Rapidly Changing Infection Method of BlueCrab Ransomware (feat. notepad.exe) - ASEC BLOG
Tags
cmtmf-attack-pattern: Masquerading
maec-delivery-vectors: Watering Hole
attack-pattern: Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Masquerading - T1036 Powershell - T1086 Masquerading
Show in Graph
Common Information
Type Value
UUID 94272abc-2188-4b8e-8b06-a0ee5b788b92
Fingerprint fc178cfa857a2e6c
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 5, 2019, midnight
Added to db Sept. 11, 2022, 4:59 p.m.
Last updated Nov. 18, 2024, 12:29 p.m.
Headline Rapidly Changing Infection Method of BlueCrab Ransomware (feat. notepad.exe)
Title Rapidly Changing Infection Method of BlueCrab Ransomware (feat. notepad.exe) - ASEC BLOG
Detected Hints/Tags/Attributes 24/3/4
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/17211/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details File 380 
notepad.exe
Details File 379 
wscript.exe
Details File 1211 
powershell.exe
Details File 1260 
explorer.exe