ioc[.]one - OSINT Cyber Threat Intelligence Database

A Hammer Lurking In The Shadows - F-Secure Blog

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	ead75240-247b-473b-8f66-fb1e8afe4628
Fingerprint	254d1899a0362651
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 29, 2019, 2:12 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 13, 2024, 12:37 a.m.
Headline	A Hammer Lurking In The Shadows
Title	A Hammer Lurking In The Shadows - F-Secure Blog
Detected Hints/Tags/Attributes	25/1/24

Source URLs

	Redirection	Url
Details	Source	https://blog.f-secure.com/a-hammer-lurking-in-the-shadows/
Details	Source	https://labsblog.f-secure.com/2019/03/29/a-hammer-lurking-in-the-shadows/

URL Provider

Details	Provider	Source level domain
Details	f-secure.com	labsblog.f-secure.com
Details	f-secure.com	blog.f-secure.com

Attributes

Details	Type	#Events	Value
Details	Domain	4	asushotfix.com
Details	File	208	setup.exe
Details	File	14	logo.jpg
Details	File	4	logo2.jpg
Details	File	3	idx.ini
Details	File	1	419.msi
Details	sha1	1	b0416f8866954196175d7d9a93b9ab505e96712c
Details	sha1	1	5039ff974a81caf331e24eea0f2b33579b00d854
Details	sha1	1	e01c1047001206c52c87b8197d772db2a1d3b7b4
Details	sha1	1	c6bd8969513b2373eafec9995e31b242753119f2
Details	sha1	1	2c591802d8741d6aef1a278b9aca06952f035b8f
Details	sha1	1	0595e34841bb3562d2c30a1b22ebf20d31c3be86
Details	sha1	1	df4df416c819feb06e4d206ea1ee4c8d07c694ad
Details	sha1	1	8e0dfaf40174322396800516b282bf16f62267fa
Details	sha1	1	4a8d9a9ca776aaaefd7f6b3ab385dbcfcbf2dfff
Details	sha1	1	e793c89ecf7ee1207e79421e137280ae1b377171
Details	sha1	1	9f0dbf2ba3b237ff5fd4213b65795595c513e8fa
Details	sha1	1	e005c58331eb7db04782fdf9089111979ce1406f
Details	Pdb	3	d:\c++\asusshellcode\release\asusshellcode.pdb
Details	Pdb	1	asusshellcode.pdb
Details	Url	2	https://asushotfix.com/logo.jpg
Details	Url	2	https://asushotfix.com/logo2.jpg
Details	Yara rule	1	rule shadowhammer_pdb { strings: $str_pdb = "AsusShellCode.pdb" ascii nocase condition: all of them }
Details	Yara rule	1	rule shadowhammer_patch { strings: $str_msi = "\\419.msi" ascii wide nocase $str_upd = "ASUS Live Updata" ascii wide nocase $str_ins = "Asusaller Application" ascii wide nocase condition: 2 of them }