FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region | Mandiant
Tags
attack-pattern: Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID fc83dda1-0842-42d7-94a6-188c1396817b
Fingerprint 2f0538d8916362cd
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 1, 2016, midnight
Added to db Nov. 9, 2023, 12:23 a.m.
Last updated Oct. 1, 2024, 2:34 p.m.
Headline FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region
Title FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region | Mandiant
Detected Hints/Tags/Attributes 43/1/50
Source URLs
Redirection Url
Details Source https://www.mandiant.com/resources/blog/fireeye_responds-wave-desctructive
URL Provider
Details Provider Source level domain
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
key8854321.pub
Details File 4 
ntssrvr32.exe
Details File 3 
ntssrvr64.exe
Details File 1 
ntssrvr32.bat
Details File 3 
gpget.exe
Details File 5 
drdisk.sys
Details File 2 
key8854321.pub
Details File 3 
netinit.exe
Details File 1 
%windir%\system32\netinit.exe
Details File 1 
c:\windows\system32\caclsrv.exe
Details File 1 
c:\windows\system32\certutl.exe
Details File 1 
c:\windows\system32\clean.exe
Details File 1 
c:\windows\system32\ctrl.exe
Details File 1 
c:\windows\system32\dfrag.exe
Details File 1 
c:\windows\system32\dnslookup.exe
Details File 1 
c:\windows\system32\dvdquery.exe
Details File 1 
c:\windows\system32\event.exe
Details File 1 
c:\windows\system32\extract.exe
Details File 1 
c:\windows\system32\findfile.exe
Details File 1 
c:\windows\system32\fsutl.exe
Details File 1 
c:\windows\system32\gpget.exe
Details File 1 
c:\windows\system32\iissrv.exe
Details File 1 
c:\windows\system32\ipsecure.exe
Details File 1 
c:\windows\system32\msinit.exe
Details File 1 
c:\windows\system32\netx.exe
Details File 1 
c:\windows\system32\ntdsutl.exe
Details File 1 
c:\windows\system32\ntfrsutil.exe
Details File 1 
c:\windows\system32\ntnw.exe
Details File 1 
c:\windows\system32\power.exe
Details File 1 
c:\windows\system32\rdsadmin.exe
Details File 1 
c:\windows\system32\regsys.exe
Details File 1 
c:\windows\system32\routeman.exe
Details File 1 
c:\windows\system32\rrasrv.exe
Details File 1 
c:\windows\system32\sacses.exe
Details File 1 
c:\windows\system32\sfmsc.exe
Details File 1 
c:\windows\system32\sigver.exe
Details File 1 
c:\windows\system32\smbinit.exe
Details File 1 
c:\windows\system32\wcscript.exe
Details md5 1 
10de241bb7028788a8f278e27a4e335f
Details md5 2 
c843046e54b755ec63ccb09d0a689674
Details md5 1 
76c643ab29d497317085e5db8c799960
Details md5 1 
b5d2a4d8ba015f3e89ade820c5840639
Details md5 2 
ac4d91e919a3ef210a59acab0dbb9ab5
Details Windows Registry Key 2 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\NtsSrv
Details Windows Registry Key 1 
HKLM\SYSTEM\ControlSet001\Services\NtsSrv
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\wow32
Details Windows Registry Key 1 
HKLM\SYSTEM\ControlSet001\Services\wow32
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\drdisk
Details Windows Registry Key 1 
HKLM\SYSTEM\ControlSet001\Services\drdisk