InfoSec Handlers Diary Blog - SANS Internet Storm Center
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Software - T1592.002 Connection Proxy - T1090 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | b941e833-dc0c-485d-ae54-72788ca5faed |
| Fingerprint | 4ad8ab2093cefbf |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 24, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Internet Storm Center |
| Title | InfoSec Handlers Diary Blog - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 31/2/33 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://isc.sans.edu/diary/26918 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 53 | oledump.py |
|
| Details | Domain | 1 | hpsj.firewall-gateway.net |
|
| Details | Domain | 20 | is.gd |
|
| Details | Domain | 4128 | github.com |
|
| Details | File | 49 | oledump.py |
|
| Details | File | 1 | ba6cc16770dc67c1af1a3e103c3fd19a854193e7cd1fecbb11ca11c2c47cdf04.doc |
|
| Details | File | 10 | form.doc |
|
| Details | File | 3 | contract.pdf |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1 | sc.bat |
|
| Details | File | 1 | c:\users\public\libraries\sc.bat |
|
| Details | File | 62 | fodhelper.exe |
|
| Details | File | 165 | reg.exe |
|
| Details | File | 34 | eventvwr.exe |
|
| Details | File | 1 | 'fodhelper.exe |
|
| Details | File | 1 | 'eventvwr.exe |
|
| Details | File | 1 | 'sc.bat |
|
| Details | File | 1 | hpjs.php |
|
| Details | File | 1 | c:\users\public\libraries\pus.bat |
|
| Details | File | 1 | pus.bat |
|
| Details | Github username | 3 | mhaskar |
|
| Details | sha256 | 1 | ba6cc16770dc67c1af1a3e103c3fd19a854193e7cd1fecbb11ca11c2c47cdf04 |
|
| Details | IPv4 | 1 | 23.98.155.192 |
|
| Details | Url | 1 | http://23.98.155.192/sc.bat |
|
| Details | Url | 1 | http://hpsj.firewall-gateway.net/hta |
|
| Details | Url | 1 | http://hpsj.firewall-gateway.net:80/hpjs.php |
|
| Details | Url | 1 | http://hpsj.firewall-gateway.net:8080/microsoftupdate |
|
| Details | Url | 1 | http://hpsj.firewall-gateway.net:80/view |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/ba6cc16770dc67c1af1a3e103c3fd19a854193e7cd1fecbb11ca11c2c47cdf04/detection |
|
| Details | Url | 2 | https://github.com/mhaskar/octopus |
|
| Details | Windows Registry Key | 9 | HKCU\Software\Classes\ms-settings\shell\open\command |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Classes\ms-settings |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Classes\mscfile |