A new version of the Loki backdoor for the Mythic framework attacks Russian companies
Tags
country: | Russia |
attack-pattern: | Data Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
Type | Value |
---|---|
UUID | f6182329-eab0-4411-82c0-2fb456b01d24 |
Fingerprint | bdcc2dd1803906cb |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Sept. 9, 2024, 7 a.m. |
Added to db | Sept. 9, 2024, 9:23 a.m. |
Last updated | Nov. 17, 2024, 6:55 p.m. |
Headline | Loki: a new private agent for the popular Mythic framework |
Title | A new version of the Loki backdoor for the Mythic framework attacks Russian companies |
Detected Hints/Tags/Attributes | 54/2/40 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://securelist.com/loki-agent-for-mythic/113596/ |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 223 | ✔ | Securelist | https://securelist.com/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 5 | nsitelecom.ru |
|
Details | Domain | 5 | document.info-cloud.ru |
|
Details | Domain | 5 | ui.telecomz.ru |
|
Details | File | 4 | 2024.exe |
|
Details | File | 6 | winit.exe |
|
Details | File | 37 | 1.dll |
|
Details | File | 1122 | svchost.exe |
|
Details | File | 46 | runtimebroker.exe |
|
Details | File | 3 | перечень_документов.iso |
|
Details | md5 | 3 | 375CFE475725CAA89EDF6D40ACD7BE70 |
|
Details | md5 | 3 | 46505707991E856049215A09BF403701 |
|
Details | md5 | 3 | EB7886DDC6D28D174636622648D8E9E0 |
|
Details | md5 | 4 | 46505707991e856049215a09bf403701 |
|
Details | md5 | 4 | f0b6e7c0f0829134fe73875fadf3942f |
|
Details | md5 | 4 | 796bdba64736a0bd6d2aafe773acba52 |
|
Details | md5 | 4 | 5ec03e03b908bf76c0bae7ec96a2ba83 |
|
Details | md5 | 4 | 0632799171501fbeeba57f079ea22735 |
|
Details | md5 | 4 | 97357d0f1bf2e4f7777528d78ffeb46e |
|
Details | md5 | 4 | f2132a3e82c2069eb5d949e2f1f50c94 |
|
Details | md5 | 4 | 7f85e956fc69e6f76f72eeaf98aca731 |
|
Details | md5 | 4 | 375cfe475725caa89edf6d40acd7be70 |
|
Details | md5 | 4 | dff5fa75d190dde0f1bd22651f8d884d |
|
Details | md5 | 4 | 05119e5ffceb21e3b447df49b52ab608 |
|
Details | md5 | 4 | 724c8e3fc74dde15ccd6441db460c4e4 |
|
Details | md5 | 4 | 834f7e48aa21c18c0f6e5285af55b607 |
|
Details | md5 | 4 | e8b110b51f45f2d64af6619379aeef62 |
|
Details | md5 | 4 | eb7886ddc6d28d174636622648d8e9e0 |
|
Details | md5 | 4 | 1178e7ff9d4adfe48064c507a299a628 |
|
Details | md5 | 4 | dd8445e9b7daced487243ecba2a5d7a8 |
|
Details | md5 | 4 | 4afad607f9422da6871d7d931fe63402 |
|
Details | sha1 | 3 | 8326b2b0569305254a8ce9f186863e09605667e7 |
|
Details | sha1 | 3 | 21cdde4f6916f7e4765a377f6f40a82904a05431 |
|
Details | sha1 | 3 | 98cffa5906adb7bbbb9a6aa7c0bf18587697cf10 |
|
Details | sha256 | 3 | 81801823c6787b737019f3bd9bd53f15b1d09444f0fe95fad9b568f82cc7a68d |
|
Details | sha256 | 4 | ff605df63ffe6d7123ad67e96f3bc698e50ac5b982750f77bbc75da8007625bb |
|
Details | sha256 | 4 | aa544118deb7cb64ded9fdd9455a277d0608c6985e45152a3cbb7422bd9dc916 |
|
Details | Url | 3 | https://y.nsitelecom.ru/certcenter. |
|
Details | Url | 5 | http://y.nsitelecom.ru/certcenter |
|
Details | Url | 5 | http://document.info-cloud.ru/data |
|
Details | Url | 5 | http://ui.telecomz.ru/data |