ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis of the CloudWizard APT framework

Tags

country:	Ukraine
attack-pattern:	Data Contact List - T1636.003 Domains - T1583.001 Domains - T1584.001 Junk Data - T1001.001 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	d8d99af4-5902-4d0a-8747-d89bbe1dd5c8
Fingerprint	2fb37259ec892590
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 19, 2023, 10:30 a.m.
Added to db	June 5, 2023, 11:36 a.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	CloudWizard APT: the bad magic story goes on
Title	Analysis of the CloudWizard APT framework
Detected Hints/Tags/Attributes	75/2/36

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/cloudwizard-apt/109722/
Details	Redirection	https://securelist.com/cloudwizard-apt/109722/?&web_view=true
Details	Source	https://securelist.com/cloudwizard-apt/109722/?web_view=true

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08
Details	223	✔	Securelist	https://securelist.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	49	mail.google.com
Details	Domain	2	mm.ss
Details	Domain	1	mm.ss.ms
Details	File	2	c:\programdata\apparition storage\syncobjsup.dll
Details	File	4	syncobjsup.dll
Details	File	12	main.dll
Details	File	2	crypton.dll
Details	File	2	internet.dll
Details	File	142	wmiprvse.exe
Details	File	2	c:\programdata\microsoft\wwansvc\winsubsvc.exe
Details	File	2	c:\programdata\microsoft\mf\etwdrv.dll
Details	File	2	winsubsvc.exe
Details	File	3	lcrpsdnew.dll
Details	File	2	ms.dat
Details	md5	2	a2c27e73bc5dec88884e9c165e9372c9
Details	md5	2	406494bf3cabbd34ff56dcbeec46f5d6
Details	md5	2	F8BDE730EA3843441A657A103E90985E
Details	md5	2	39B01A6A025F672085835BD699762AEC
Details	md5	2	16793D6C3F2D56708E5FC68C883805B5
Details	md5	2	26E55D10020FBC75D80589C081782EA2
Details	md5	2	EB56F9F7692F933BEE9660DFDFABAE3A
Details	md5	2	BFF64B896B5253B5870FE61221D9934D
Details	md5	2	84BDB1DC4B037F9A46C001764C115A32
Details	md5	2	7C0E5627FD25C40374BC22035D3FADD8
Details	md5	2	0edd23bbea61467f144d14df2a5a043e
Details	md5	2	a2050f83ba2aa1c4c95567a5ee155dca
Details	md5	2	0ca329fe3d99acfaf209cea559994608
Details	sha1	3	7275a6ed8ee314600a9b93038876f853b957b316
Details	sha256	2	177f1216b55058e30a3ce319dc1c7a9b1e1579ea3d009ba965b18f795c1071a4
Details	sha256	2	041e4dcdc0c7eea5740a65c3a15b51ed0e1f0ebd6ba820e2c4cd8fa34fb891a2
Details	sha256	2	11012717a77fe491d91174969486fbaa3d3e2ec7c8d543f9572809b5cf0f2119
Details	IPv4	619	0.0.0.0
Details	Pdb	2	d:\my\projects_all\2015\wallex\iomus1_gz\release\iomus.pdb
Details	Pdb	2	d:\my\projects_all\2016\iomus0_gz\release\usdlg.pdb
Details	Pdb	2	d:\projects\work_2017\service\interactive service_system\release\service.pdb
Details	Url	2	https://mail.google.com/mail/u