Water Orthrus New Campaigns Deliver Rootkit and Phishing Modules
Tags
| country: | China |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Rootkit - T1014 Rundll32 - T1085 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | c43f56e6-179c-4143-a83d-8674024540f7 |
| Fingerprint | 8c2d897f0527ab4d |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 15, 2023, midnight |
| Added to db | Oct. 15, 2024, 9:58 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Water Orthrus's New Campaigns Deliver Rootkit and Phishing Modules |
| Title | Water Orthrus New Campaigns Deliver Rootkit and Phishing Modules |
| Detected Hints/Tags/Attributes | 59/3/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | www.msftconnecttest.com |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 16 | 360safe.exe |
|
| Details | File | 21 | 360sd.exe |
|
| Details | File | 20 | qqpctray.exe |
|
| Details | File | 14 | kxetray.exe |
|
| Details | File | 2 | like.exe |
|
| Details | File | 1 | and.sys |
|
| Details | File | 2 | fixmbr.exe |
|
| Details | File | 3 | connecttest.txt |
|
| Details | sha256 | 3 | 48211c6f957c2ad024441be3fc32aecd7c317dfc92523b0a675c0cfec86ffdd9 |
|
| Details | Url | 2 | http://www.msftconnecttest.com/connecttest.txt |
|
| Details | Windows Registry Key | 33 | HKLM\SYSTEM\CurrentControlSet\Services |
|
| Details | Windows Registry Key | 2 | HKLM\SYSTEM\CurrentControlSet\Control\SessionManager |
|
| Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Microsoft\recount |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Microsoft\count_a0b1c2d3 |
|
| Details | Windows Registry Key | 14 | HKLM\Software\Microsoft |