ioc[.]one - OSINT Cyber Threat Intelligence Database

Signed driver malware moves up the software trust chain

Tags

country:	China Cuba
attack-pattern:	Data Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Code Signing - T1116 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	d93f5b11-4a25-4e64-94ae-54d97d69afc1
Fingerprint	2ddccb5b18a6b485
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 13, 2022, 6 p.m.
Added to db	Dec. 14, 2022, 5:40 p.m.
Last updated	Oct. 20, 2024, 3:45 a.m.
Headline	Signed driver malware moves up the software trust chain
Title	Signed driver malware moves up the software trust chain
Detected Hints/Tags/Attributes	65/2/19

Source URLs

	Redirection	Url
Details	Source	https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/

URL Provider

Details	Provider	Source level domain
Details	sophos.com	news.sophos.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	File	1		mefek.sys
Details	File	2		kapchelper_x64.sys
Details	File	7		apchelper.sys
Details	File	1		allx7_64.exe
Details	File	1		kapchelper.sys
Details	sha256	1		9b1b15a3aacb0e786a608726c3abfc94968915cedcbd239ddf903c4a54bfcf0c
Details	sha256	1		42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25
Details	sha256	1		6839fcae985774427c65fe38e773aa96ec451a412caa5354ad9e2b9b54ffe6c1
Details	sha256	1		7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6
Details	sha256	1		d7c81b0f3c14844f6424e8bdd31a128e773cb96cccef6d05cbff473f0ccb9f9c
Details	sha256	1		5f6fec8f7890d032461b127332759c88a1b7360aa10c6bd38482572f59d2ba8b
Details	sha256	1		0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc
Details	sha256	1		274340f7185a0cc047d82ecfb2cce5bd18764ee558b5227894565c2f9fe9f6ab
Details	sha256	1		0d10c4b2f56364b475b60bd2933273c8b1ed2176353e59e65f968c61e93b7d99
Details	sha256	1		c8f9e1ad7b8cce62fba349a00bc168c849d42cfb2ca5b2c6cc4b51d054e0c497
Details	sha256	1		8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104
Details	IPv4	56		1.3.6.1
Details	IPv4	2		11.10.3.5
Details	Mandiant Uncategorized Groups	28		UNC2596