Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
Tags
country: Japan
attack-pattern: Data Direct Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Remote Desktop Protocol - T1076 Scripting - T1064 Windows Management Instrumentation - T1047 Scripting
Show in Graph
Common Information
Type Value
UUID b80ddb18-ec48-4b1f-a08f-ab4bbe89afba
Fingerprint acd7b8336eb383ed
Analysis status DONE
Considered CTI value 0
Text language
Published April 13, 2023, 1 p.m.
Added to db June 5, 2023, 10:46 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
Title Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
Detected Hints/Tags/Attributes 103/2/13
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/vice-society-ransomware-powershell/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 120 Unit 42 https://feeds.feedburner.com/Unit42 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 339 
system.net
Details File 146 
wininet.dll
Details File 8 
w1.ps1
Details File 1208 
powershell.exe
Details File 1 
dont_exfil_me.eml
Details File 1 
i_mean_please_dont_exfil_me.eml
Details File 1 
me_either.docx
Details File 1 
'w1.ps1
Details File 35 
'powershell.exe
Details IPv4 1 
192.168.42.100
Details IPv4 132 
10.0.0.0
Details IPv4 124 
192.168.0.0
Details IPv4 81 
172.16.0.0