ioc[.]one - OSINT Cyber Threat Intelligence Database

LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company | Securelist

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Code Signing - T1553.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Service - T1543.003 Tool - T1588.002 Code Signing - T1116 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	f8c8c571-beb5-4ba9-a4b8-4b4b32a11ca9
Fingerprint	bf64994bb920dcc1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 10, 2018, 10 a.m.
Added to db	Jan. 16, 2023, 4:57 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
Title	LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company \| Securelist
Detected Hints/Tags/Attributes	56/2/33

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/luckymouse-ndisproxy-driver/87914
Details	Source	https://securelist.com/luckymouse-ndisproxy-driver/87914/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	338	kaspersky.com
Details	Domain	4128	github.com
Details	Email	147	intelreports@kaspersky.com
Details	File	478	lsass.exe
Details	File	1	load.log
Details	Github username	3	darthton
Details	Github username	5	nodejs
Details	md5	1	dacedff98035f80711c61bc47e83b61d
Details	md5	1	9dc209f66da77858e362e624d0be86b3
Details	md5	1	3cbeda2c5ac41cca0b0d60376a2b2511
Details	md5	1	8e6d87eadb27b74852bd5a19062e52ed
Details	md5	1	d21de00f981bb6b5094f9c3dfa0be533
Details	md5	1	a2eb59414823ae00d53ca05272168006
Details	md5	1	493167e85e45363d09495d0841c30648
Details	md5	1	ad07b44578fa47e7de0df42a8b7f8d2d
Details	md5	1	6a352c3e55e8ae5ed39dc1be7fb964b1
Details	md5	1	83c5ff660f2900677e537f9500579965
Details	md5	1	3a97d9b6f17754dcd38ca7fc89caab04
Details	sha256	1	c69121a994ea8ff188510f41890208625710870af9a06b005db817934b517bc1
Details	IPv4	3	103.75.190.28
Details	IPv4	2	213.109.87.58
Details	Url	2	https://github.com/darthton/blackbone
Details	Url	2	https://github.com/nodejs/http-parser
Details	Windows Registry Key	1	HKLM\SOFTWARE\Classes\32ndisproxy-mn
Details	Windows Registry Key	1	HKCR\ndisproxy-mn
Details	Windows Registry Key	1	HKLM\SOFTWARE\Classes\64ndisproxy-mn
Details	Windows Registry Key	1	HKCR\ndisproxy-mn\filterpd-ndisproxy-mn
Details	Windows Registry Key	1	HKLM\SOFTWARE\Classes\32ndisproxy-help
Details	Windows Registry Key	1	HKLM\SOFTWARE\Classes\64ndisproxy-help
Details	Windows Registry Key	1	HKCR\ndisproxy-mn\filterpd-ndisproxy-help
Details	Windows Registry Key	1	HKLM\SOFTWARE\Classes\32ndisproxy-notify
Details	Windows Registry Key	1	HKLM\SOFTWARE\Classes\64ndisproxy-notify
Details	Windows Registry Key	1	HKCR\ndisproxy-mn\filterpd-ndisproxy-notify