Webworm: Espionage Attackers Testing and Using Older Modified RATs
Tags
| country: | Georgia South Korea Mongolia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | d20ad5b4-efe1-4060-b5fc-eca9a6774d4c |
| Fingerprint | bf263ce1a6f5c487 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 15, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Webworm: Espionage Attackers Testing and Using Older Modified RATs |
| Title | Webworm: Espionage Attackers Testing and Using Older Modified RATs |
| Detected Hints/Tags/Attributes | 45/3/29 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | sha256 | 1 | 1cc32c7f2c90a558ba5ff6ba191e655b20d7c65c10af0d5d06820a28c2947efd |
|
| Details | sha256 | 1 | 6e46054aa9fd5992a7398e0feee894d5887e70373ca5987fc56cd4c0d28f26a1 |
|
| Details | sha256 | 1 | 37fa5108db1ae73475911a5558fba423ef6eee2cf3132e35d3918b9073aeecc1 |
|
| Details | sha256 | 1 | 3629d2ce400ce834b1d4b7764a662757a9dc95c1ef56411a7bf38fb5470efa84 |
|
| Details | sha256 | 1 | 824100a64c64f711b481a6f0e25812332cc70a13c98357dd26fb556683f8a7c7 |
|
| Details | File | 4 | logger.exe |
|
| Details | File | 1 | sc.cfg |
|
| Details | File | 1 | logexts.dat |
|
| Details | File | 2 | logexts.dll |
|
| Details | File | 1 | logger.dat |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 1 | c:\programdata\logger\logger.exe |
|
| Details | File | 1 | c:\programdata\logger\logger.dat |
|
| Details | File | 1 | c:\programdata\logger\logexts.dll |
|
| Details | File | 1 | c:\programdata\logger\logexts.dat |
|
| Details | File | 1 | c:\programdata\logger\sc.cfg |
|
| Details | File | 1122 | svchost.exe |
|
| Details | sha256 | 1 | 6201c604ac7b6093dc8f6f12a92f40161508af1ddffa171946b876442a66927e |
|
| Details | sha256 | 1 | b9a0602661013d973bc978d64b7abb6bed20cf0498d0def3acb164f0d303b646 |
|
| Details | sha256 | 1 | c71e0979336615e67006e20b24baafb19d600db94f93e3bf64181478dfc056a8 |
|
| Details | sha256 | 1 | 28d78e52420906794e4059a603fa9f22d5d6e4479d91e9046a97318c83998679 |
|
| Details | sha256 | 1 | a618b3041935ec3ece269effba5569b610da212b1aa3968e5645f3e37d478536 |
|
| Details | sha256 | 1 | a6b9975bfe02432e80c7963147c4011a4f7cdb9baaee4ae8d27aaff7dff79c2b |
|
| Details | sha256 | 1 | a73a4c0aa557241a09e137387537e04ce582c989caa10a6644d4391f00a836ef |
|
| Details | sha256 | 1 | 10456bc3b5cfd2f1b1ab9c3833022ef52f5e9733d002ab237bdebad09b125024 |
|
| Details | sha256 | 1 | d295712185de2e5f8811b0ce7384a04915abdf970ef0f087c294bb00e340afad |
|
| Details | sha256 | 1 | e69177e58b65dd21e0bbe4f6caf66604f120e0c835f3ee0d16a45858f5fe9d90 |
|
| Details | sha256 | 2 | 1e725f1fe67d1a596c9677df69ef5b1b2c29903e84d7b08284f0a767aedcc097 |
|
| Details | sha256 | 2 | b0a58c6c859833eb6fb1c7d8cb0c5875ab42be727996bcc20b17dd8ad0058ffa |