ioc[.]one - OSINT Cyber Threat Intelligence Database

Hunting FIN7 malicious documents

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Powershell - T1059.001 Software - T1592.002 Powershell - T1086 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	d971f5e0-8d05-4d43-a8c7-8347dd5613ab
Fingerprint	8201b9812a4d1369
Analysis status	DONE
Considered CTI value	1
Text language
Published	Oct. 15, 2017, midnight
Added to db	Jan. 18, 2023, 7:32 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Some stuff about security..
Title	Hunting FIN7 malicious documents
Detected Hints/Tags/Attributes	32/2/27

Source URLs

	Redirection	Url
Details	Source	http://blog.angelalonso.es/2017/10/hunting-fin7-malicious-documents.html

URL Provider

Details	Provider	Source level domain
Details	angelalonso.es	blog.angelalonso.es

Attributes

Details	Type	#Events	Value
Details	Domain	372	wscript.shell
Details	Domain	6	sh.run
Details	Domain	1	objdoc.content.select
Details	Domain	73	schemas.microsoft.com
Details	Domain	1	xmlserverhttp.open
Details	Domain	707	google.com
Details	File	2127	cmd.exe
Details	File	2	%homepath%\tt.txt
Details	File	2	pp.txt
Details	File	1	%homepath%\pp.txt
Details	File	1	whatis.ini
Details	File	11	'wscript.exe
Details	File	376	wscript.exe
Details	File	1	06041356.txt
Details	File	4	wshshell.reg
Details	File	1	owmiservice.exe
Details	File	1	oitem.mov
Details	File	1	62744684.ps1
Details	File	1209	powershell.exe
Details	IPv4	2	31.148.220.215
Details	Threat Actor Identifier - FIN	377	FIN7
Details	Url	19	http://schemas.microsoft.com/windows/2004/02/mit/task
Details	Url	1	http://31.148.220.215:80/cd
Details	Url	1	http://31.148.220.215:443/cd
Details	Url	1	http://31.148.220.215:8080/cd
Details	Url	1	http://31.148.220.215:53/cd
Details	Windows Registry Key	14	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet