ioc[.]one - OSINT Cyber Threat Intelligence Database

Hunting pack use case: RedLeaves malware

Tags

country:	United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	e4d4fe40-be7b-4283-82c3-8f3866541279
Fingerprint	af743279652ba685
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 3, 2017, 7:40 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	NetWitness Community
Title	Hunting pack use case: RedLeaves malware
Detected Hints/Tags/Attributes	55/3/23

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2017/05/03/hunting-pack-use-case-redleaves-malware

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	Value
Details	CVE	172	cve-2022-30190
Details	Domain	13	hybrid-analysis.com
Details	Domain	206	www.example.com
Details	Domain	145	www.us-cert.gov
Details	Domain	4	blog.jpcert.or.jp
Details	Domain	4128	github.com
Details	Domain	19	community.rsa.com
Details	File	2	obedience.exe
Details	File	3	starburn.dll
Details	File	2	handkerchief.dat
Details	File	263	iexplore.exe
Details	File	3	redleaves---malware-based-on-open-source-rat.html
Details	Github username	33	nccgroup
Details	sha256	1	aba4df64717462c61801d737c9fa20a7fada61539eaef50954331d31f7306d27
Details	sha256	1	adb72a24429441f743bd2b1a9c0116ae9a1e7b217e047849d70ca1e9054dbdb6
Details	sha256	1	773b176b3a68c3d21fae907af8fba7908b55726bd591c5335c8c0bc9de179b76
Details	sha256	2	5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481
Details	Url	2	https://www.us-cert.gov/ncas/alerts/ta17-117a
Details	Url	1	http://blog.jpcert.or.jp/2017/04/redleaves---malware-based-on-open-source-rat.html
Details	Url	1	https://www.virustotal.com/en/file/5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481/analysis
Details	Url	1	https://www.hybrid-analysis.com/sample/5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481?environmentid=100
Details	Url	1	https://github.com/nccgroup/cyber-defence/blob/master/technical
Details	Url	2	https://community.rsa.com/docs/doc-62341