Specula - Turning Outlook Into a C2 With One Registry Change
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Group Policy Preferences - T1552.006 Outlook Home Page - T1137.004 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 94b80272-4a44-4953-acd6-0226b56b5c12 |
| Fingerprint | b4bf59166d3e0ee1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 29, 2024, midnight |
| Added to db | Aug. 31, 2024, 10:24 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | UNKNOWN |
| Title | Specula - Turning Outlook Into a C2 With One Registry Change |
| Detected Hints/Tags/Attributes | 52/2/50 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 385 | ✔ | TrustedSec | https://www.trustedsec.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 16 | cve-2017-11774 |
|
| Details | Domain | 1 | specula.rocks |
|
| Details | Domain | 452 | msrc.microsoft.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 4 | self.opt |
|
| Details | Github username | 13 | trustedsec |
|
| Details | Url | 1 | http://specula.rocks |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2017-11774. |
|
| Details | Url | 1 | https://github.com/trustedsec/specula/wiki/developing-new-modules. |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\Today |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Inbox |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Calendar |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Contacts |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Deleted |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Drafts |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Journal |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Junk |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Notes |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Outbox |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\RSS |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Sent |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\16.0\Outlook\WebView\Tasks |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Inbox |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Calendar |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Contacts |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Deleted |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Drafts |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Journal |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Junk |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Notes |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Outbox |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\RSS |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Sent |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\WebView\Tasks |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\15.0\Outlook\Today |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Inbox |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Calendar |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Contacts |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Deleted |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Drafts |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Journal |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Junk |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Notes |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Outbox |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\RSS |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Sent |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\WebView\Tasks |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Office\14.0\Outlook\Today |