ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware
Tags
cmtmf-attack-pattern: Obfuscated Files Or Information
country: Turkmenistan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials From Password Stores - T1555 Data From Local System - T1533 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Data Encoding - T1132 Data From Local System - T1005 Obfuscated Files Or Information - T1027 System Information Discovery - T1082 User Execution - T1204 User Execution
Show in Graph
Common Information
Type Value
UUID f3ec9446-6795-4ff4-aa2a-29041d117ab7
Fingerprint a77419d12e3f02c8
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 6, 2021, noon
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 4:22 p.m.
Headline ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware
Title ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware
Detected Hints/Tags/Attributes 68/4/21
Source URLs
Redirection Url
Details Source https://quointelligence.eu/2021/01/reconhellcat-uses-nist-theme-as-lure-to-deliver-new-blacksoul-malware/
URL Provider
Details Provider Source level domain
Details quointelligence.eu quointelligence.eu
Attributes
Details Type #Events CTI Value
Details Domain 1 
usrclass.data
Details Domain 19 
cloudflare-dns.com
Details Domain 18 
workers.dev
Details Domain 1 
noisy-haze-af47.fromhell.workers.dev
Details Domain 1 
shrill-wave-90be.0black.workers.dev
Details File 1 
1-10-20-hb44_final.exe
Details File 1 
usrclass.json
Details File 28 
usrclass.dat
Details sha256 1 
3be1dd49f01e8b7ddf9af765693690d44356399b9e6043e51d5e13c82194b2a4
Details sha256 1 
c49cad471a61adb5ea8a6d260887d1dd7f22de75d1143ce2a72828842ef4bb52
Details sha256 1 
fdd310ce1b4f03a79f7a6eda8df793f4c0718766228a9a0700cf0b5a4ea648e2
Details MITRE ATT&CK Techniques 412 
T1566
Details MITRE ATT&CK Techniques 421 
T1204
Details MITRE ATT&CK Techniques 629 
T1027
Details MITRE ATT&CK Techniques 172 
T1555
Details MITRE ATT&CK Techniques 1007 
T1082
Details MITRE ATT&CK Techniques 534 
T1005
Details Threat Actor Identifier - APT 785 
APT28
Details Url 1 
https://noisy-haze-af47.fromhell.workers.dev/uploads/bl4ck_s0ul6s5_1d7704b469.blacksoul
Details Url 1 
https://noisy-haze-af47.fromhell.workers.dev/uploads/bl4ck_s0ul6s5_faac59ebe2.blacksoullib
Details Url 1 
https://shrill-wave-90be.0black.workers.dev