Analyzing the GreyEnergy Malware: from Maldoc to Backdoor – Nozomi Networks
Tags
cmtmf-attack-pattern: Data Encrypted
country: Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Rundll32 - T1218.011 Tool - T1588.002 Data Encrypted - T1022 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID b6df5dc6-39f8-40a1-b6f3-209f80a6bc68
Fingerprint 2c145d1a2d235ff9
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 20, 2018, 4:54 p.m.
Added to db Feb. 18, 2023, 12:30 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Analyzing the GreyEnergy Malware: from Maldoc to Backdoor
Title Analyzing the GreyEnergy Malware: from Maldoc to Backdoor – Nozomi Networks
Detected Hints/Tags/Attributes 78/4/19
Source URLs
Redirection Url
Details Source https://www.nozominetworks.com/2018/11/20/blog/analyzing-the-greyenergy-malware-from-maldoc-to-backdoor/
Details Source https://www.nozominetworks.com/blog/analyzing-the-greyenergy-malware-from-maldoc-to-backdoor/
URL Provider
Details Provider Source level domain
Details nozominetworks.com www.nozominetworks.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
pbank.co.ua
Details Domain 53 
oledump.py
Details Domain 372 
wscript.shell
Details Domain 74 
adodb.stream
Details Domain 4128 
github.com
Details File 1 
dmykcedtg2zar.png
Details File 49 
oledump.py
Details File 1 
maldoc.doc
Details File 29 
vbaproject.bin
Details File 1 
activex13.bin
Details File 41 
msxml2.xml
Details File 1 
tvunss3.exe
Details File 75 
favicon.ico
Details File 1018 
rundll32.exe
Details File 18 
c:\windows\syswow64\rundll32.exe
Details sha1 2 
177af8f6e8d6f4952d13f88cdf1887cb7220a645
Details sha1 2 
51309371673acd310f327a10476f707eb914e255
Details sha1 1 
bd67ae6c9c4c5dee10fd8e889133427bf42d0580
Details Url 2 
http://pbank.co.ua/favicon.ico