Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products
Tags
country: China
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Password Cracking - T1110.002 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID e49f0434-cf8d-4500-be59-49e04eeb0166
Fingerprint 9020ddd8cdb8878f
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 17, 2019, 2 p.m.
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products
Title Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products
Detected Hints/Tags/Attributes 61/2/34
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 81 
cve-2017-10271
Details Domain 1 
blog.sydwzl.cn
Details Domain 1 
dwn.rundll32.ml
Details Domain 1 
www.aybc.so
Details Domain 2 
ssvs.space
Details Domain 2 
sydwzl.cn
Details Domain 358 
pastebin.com
Details File 1 
0720.bin
Details sha256 1 
2e3e8f980fde5757248e1c72ab8857eb2aea9ef4a37517261a1b013e3dc9e3c4
Details sha256 1 
2f603054dda69c2ac1e49c916ea4a4b1ae6961ec3c01d65f16929d445a564355
Details sha256 1 
28ea5d2e44538cd7fec11a28cce7c86fe208b2e8f53d57bf8a18957adb90c5ab
Details sha256 1 
232c771f38da79d5b8f7c6c57ddb4f7a8d6d44f8bca41be4407ed4923096c700
Details sha256 1 
893bdc6b7d2d7134b1ceb5445dbb97ad9c731a427490d59f6858a835525d8417
Details sha256 1 
9300f1aa56a73887d05672bfb9862bd786230142c949732c208e5e019d14f83a
Details sha256 1 
27611b92d31289d023d962d3eb7c6abd194dbdbbe4e6977c42d94883553841e8
Details sha256 1 
d341e3a9133e534ca35d5ccc54b8a79f93ff0c917790e7d5f73fedaa480a6b93
Details sha256 1 
ed038e9ea922af9f0bf5e8be42b394650fa808982d5d555e6c50c715ff2cca0c
Details sha256 1 
4b74c4d66387c70658238ac5ab392e2fe5557f98fe09eadda9259ada0d87c0f1
Details sha256 1 
e391963f496ba056e9a9f750cbd28ca7a08ac4cfc434bee4fc57a292b11941e6
Details sha256 1 
017dee32e287f37a82cf6e249f8a85b5c9d4f090e5452118ccacaf147e88dc66
Details IPv4 1 
118.24.150.172
Details IPv4 1 
120.55.54.65
Details Url 1 
https://pastebin.com/raw/cnptq2tm
Details Url 1 
https://pastebin.com/raw/rjpggxqe
Details Url 1 
https://pastebin.com/raw/1ntrkbc3
Details Url 1 
https://pastebin.com/raw/trxfvbyn
Details Url 1 
https://pastebin.com/raw/sscy7my7
Details Url 1 
https://pastebin.com/raw/vvt27leh
Details Url 1 
https://pastebin.com/raw/fj2ydetv
Details Url 1 
https://pastebin.com/raw/jnpewk6r
Details Url 1 
https://pastebin.com/raw/tzbeq3am
Details Url 1 
https://pastebin.com/raw/erkrsqfe
Details Url 1 
https://pastebin.com/raw/5bjpjvlp
Details Url 1 
https://pastebin.com/raw/gw7mywhc