Domains: Malvuln.com cxsecurity.com malvuln.com twitter.com URLs: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt md5: b8e1e5b832e5947f41fd6ae6ef6d09a1 sha256: 48d208b87b29d50bb160f336c94b681e232b0f90e8c02175e593d60737369c13 File Names: AlhEXlUJ.exe b8e1e5b832e5947f41fd6ae6ef6d09a1.txt AlhEXlUJbVpfX1EMVw.bin Email Addresses: malvuln13@gmail.com --------------------------------------------------------------------------------------TTPs Hash 48d208b87b29d50bb160f336c94b681e232b0f90e8c02175e593d60737369c13: Source: Zenbox Tactic Name: Collection Tactic ID: TA0009 Technique Name: Data from Local System Technique ID: T1005 Tactic Name: Persistence Tactic ID: TA0003 Technique Name: DLL Side-Loading Technique ID: T1574.002 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: File and Directory Discovery Technique ID: T1083 Technique Name: Process Discovery Technique ID: T1057 Technique Name: Remote System Discovery Technique ID: T1018 Technique Name: Security Software Discovery Technique ID: T1518.001 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Technique Name: System Information Discovery Technique ID: T1082 Tactic Name: Credential Access Tactic ID: TA0006 Technique Name: OS Credential Dumping Technique ID: T1003 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Process Injection Technique ID: T1055 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Technique Name: Masquerading Technique ID: T1036 Technique Name: DLL Side-Loading Technique ID: T1574.002 Tactic Name: Command and Control Tactic ID: TA0011 Technique Name: Non-Application Layer Protocol Technique ID: T1095 Technique Name: Encrypted Channel Technique ID: T1573 Technique Name: Application Layer Protocol Technique ID: T1071 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Process Injection Technique ID: T1055 Technique Name: DLL Side-Loading Technique ID: T1574.002 Source: DAS-Security Orcas Tactic Name: Collection Tactic ID: TA0009 Technique Name: LLMNR/NBT-NS Poisoning and SMB Relay Technique ID: T1557.001 Tactic Name: Lateral Movement Tactic ID: TA0008 Technique Name: Web Session Cookie Technique ID: T1550.004 Tactic Name: Impact Tactic ID: TA0034 Technique Name: Data Encrypted for Impact Technique ID: T1486 Tactic Name: Impact Tactic ID: TA0040 Technique Name: Data Encrypted for Impact Technique ID: T1486 Tactic Name: Persistence Tactic ID: TA0003 Technique Name: Windows Service Technique ID: T1543.003 Tactic Name: Execution Tactic ID: TA0002 Technique Name: Service Execution Technique ID: T1569.002 Technique Name: Native API Technique ID: T1106 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: File and Directory Discovery Technique ID: T1083 Technique Name: System Owner/User Discovery Technique ID: T1033 Technique Name: Process Discovery Technique ID: T1057 Technique Name: Application Window Discovery Technique ID: T1010 Technique Name: Query Registry Technique ID: T1012 Technique Name: System Network Configuration Discovery Technique ID: T1016 Technique Name: Debugger Evasion Technique ID: T1622 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: Local Account Technique ID: T1087.001 Technique Name: Browser Information Discovery Technique ID: T1217 Technique Name: Software Discovery Technique ID: T1518 Technique Name: System Service Discovery Technique ID: T1007 Technique Name: System Checks Technique ID: T1497.001 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Tactic Name: Credential Access Tactic ID: TA0006 Technique Name: Credentials In Files Technique ID: T1552.001 Technique Name: Credentials from Web Browsers Technique ID: T1555.003 Technique Name: LLMNR/NBT-NS Poisoning and SMB Relay Technique ID: T1557.001 Technique Name: Steal Web Session Cookie Technique ID: T1539 Technique Name: Credentials from Password Stores Technique ID: T1555 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Debugger Evasion Technique ID: T1622 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Technique Name: Obfuscated Files or Information Technique ID: T1027 Technique Name: Web Session Cookie Technique ID: T1550.004 Technique Name: System Checks Technique ID: T1497.001 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Technique Name: Hidden Files and Directories Technique ID: T1564.001 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Windows Service Technique ID: T1543.003 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Source: CAPA Tactic Name: Execution Tactic ID: TA0002 Technique Name: Shared Modules Technique ID: T1129 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Obfuscated Files or Information Technique ID: T1027