Script-Based Malware: A New Attacker Trend on Internet Explorer
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID eafa7a73-3821-4a9b-917d-12efc83175ef
Fingerprint b402091a893aa2cf
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 11, 2020, 1 p.m.
Added to db Sept. 11, 2022, 12:31 p.m.
Last updated Nov. 12, 2024, 3:53 p.m.
Headline Script-Based Malware: A New Attacker Trend on Internet Explorer
Title Script-Based Malware: A New Attacker Trend on Internet Explorer
Detected Hints/Tags/Attributes 58/2/25
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/script-based-malware/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 16 
cve-2019-0752
Details Domain 1 
assurancetemporaireenligne.com
Details Domain 1 
seemee.ddns.net
Details Domain 1 
dark.crypterfile.com
Details File 5 
c.js
Details File 2 
loader.js
Details File 7 
loader.php
Details File 16 
cmd.php
Details File 59 
2.exe
Details sha256 1 
751d161ed4afd822925c0373395f014578f166467d20a4b1adfdb27fd0a83c36
Details sha256 1 
cccf25dcd1fa16017b2accf4bc501be583824423fc3a09779116ae07d833f2b2
Details sha256 1 
ba60efe2e939da16e3d240732fda286fbd3db3a0f06cb12d7042c7fac9b82b86
Details Url 1 
http://seemee.ddns.net/loader/loader2/www
Details Url 1 
http://seemee.ddns
Details Url 1 
http://assurancetemporaireenligne.com/c.js
Details Url 1 
http://seemee.ddns.net/loader/loader2/www/loader.php
Details Url 1 
http://seemee.ddns.net/loader/loader2/www/cmd.php
Details Url 1 
http://dark.crypterfile.com/2.exe
Details Url 1 
http://dark.crypterfile.com/1/desktop.exe
Details Url 1 
http://dark.crypterfile.com/1/99.exe
Details Url 1 
http://dark.crypterfile.com/1/calc.vbs
Details Url 1 
http://dark.crypterfile.com/1/calculator.exe
Details Url 1 
http://dark.crypterfile.com/1/calc.exe
Details Windows Registry Key 1 
HKCU\Software\loaderName
Details Windows Registry Key 188 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run