Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach | Mandiant
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Tool - T1588.002 Hooking - T1179 Hooking
Show in Graph
Common Information
Type Value
UUID a424617a-de2f-4305-9036-2685cc6bd7bc
Fingerprint 2d30cb9038f5c76b
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 6, 2020, midnight
Added to db Nov. 9, 2023, 12:17 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
Title Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach | Mandiant
Detected Hints/Tags/Attributes 55/2/25
Source URLs
Redirection Url
Details Source https://www.mandiant.com/resources/blog/bypassing-masslogger-anti-analysis-man-in-the-middle-approach
URL Provider
Details Provider Source level domain
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
addsection.py
Details Domain 1 
pydnet.py
Details Domain 272 
outlook.com
Details Domain 7 
smtp.outlook.com
Details Domain 831 
example.com
Details Email 1 
appfoil@outlook.com
Details File 1 
bin-123.exe
Details File 6 
clrjit.dll
Details File 1 
jitmhook.dll
Details File 1 
jitm.exe
Details File 1 
jitm.log
Details File 1 
jitm.json
Details File 1 
addsection.py
Details File 1 
pydnet.py
Details File 1 
fix_assembly.py
Details File 1 
section.bin
Details File 1 
fixed.exe
Details File 97 
upload.php
Details sha1 2 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Details sha256 1 
6b975fd7e3eb0d30b6dbe71b8004b06de6bba4d0870e165de4bde7ab82154871
Details sha256 1 
bc07c3090befb5e94624ca4a49ee88b3265a3d1d288f79588be7bb356a0f9fae
Details IPv4 1441 
127.0.0.1
Details IPv4 1 
1.3.4.0
Details Url 3 
ftp://127.0.0.1
Details Url 1 
http://example.com/panel/upload.php