YUNIT STEALER - CYFIRMA
Tags
cmtmf-attack-pattern: Boot Or Logon Autostart Execution Command And Scripting Interpreter Geofencing Scheduled Task/Job
country: France
attack-pattern: Data Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data From Local System - T1533 Exfiltration Over C2 Channel - T1646 Geofencing - T1627.001 Geofencing - T1581 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 System Checks - T1633.001 System Checks - T1497.001 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Data From Local System - T1005 Exfiltration Over Command And Control Channel - T1041 Hidden Window - T1143 Modify Registry - T1112 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Sudo - T1169 System Information Discovery - T1082
Show in Graph
Common Information
Type Value
UUID bc5218cf-e9b9-4b65-a9cd-f2e33dc71bb9
Fingerprint b594ba92a1bbd7cf
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 6, 2024, midnight
Added to db Oct. 10, 2024, 1:33 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline YUNIT STEALER
Title YUNIT STEALER - CYFIRMA
Detected Hints/Tags/Attributes 110/3/18
Source URLs
Redirection Url
Details Source https://www.cyfirma.com/research/yunit-stealer/
URL Provider
Details Provider Source level domain
Details cyfirma.com www.cyfirma.com
Attributes
Details Type #Events CTI Value
Details Domain 149 
system.security
Details Domain 2 
giter.club
Details File 1 
discord_backup_codes.txt
Details File 4 
codes.txt
Details File 1 
github-recovery-codes.txt
Details File 6 
cards.txt
Details File 2126 
cmd.exe
Details File 1 
yunit.exe
Details sha256 2 
f1f4176c1cfb6eedbdc025510b1fcdbfeaee857e2bbb5db63c1e0ebf2d71d077
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 66 
T1564.003
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 534 
T1005
Details MITRE ATT&CK Techniques 422 
T1041
Details Windows Registry Key 188 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run