ioc[.]one - OSINT Cyber Threat Intelligence Database

Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive

Tags

cmtmf-attack-pattern:	Masquerading
country:	Japan
attack-pattern:	Data Dll Side-Loading - T1574.002 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Native Api - T1575 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 System Services - T1569 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Dll Side-Loading - T1073 Execution Through Api - T1106 Hooking - T1179 Masquerading - T1036 Rootkit - T1014 Rundll32 - T1085 Hooking Masquerading Rootkit

Show in Graph

Common Information

Type	Value
UUID	d790cc0d-f542-4334-9ee8-1fc5b4a02b9c
Fingerprint	1e508910edb59781
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 4, 2022, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
Title	Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
Detected Hints/Tags/Attributes	115/3/33

Source URLs

	Redirection	Url
Details	Source	https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive

URL Provider

Details	Provider	Source level domain
Details	cybereason.com	www.cybereason.com

Attributes

Details	Type	#Events	Value
Details	File	4	cc.bat
Details	File	2	bc.bat
Details	File	1018	rundll32.exe
Details	File	104	sqlite3.dll
Details	File	1	c:\windows\system32\iumatl.dll
Details	File	1	c:\windows\system32\msdupld.dll
Details	File	1	c:\windows\system32\mscuplt.dll
Details	File	1	c:\windows\system32\netapi.dll
Details	File	1	c:\windows\system32\rpcutl.dll
Details	File	1	c:\windows\system32\dot3utl.dll
Details	File	1	c:\windows\system32\nlsutl.dll
Details	File	1	c:\windows\branding\basebrd\language.dll
Details	File	1	c:\program files\internet explorer\signup\install.dll
Details	File	4	sqlite3.exe
Details	File	533	ntdll.dll
Details	File	22	oci.dll
Details	File	2	shiver.exe
Details	File	1	forsrv.exe
Details	File	3	c:\users\default\ntuser.dat
Details	File	2	spark.exe
Details	File	28	wlbsctrl.dll
Details	File	5	prntvpt.dll
Details	File	6	printconfig.dll
Details	File	54	dbghelp.dll
Details	File	3	c:\windows\system32\dbghelp.dll
Details	File	1	bqdsp.sys
Details	File	1	amdk8.sys
Details	File	2	mfsdll.exe
Details	File	1122	svchost.exe
Details	md5	1	A2A584462A94F64DAF1D2A672F78F73E
Details	sha1	1	12c736fe6c9165b1c1026faad0051fb9f51dff35
Details	sha1	1	fab426f085460cefd4a65b8a4396c05bf582cb20
Details	Windows Registry Key	7	HKLM\SOFTWARE\Microsoft\Cryptography