ioc[.]one - OSINT Cyber Threat Intelligence Database

AutoCAD - Designing a Kill Chain

Tags

cmtmf-attack-pattern:	Code Injection Native Code
country:	Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Code Injection - T1540 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Visual Basic - T1059.005 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	f50f4814-6f15-4598-80c8-1d088d0ebb58
Fingerprint	174399d0283da96f
Analysis status	DONE
Considered CTI value	1
Text language
Published	Feb. 22, 2019, midnight
Added to db	Jan. 18, 2023, 9:56 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	AutoCAD - Designing a Kill Chain
Title	AutoCAD - Designing a Kill Chain
Detected Hints/Tags/Attributes	118/4/37

Source URLs

	Redirection	Url
Details	Source	https://labs.mwrinfosecurity.com/blog/autocad-designing-a-kill-chain/

URL Provider

Details	Provider	Source level domain
Details	mwrinfosecurity.com	labs.mwrinfosecurity.com

Attributes

Details	Type	#Events	Value
Details	CVE	1	cve-2019-7361
Details	Domain	32	ysoserial.net
Details	Domain	228	system.io
Details	Domain	29	intptr.zero
Details	Domain	1	webserver.net
Details	Domain	339	system.net
Details	Domain	17	www.lockheedmartin.com
Details	Domain	222	www.blackhat.com
Details	Domain	1	idatalabs.com
Details	Domain	23	www.forcepoint.com
Details	Domain	262	www.welivesecurity.com
Details	File	70	e.doc
Details	File	2125	cmd.exe
Details	File	1208	powershell.exe
Details	File	23	test.dll
Details	File	2	temp.dll
Details	File	1	autocad.dat
Details	File	312	calc.exe
Details	File	1	test2.dll
Details	File	13	win32.reg
Details	File	13	cyber-kill-chain.html
Details	File	1	moneymules-hunting-season-apt-attacks-targeting-financial-institutions.pdf
Details	File	1	eset_acad_medre_a_whitepaper.pdf
Details	File	1	activitysurrogateselectorfromfilegenerator.cs
Details	Github username	4	pwntester
Details	Mandiant Temporary Group Assumption	2	TEMP.DLL
Details	Url	1	http://ip_address/test.dll
Details	Url	1	http://webserver.net
Details	Url	9	https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Details	Url	1	https://www.blackhat.com/docs/eu-17/materials/eu-17-shen-nation-state
Details	Url	1	https://idatalabs.com/tech/products/autodesk-autocad
Details	Url	2	https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
Details	Url	1	https://www.welivesecurity.com/media_files/white-papers/eset_acad_medre_a_whitepaper.pdf
Details	Url	1	https://github.com/pwntester/ysoserial.net/blob/master/ysoserial/generators/activitysurrogateselectorfromfilegenerator.cs
Details	Url	2	https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\AutoDesk\AutoCAD\R23.0\ACAD-2001
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Autodesk\AutoCAD\R23.0\ACAD-2001