ioc[.]one - OSINT Cyber Threat Intelligence Database

Bookworm Trojan: A Model of Modular Architecture

Tags

country:	Thailand
attack-pattern:	Data Model Dll Side-Loading - T1574.002 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Dll Side-Loading - T1073

Show in Graph

Common Information

Type	Value
UUID	bcca95aa-543c-4bf6-ae6e-85b84f4034c7
Fingerprint	348389ebe1548283
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 10, 2015, 9 a.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	Bookworm Trojan: A Model of Modular Architecture
Title	Bookworm Trojan: A Model of Modular Architecture
Detected Hints/Tags/Attributes	55/2/68

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/bookworm-trojan-a-model-of-modular-architecture/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	sgkey.data
Details	Domain	2	bkmail.blogdns.com
Details	Domain	2	debain.servehttp.com
Details	Domain	2	linuxdns.sytes.net
Details	Domain	2	news.nhknews.hk
Details	Domain	2	sswmail.gotdns.com
Details	Domain	2	sswwmail.gotdns.com
Details	Domain	2	sysnc.sytes.net
Details	Domain	2	systeminfothai.gotdns.ch
Details	Domain	2	thailandbbs.ddns.net
Details	Domain	2	ubuntudns.sytes.net
Details	Domain	2	web12.nhknews.hk
Details	File	21	loader.dll
Details	File	367	readme.txt
Details	File	198	msmpeng.exe
Details	File	1	ushata.exe
Details	File	2	leader.dll
Details	File	1	%allusersprofile%\application data\microsoft\devicesync\msmpeng.exe
Details	File	1	%allusersprofile%\application data\microsoft\devicesync\mpsvc.dll
Details	File	1	%allusersprofile%\application data\microsoft\devicesync\ushata.exe
Details	File	1	%allusersprofile%\application data\microsoft\devicesync\ushata.dll
Details	File	1	%allusersprofile%\application data\microsoft\crypto\rsa\machinekeys\sgkey.dat
Details	File	1	sgkey.dat
Details	File	1	c:\documents and settings\all users\application data\microsoft\devicesync\msmpeng.exe
Details	File	1	resolver.dll
Details	File	1	mover.dll
Details	File	1	coder.dll
Details	File	1	digest.dll
Details	File	2	aes.dll
Details	File	1	network.dll
Details	File	6	http.dll
Details	File	1	wininetwork.dll
Details	File	1	kblogger.dll
Details	File	85	c:\windows\system32\dllhost.exe
Details	md5	1	8ae2468d3f208d07fb47ebb1e0e297d7
Details	md5	1	0f41c853a2d522e326f2c30b4b951b04
Details	md5	1	35755a6839f3c54e602d777cd11ef557
Details	md5	1	87d71401e2b8978c2084eb9a1d59c172
Details	md5	1	599b6e05a38329081b80a461b57cec37
Details	md5	1	ba1aea40182861e1d1de8c0c2ae78cb7
Details	md5	1	de1595a7585219967a87a909f38acaa2
Details	md5	1	f8c8c6683d6ca880293f7c1a78d7f8ce
Details	md5	1	0b4ad1bd093e0a2eb8968e308e900180
Details	md5	1	cba74e507e9741740d251b1fb34a1874
Details	md5	1	fcd68032c39cca3385c539ea38914735
Details	md5	1	3e69c34298a8fd5169259a2fef506d63
Details	md5	1	04d63e2a3da0a171e5c15d8e904387b9
Details	md5	1	0d57d2bef1296be62a3e791bfad33bcd
Details	md5	1	4389fc820d0edd96bac26fa0b7448aee
Details	md5	1	74c293acdda0d2c3b5087763dae27ec6
Details	md5	1	b030c619bb24804cbcc05065530fcf2e
Details	md5	1	29df124f370752a87b3426dcad539ec6
Details	md5	1	9df45e8d8619e234d0449daf2f617ba3
Details	md5	1	40f1b160b88ff98934017f3f1e7879a5
Details	md5	1	210816c8bde338bf206f13bb923327a1
Details	md5	1	187cdb58fbc30046a35793818229c573
Details	md5	1	499ccc8d6d7c08e135a91928ccc2fd7a
Details	md5	1	5e4852c8e5ef3cbceb69a9bc3d554d6c
Details	md5	1	5282b503b061eaa843c0bcda1c74b14f
Details	Windows Registry Key	8	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\DeviceSync\Type
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\DeviceSync\Start
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\DeviceSync\ErrorControl
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\DeviceSync\ImagePath
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\DeviceSync\DisplayName
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\DeviceSync\ObjectName
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\DeviceSync\Description
Details	Windows Registry Key	4	HKLM\SOFTWARE\Microsoft\Internet