Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
Tags
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID eac28852-7d88-4183-a2d6-bbd0aaae0949
Fingerprint b4dbc9500c320201
Analysis status DONE
Considered CTI value 2
Text language
Published March 1, 2023, 1:18 p.m.
Added to db March 1, 2023, 2:53 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
Title Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
Detected Hints/Tags/Attributes 52/1/27
Source URLs
Redirection Url
Details Source https://research.nccgroup.com/2023/03/01/making-new-connections-leveraging-cisco-anyconnect-client-to-drop-and-run-payloads/
URL Provider
Details Provider Source level domain
Details nccgroup.com research.nccgroup.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 206 https://research.nccgroup.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 4128 
github.com
Details File 3 
vpnagent.exe
Details File 6 
vpnui.exe
Details File 1 
acwebhelper.exe
Details File 1 
04053-core-vpn-webdeploy-k9.msi
Details File 1 
profile_test.xml
Details File 1 
scripts_ondisconnect.vbs
Details File 1 
scripts_onconnect.vbs
Details File 1 
vpncli.exe
Details File 1 
ondisconnect.vbs
Details File 8 
sock.bin
Details File 376 
wscript.exe
Details File 1 
vpndownloder.exe
Details Github username 33 
nccgroup
Details sha1 1 
dddddddddddddddddddddddddddddddddddddddd
Details sha1 1 
273e4e1b10e0489d8762ead30c088185ddb0b16b
Details sha1 1 
32e35124209ff5014768600b0f7375d61069c39d
Details sha1 1 
249898741379d651195ea32993b227d933c46ecb
Details sha256 1 
456f8991f6a915202e1ef2bce7dc22f2c6791c806311f7cc93e551e97dc1222d
Details IPv4 5 
192.168.1.30
Details IPv4 1441 
127.0.0.1
Details IPv4 12 
192.168.1.128
Details IPv4 141 
255.255.255.0
Details IPv4 2 
192.168.1.159
Details IPv4 295 
8.8.8.8
Details IPv4 1 
192.168.59.0
Details Url 1 
https://github.com/nccgroup/droppedconnection