Credential Gathering From Third-Party Software
Tags
attack-pattern: Data Credentials - T1589.001 Domain Account - T1087.002 Domain Account - T1136.002 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Python - T1059.006 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Private Keys - T1145 Regsvr32 - T1117 Third-Party Software - T1072
Show in Graph
Common Information
Type Value
UUID f3aeab4f-e52e-4b7e-a9bf-12a3c77bfb5d
Fingerprint bf92344926c223bd
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 8, 2022, 7 p.m.
Added to db Sept. 11, 2022, 12:30 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Credential Gathering From Third-Party Software
Title Credential Gathering From Third-Party Software
Detected Hints/Tags/Attributes 69/1/25
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/credential-gathering-third-party-software/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 256 Unit 42 https://unit42.paloaltonetworks.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
www.yell.ge
Details Domain 1 
yakosurf.com
Details File 1 
%localappdata%\microsoft\remote desktop connection manager\rdcman.settings
Details File 1 
rdcman.settings
Details File 199 
excel.exe
Details File 459 
regsvr32.exe
Details File 23 
c:\windows\system32\regsvr32.exe
Details File 1 
kgnkudbadmpogg.dll
Details File 64 
logins.json
Details File 71 
nss3.dll
Details File 36 
key3.db
Details File 41 
key4.db
Details File 49 
nltest.exe
Details File 226 
certutil.exe
Details File 1 
rwuupyovei7fkjb.dll
Details File 1 
lw1jf63zarluv8uwpwgnwpgg.dll
Details sha256 1 
6599fee8c7adf30a00889a7070600f472f8cead8ea4dd1a85e724ed15f2aed0f
Details sha256 1 
a88c344f3f80f8a3ea2e9ba0687febcee2a730fd9ac037d54c4fd21c0ab91039
Details sha256 1 
d252235aa420b91c38bfeec4f1c3f3434bc853d04635453648b26b2947352889
Details sha256 1 
a1d513e4a5c83895e5769c994c4d319959ef5ae3f679ce6c0c5211b5beca7695
Details sha256 1 
1b8638333751efcb6b5332c801c11df0de3d7077c6acea1d663c0302519d7172
Details Url 1 
https://www.yell.ge/nav_logo/aentp
Details Url 1 
https://yakosurf.com/wp-includes/s
Details Windows Registry Key 1 
HKCU\software\martin
Details Windows Registry Key 1 
HKCU\software\openvpn-gui\configs