Analysis of a Convoluted Attack Chain Involving Ngrok
Tags
attack-pattern: Data Model Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID ea2d714f-03df-48c6-8486-8c07448bf910
Fingerprint f7eb0dd4e0a786c1
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 14, 2020, midnight
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Analysis of a Convoluted Attack Chain Involving Ngrok
Title Analysis of a Convoluted Attack Chain Involving Ngrok
Detected Hints/Tags/Attributes 58/1/12
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngrok.html
Details Source https://www.trendmicro.com/en_gb/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngrok.html
Details Source https://www.trendmicro.com/en_th/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngrok.html
Details Source https://www.trendmicro.com/en_ca/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngrok.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 16 
tcp.ngrok.io
Details File 21 
c:\windows\system32\reg.exe
Details File 125 
ntoskrnl.exe
Details File 165 
reg.exe
Details File 306 
services.exe
Details File 2125 
cmd.exe
Details File 31 
psexesvc.exe
Details File 2 
remotesvc.exe
Details File 33 
shell.exe
Details File 2 
toola.exe
Details IPv4 2 
192.168.19.129
Details Windows Registry Key 41 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run