SysJoker
Tags
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | c54bdd85-1c8b-49e1-a4e1-dc6e1c636847 |
| Fingerprint | a0e21c754fb31af9 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 16, 2022, midnight |
| Added to db | Aug. 31, 2024, 7:21 a.m. |
| Last updated | Nov. 18, 2024, 1:24 p.m. |
| Headline | SysJoker |
| Title | SysJoker |
| Detected Hints/Tags/Attributes | 24/1/14 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://rexorvc0.com/2022/03/16/SysJoker/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 208 | ✔ | RexorVc0 | https://rexorvc0.com/atom.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 195 | drive.google.com |
|
| Details | File | 1 | sysjoker.exe |
|
| Details | File | 1212 | powershell.exe |
|
| Details | File | 1 | c:\programdata\systemdata\temps1.txt |
|
| Details | File | 1 | c:\programdata\systemdata\temps2.txt |
|
| Details | File | 31 | c:\windows\system32\wbem\wmic.exe |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 1 | c:\programdata\systemdata\tempo1.txt |
|
| Details | File | 1 | c:\programdata\systemdata\tempo2.txt |
|
| Details | File | 1 | c:\programdata\systemdata\tempi1.txt |
|
| Details | File | 1 | c:\programdata\systemdata\tempi2.txt |
|
| Details | File | 1 | c:\programdata\systemdata\igfxcuiservice.exe |
|
| Details | sha256 | 1 | 1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |