Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a4acc2e8-1167-43b8-9ff1-eeb040a98d28 |
| Fingerprint | 313dac5583bcc5a1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 18, 2023, 1:06 a.m. |
| Added to db | Aug. 31, 2024, 8:40 a.m. |
| Last updated | Nov. 17, 2024, 5:56 p.m. |
| Headline | Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity |
| Title | Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity |
| Detected Hints/Tags/Attributes | 0/0/53 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 249 | ✔ | The DFIR Report | https://thedfirreport.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 1 | AS4758 |
|
| Details | Autonomous System Number | 1 | AS142501 |
|
| Details | Autonomous System Number | 1 | AS17813 |
|
| Details | Autonomous System Number | 1 | AS55566 |
|
| Details | Autonomous System Number | 1 | AS4748 |
|
| Details | CVE | 90 | cve-2022-42475 |
|
| Details | CVE | 184 | cve-2021-26855 |
|
| Details | CVE | 126 | cve-2021-27065 |
|
| Details | CVE | 17 | cve-2019-11043 |
|
| Details | CVE | 52 | cve-2021-21972 |
|
| Details | CVE | 68 | cve-2020-14882 |
|
| Details | CVE | 10 | cve-2023-25157 |
|
| Details | CVE | 9 | cve-2023-2982 |
|
| Details | CVE | 3 | cve-2019-9978 |
|
| Details | CVE | 122 | cve-2017-5638 |
|
| Details | CVE | 19 | cve-2020-1938 |
|
| Details | CVE | 33 | cve-2017-9841 |
|
| Details | CVE | 3 | cve-2015-5317 |
|
| Details | CVE | 5 | cve-2016-3427 |
|
| Details | CVE | 6 | cve-2016-8735 |
|
| Details | CVE | 1 | cve-2018-10900 |
|
| Details | CVE | 3 | cve-2019-13272 |
|
| Details | CVE | 60 | cve-2021-4034 |
|
| Details | Domain | 4 | mossad.gov.il |
|
| Details | Domain | 1 | mossad.gov |
|
| Details | Domain | 2 | shabak.gov.il |
|
| Details | Domain | 1 | shabak.gov |
|
| Details | Domain | 9 | cracked.io |
|
| Details | Domain | 1 | cve-2020-14882.py |
|
| Details | Domain | 1 | cve-2023-25157.py |
|
| Details | Domain | 1 | cve-2023-2982.py |
|
| Details | Domain | 1 | phpunit.py |
|
| Details | Domain | 12 | run.py |
|
| Details | Domain | 1 | autominionlx.sh |
|
| Details | Domain | 291 | raw.githubusercontent.com |
|
| Details | Domain | 1 | apicalls.net |
|
| Details | Domain | 1 | authkey.pub |
|
| Details | Domain | 1 | smilevolume.com |
|
| Details | Domain | 1 | vpnjantit.com |
|
| Details | File | 1 | 55566.txt |
|
| Details | File | 1 | 17813.txt |
|
| Details | File | 1 | sept24.txt |
|
| Details | File | 1 | sept24_op.txt |
|
| Details | File | 1 | temp123.txt |
|
| Details | File | 14 | manage_user.php |
|
| Details | File | 1 | cve-2020-14882.py |
|
| Details | File | 1 | cve-2023-25157.py |
|
| Details | File | 1 | cve-2023-2982.py |
|
| Details | File | 1 | phpunit.py |
|
| Details | File | 11 | run.py |
|
| Details | File | 1 | ddos.php |
|
| Details | File | 1 | c:\programdata\mdsn\svchost.exe |
|
| Details | File | 1 | c:\programdata\software\svchost.exe |