Tracking a P2P network related to TA505
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Model Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 93cf07ac-8abf-49c2-9fb2-3f595ecb839f |
| Fingerprint | b514c9534db31085 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 1, 2021, 8:57 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Tracking a P2P network related to TA505 |
| Title | Tracking a P2P network related to TA505 |
| Detected Hints/Tags/Attributes | 85/2/32 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 87 | regid.1991-06.com.microsoft |
|
| Details | File | 2 | microsoft.dat |
|
| Details | File | 83 | crypt32.dll |
|
| Details | File | 4 | t.dat |
|
| Details | File | 1 | p3.dat |
|
| Details | File | 23 | payload.dll |
|
| Details | File | 1 | d1c.dat |
|
| Details | File | 1 | d2c.dat |
|
| Details | File | 1 | bn.dat |
|
| Details | File | 1 | blacknames.txt |
|
| Details | File | 1 | bs.dat |
|
| Details | File | 1 | blacksigns.txt |
|
| Details | File | 1 | bv.dat |
|
| Details | File | 1 | blackvers.txt |
|
| Details | File | 2 | r.dat |
|
| Details | File | 1 | registry.txt |
|
| Details | File | 1 | dnsc.php |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | sha1 | 1 | a21d19eb9a90c6b579bce8017769f6f58f9dadb1 |
|
| Details | sha1 | 1 | 2f60de5091ab3a0ce5c8f1a27526efba2ad9a5a7 |
|
| Details | sha1 | 1 | 2d694840c0159387482dc9d7e59217cf1e365027 |
|
| Details | sha1 | 1 | 02ffd81484bb92b5689a39abd2a34d833d655266 |
|
| Details | sha1 | 1 | b4a9abcaaadd80f0584c79939e79f07cbdd49657 |
|
| Details | sha1 | 1 | 00b5ebe5e747a842dec9b3f14f4751452628f1fe |
|
| Details | sha1 | 1 | 22f8704b74ce493c01e61ef31a9e177185852437 |
|
| Details | sha1 | 1 | d1b36c9631bcb391bc97a507a92bce90f687440a |
|
| Details | IPv4 | 1 | 45.142.213.139 |
|
| Details | IPv4 | 1 | 195.123.246.14 |
|
| Details | IPv4 | 1 | 45.129.137.237 |
|
| Details | IPv4 | 2 | 78.128.112.139 |
|
| Details | IPv4 | 1 | 145.239.85.6 |
|
| Details | Windows Registry Key | 12 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID |