31a91acd034411bb43a1ec127fa15d613b108287384882807f81764 |
|
| Details | sha256 | 1 | d261c441e28d7b4cea8171e9cf4cc2c403d39685b97800a52604de979c5576b5 |
|
| Details | Url | 2 | https://cdn.discordapp.com/attachments/932413459872747544/938291977735266344/putty.exe |
|
| Details | Url | 1 | https://www.virustotal.com/gui/url/d261c441e28d7b4cea8171e9cf4cc2c403d39685b97800a52604de979c5576b5 |
|
| Details | Url | 3 | https://cert.gov.ua/article/18419 |
|
| Details | Url | 1 | https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf |
|
| Details | Url | 1 | https://github.com/decalage2/oletools |
|
| Details | Url | 5 | https://github.com/decalage2/vipermonkey |
|
| Details | Url | 1 | https://github.com/didierstevens/didierstevenssuite/blob/master/oledump.py |
|
| Details | Url | 1 | https://github.com/didierstevens/didierstevenssuite/blob/master/zipdump.py |