ioc[.]one - OSINT Cyber Threat Intelligence Database

Cross Platform Modular Glupteba Malware Uses ManageX

Tags

cmtmf-attack-pattern:	Masquerading
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Alternative Protocol - T1639 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Process Discovery - T1424 Native Api - T1575 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Exfiltration Over Alternative Protocol - T1048 File And Directory Discovery - T1083 Masquerading - T1036 Process Discovery - T1057 Query Registry - T1012 Rootkit - T1014 Rundll32 - T1085 System Network Configuration Discovery - T1016 Masquerading Rootkit

Show in Graph

Common Information

Type	Value
UUID	f572de6c-94dc-4429-95f0-56920458d009
Fingerprint	b55419d8e4f3cf83
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 29, 2020, midnight
Added to db	Oct. 15, 2024, 5:40 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Cross-Platform / Modular Glupteba Malware Uses ManageX
Title	Cross Platform Modular Glupteba Malware Uses ManageX
Detected Hints/Tags/Attributes	101/3/23

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/20/i/cross-platform-modular-glupteba-malware-uses-managex.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	47	cve-2017-0143
Details	CVE	20	cve-2017-0148
Details	CVE	126	cve-2017-0144
Details	Domain	2	fffffk.xyz
Details	Domain	3	info.d3pk.com
Details	File	52	trojan.js
Details	File	1122	svchost.exe
Details	File	2	wcrx.exe
Details	File	3	m_inc.js
Details	File	1018	rundll32.exe
Details	sha256	1	a29da4c0ffe15f0cf1b6c9867af54280da1bad2f28515eb4a49e6260b6388f3c
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	92	T1048
Details	Url	1	http://fffffk.xyz/down/m_inc.js?1589344811463
Details	Url	2	http://info.d3pk.com/js_json