IcedID僵尸网络滥用谷歌PPC服务分发恶意软件
Tags
attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Embedded Payloads - T1027.009 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Rundll32 - T1218.011 Rundll32 - T1085 |
Common Information
Type | Value |
---|---|
UUID | ed6b9cb0-fad6-4cb5-b922-01af1f8b811e |
Fingerprint | bb15fb9ef2cf6097 |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | Dec. 29, 2022, midnight |
Added to db | Dec. 20, 2024, 1:07 a.m. |
Last updated | Dec. 24, 2024, 5:56 a.m. |
Headline | IcedID僵尸网络滥用谷歌PPC服务分发恶意软件 |
Title | IcedID僵尸网络滥用谷歌PPC服务分发恶意软件 |
Detected Hints/Tags/Attributes | 17/1/17 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/50512 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 6752 | 163.com |
|
Details | File | 1102 | rundll32.exe |
|
Details | File | 1 | 恶意的icedid和合法的sqlite3.dll |
|
Details | File | 4 | tcl86.dll |
|
Details | File | 110 | sqlite3.dll |
|
Details | File | 40 | x64.dll |
|
Details | File | 37 | libcurl.dll |
|
Details | File | 1 | 在sqlite3.dll |
|
Details | File | 306 | msiexec.exe |
|
Details | File | 2 | msi3480c3c1.msi |
|
Details | File | 1 | 系统代码代理执行rundll32.exe |
|
Details | File | 1 | 恶意自定义操作调用rundll32.exe |
|
Details | File | 2 | icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html |
|
Details | MITRE ATT&CK Techniques | 45 | T1218.007 |
|
Details | MITRE ATT&CK Techniques | 131 | T1218.011 |
|
Details | MITRE ATT&CK Techniques | 45 | T1027.009 |
|
Details | Url | 1 | https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html?&web_view=true |