Stego Campaign
Tags
| country: | Brazil Portugal |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Javascript - T1059.007 Powershell - T1059.001 Process Hollowing - T1055.012 Python - T1059.006 Software - T1592.002 Powershell - T1086 Process Hollowing - T1093 |
Common Information
| Type | Value |
|---|---|
| UUID | c702f54b-5e87-4761-9068-3ceead4b703e |
| Fingerprint | 2e0b0d91e1a587ac |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 10, 2024, 4:25 p.m. |
| Added to db | Sept. 16, 2024, 5:21 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | somedieyoungZZ |
| Title | Stego Campaign |
| Detected Hints/Tags/Attributes | 44/3/30 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://somedieyoungzz.github.io//posts/stego-camp/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 432 | ✔ | somedieyoungZZ | https://somedieyoungzz.github.io/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | bodelgo.run |
|
| Details | Domain | 1 | ia601606.us.archive.org |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 1 | dnlib.io |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 29 | intptr.zero |
|
| Details | Domain | 1 | pub-26ee9be236b54d0cb1b570a203543b93.r2.dev |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | File | 1 | invoices.js |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | deathnote.jpg |
|
| Details | File | 1 | decoded_output.bin |
|
| Details | File | 13 | addinprocess32.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | stage_1-1.js |
|
| Details | File | 1 | stage_2_payload.ps1 |
|
| Details | File | 1 | stage_3_payload.dll |
|
| Details | File | 1 | stage_4.exe |
|
| Details | File | 1 | nl5.txt |
|
| Details | md5 | 1 | 39b345302a075b1bc0d45b632eb9ee62 |
|
| Details | md5 | 1 | f9f6a728e3728ccb7f52c3b0b8c64dcf |
|
| Details | md5 | 1 | c639542f337f5a9b8ba27104dff86158 |
|
| Details | md5 | 1 | 56398e25cbed9287de5fe7b463eeb974 |
|
| Details | md5 | 1 | 7a47db5c25aaae2b0772c78f70983681 |
|
| Details | md5 | 1 | 26ee9be236b54d0cb1b570a203543b93 |
|
| Details | Url | 1 | https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg |
|
| Details | Url | 1 | https://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev/nl5.txt |
|
| Details | Url | 9 | https://twitter.com/idanotpro |
|
| Details | Windows Registry Key | 47 | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |