Phase Bot – A Fileless Rootkit (Part 1) – MalwareTech
Tags
attack-pattern: Data Hooking - T1617 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Software - T1592.002 Hooking - T1179 Powershell - T1086 Rootkit - T1014 Rundll32 - T1085 Hooking Rootkit
Show in Graph
Common Information
Type Value
UUID f756c35f-b840-4e34-95d4-db78ee0084c1
Fingerprint 8c2f888385f779e0
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 11, 2014, 9:51 p.m.
Added to db Jan. 18, 2023, 11:28 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Phase Bot – A Fileless Rootkit (Part 1)
Title Phase Bot – A Fileless Rootkit (Part 1) – MalwareTech
Detected Hints/Tags/Attributes 30/1/4
Source URLs
Redirection Url
Details Source https://www.malwaretech.com/2014/12/phase-bot-fileless-rootki.html
URL Provider
Details Provider Source level domain
Details malwaretech.com www.malwaretech.com
Attributes
Details Type #Events CTI Value
Details Domain 372 
wscript.shell
Details File 1018 
rundll32.exe
Details File 1209 
powershell.exe
Details Windows Registry Key 1 
HKCUSoftwareMicrosoftActive