GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f5a02127-9c9d-42fd-8aa1-c65500003450
Fingerprint a043a0b1adbe03cf
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 28, 2020, midnight
Added to db Feb. 17, 2023, 9:20 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic
Title GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic
Detected Hints/Tags/Attributes 39/2/5
Source URLs
Redirection Url
Details Source https://www.bleepingcomputer.com/news/security/github-hosted-malware-calculates-cobalt-strike-payload-from-imgur-pic/
URL Provider
Details Provider Source level domain
Details bleepingcomputer.com www.bleepingcomputer.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
mazzion1234-44451.portmap.host
Details File 1208 
powershell.exe
Details sha256 1 
d1c7a7511bd09b53c651f8ccc43e9c36ba80265ba11164f88d6863f0832d8f81
Details sha256 1 
ed93ce9f84dbea3c070b8e03b82b95eb0944c44c6444d967820a890e8218b866
Details Mandiant Temporary Group Assumption 29 
TEMP.ZAGROS