ioc[.]one - OSINT Cyber Threat Intelligence Database

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature | Malwarebytes Labs

Tags

country:	Hong Kong India
attack-pattern:	Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Template Injection - T1221 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	c83bcd73-ca42-48a0-a3f6-d3e6e1ae067c
Fingerprint	a8cb99d971ac1fee
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 17, 2020, midnight
Added to db	Sept. 11, 2022, 12:40 p.m.
Last updated	Nov. 18, 2024, 5:30 a.m.
Headline	Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
Title	Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature \| Malwarebytes Labs
Detected Hints/Tags/Attributes	52/2/24

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2020/06/multi-stage-apt-attack-drops-cobalt-strike-using-malleable-c2-feature/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	yenile.asia
Details	Domain	95	ip-api.com
Details	Domain	1	time.updateeset.com
Details	File	1	indexb.dot
Details	File	1	indexa.dot
Details	File	1	ecmd.exe
Details	File	1	cf.ini
Details	File	3	ntdll.exe
Details	File	2	winint.dll
Details	File	218	min.js
Details	File	17	resume.doc
Details	sha256	1	259632b416b4b869fc6dc2d93d2b822dedf6526c0fa57723ad5c326a92d30621
Details	sha256	1	7f1325c5a9266e649743ba714d02c819a8bfc7fd58d58e28a2b123ea260c0ce2
Details	sha256	1	aeb4c3ff5b5a62f5b7fcb1f958885f76795ee792c12244cee7e36d9050cfb298
Details	sha256	1	dcaaffea947152eab6572ae61d7a3783e6137901662e6b5b5cad82bffb5d8995
Details	sha256	1	5f49a47abc8e8d19bd5ed3625f28561ef584b1a226df09d45455fbf38c73a79c
Details	sha256	1	0eba651e5d54bd5bb502327daef6979de7e3eb63ba518756f659f373aa5f4f8b
Details	sha256	1	5143c5d8715cfc1e70e9db00184592c6cfbb4b9312ee02739d098cf6bc83eff9
Details	sha256	1	8cfd023f1aa40774a9b6ef3dbdfb75dea10eb7f601c308f8837920417f1ed702
Details	sha256	1	7963ead16b6277e5b4fbd5d0b683593877d50a6ea7e64d2fc5def605eba1162a
Details	Threat Actor Identifier - APT	523	APT41
Details	Url	1	https://yenile.asia/yoomanhowyoudare/indexb.dotm
Details	Url	3	http://ip-api.com/xml
Details	Url	1	https://yenile.asia/yoomanhowyoudare