How not to Obfuscate your VBScript
Tags
attack-pattern: Dynamic Dns - T1311 Dynamic Dns - T1333 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID c4d9e316-2623-45ff-9acf-242d36c8c592
Fingerprint 1cd53a32af5773ee
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 7, 2013, 6:11 a.m.
Added to db Jan. 18, 2023, 8 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline PwnDizzle
Title How not to Obfuscate your VBScript
Detected Hints/Tags/Attributes 28/1/12
Source URLs
Redirection Url
Details Source http://pwndizzle.blogspot.com/2013/09/how-not-to-obfuscate-your-malware.html
URL Provider
Details Provider Source level domain
Details blogspot.com pwndizzle.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
zoia.no-ip.org
Details Domain 372 
wscript.shell
Details Domain 8 
no-ip.org
Details Domain 5 
shellobj.run
Details Domain 10 
www.cuckoosandbox.org
Details File 41 
msxml2.xml
Details File 376 
wscript.exe
Details File 1 
shellobj.reg
Details Url 1 
http://social.technet.microsoft.com/forums/en-us/f80f10c6-ae6c-4f63-96ec-9d49d582764a/virus-acceso-directo-en-discos-extraibles
Details Url 4 
http://www.cuckoosandbox.org
Details Windows Registry Key 2 
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run