Threat Actors Delivers New Rozena backdoor with Follina Bug – Detection & Response - Security Investigation
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | b6a91a13-68b3-4be7-9359-24da910432c3 |
| Fingerprint | 44078176eee2401e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 11, 2022, 1:39 p.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Threat Actors Delivers New Rozena backdoor with Follina Bug – Detection & Response |
| Title | Threat Actors Delivers New Rozena backdoor with Follina Bug – Detection & Response - Security Investigation |
| Detected Hints/Tags/Attributes | 29/2/26 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | Domain | 112 | cdn.discordapp.com |
|
| Details | Domain | 1 | microsofto.duckdns.org |
|
| Details | Domain | 78 | securityaffairs.co |
|
| Details | File | 109 | index.htm |
|
| Details | File | 33 | msdt.exe |
|
| Details | File | 28 | word.exe |
|
| Details | File | 1 | cd.bat |
|
| Details | File | 1 | 1c9c88f811662007.docx |
|
| Details | File | 1 | 18562.docx |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | '%msdt.exe |
|
| Details | File | 49 | process.exe |
|
| Details | File | 7 | commandline.key |
|
| Details | File | 6 | image.key |
|
| Details | File | 3 | 'msdt.exe |
|
| Details | File | 3 | 'word.exe |
|
| Details | File | 35 | 'powershell.exe |
|
| Details | File | 1 | follina-bug-rozena-backdoor.html |
|
| Details | sha256 | 1 | 432bae48edf446539cae5e20623c39507ad65e21cb757fb514aba635d3ae67d6 |
|
| Details | sha256 | 1 | 5d8537bd7e711f430dc0c28a7777c9176269c8d3ff345b9560c8b9d4daaca002 |
|
| Details | sha256 | 1 | 3558840ffbc81839a5923ed2b675c1970cdd7c9e0036a91a0a728af14f80eff3 |
|
| Details | sha256 | 1 | 27f3bb9ab8fc66c1ca36fa5d62ee4758f1f8ff75666264c529b0f2abbade9133 |
|
| Details | sha256 | 1 | 69377adfdfa50928fade860e37b84c10623ef1b11164ccc6c4b013a468601d88 |
|
| Details | Url | 1 | https://cdn.discordapp.com/attachments/986484515985825795/986821210044264468/index.htm |
|
| Details | Url | 1 | https://www.fortinet.com/blog/threat-research/follina-rozena-leveraging-discord-to-distribute-a-backdoor |