Multistage Attack using protected code and Unusual CallBacks
Tags
| cmtmf-attack-pattern: | Process Injection |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Python - T1059.006 Server - T1583.004 Server - T1584.004 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | eb38f866-e444-4d26-8225-6e26f481806c |
| Fingerprint | aa399d933db44690 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 31, 2016, 2:28 p.m. |
| Added to db | Jan. 18, 2023, 7:56 p.m. |
| Last updated | Nov. 18, 2024, 1:24 p.m. |
| Headline | Deriving Cyber Threat Intelligence and Driving Threat Hunting |
| Title | Multistage Attack using protected code and Unusual CallBacks |
| Detected Hints/Tags/Attributes | 66/3/29 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 201 | msdn.microsoft.com |
|
| Details | Domain | 1 | mail-ve1eur01hn0236.outbound.protection.outlook.com |
|
| Details | Domain | 1 | eur01-ve1-obe.outbound.protection.outlook.com |
|
| Details | Domain | 1 | abc.def.com |
|
| Details | Domain | 1 | teslablatnacz1.onmicrosoft.com |
|
| Details | Domain | 1 | tesla-blatna.cz |
|
| Details | Domain | 1 | he1pr0501mb2203.eurprd05.prod.outlook.com |
|
| Details | Domain | 2 | fumalwareanalysis.blogspot.com |
|
| Details | 1 | smtp.mailfrom=pozarek@tesla-blatna.cz |
||
| Details | 1 | 44e250b9.c8944ccc@tesla-blatna.cz |
||
| Details | 1 | pozarek@tesla-blatna.cz |
||
| Details | File | 5 | winhost32.exe |
|
| Details | File | 1 | sn168.exe |
|
| Details | File | 2130 | cmd.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 9 | vbe7.dll |
|
| Details | File | 534 | ntdll.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 1 | bulk_inquiry.doc |
|
| Details | File | 31 | 404.php |
|
| Details | File | 1 | bulk_inquiry_545447.doc |
|
| Details | File | 1 | malware-analysis-tutorial-8-pe-header.html |
|
| Details | File | 11 | winhost.exe |
|
| Details | md5 | 1 | ede2eb4f6bc3b9ecca1d3be676674a32 |
|
| Details | IPv4 | 1 | 104.47.1.236 |
|
| Details | IPv4 | 1 | 207.62.4.129 |
|
| Details | IPv4 | 1 | 10.168.33.142 |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/aa716201(v=vs.60).aspx |
|
| Details | Url | 1 | http://fumalwareanalysis.blogspot.com/2011/12/malware-analysis-tutorial-8-pe-header.html |