TLP:WHITE9 IOCs
Threat Actor Uses Steganographic Webshell and Defence Impairment Before Mimikatz Execution
Malware Families
Diamond Model
Adversary
Infrastructure
Capability(1)
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise9
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| CVE | CVE-2023-26360 exploitintel-blogmalware | Medium | 51 | Jul 2, 26 |
| SHA256 | f63d293e117cae1d0a6c24359fc1361a9dc48178049cc6491051b09268c8c39c file-hashintel-blogmalware | Medium | 53 | Jul 2, 26 |
| MD5 | 3eb6f92aedf74f109c7b4b0897ec39a8 aptespionageexploit | High | 60 | Jun 11, 26 |
| SHA256 | 40859ede262098086962ab00c89f02452aa9941c88c7f4ac002db166179980c6 file-hashintel-blogmalware | Medium | 53 | Jul 2, 26 |
| CVE | CVE-2023-29300 exploitintel-blogmalware | Medium | 51 | Jul 2, 26 |
| CVE | CVE-2023-29298 exploitintel-blogmalware | Medium | 51 | Jul 2, 26 |
| MD5 | d649ca90ff8f49c5b7c9cfa8cf5ded23 aptespionageexploit | Medium | 53 | Jul 2, 26 |
| MD5 | fe31476fe9d84070912ad058d3b574e1 aptespionageexploit | Medium | 53 | Jul 2, 26 |
| SHA256 | bd74a00f4d2ec3bf50d13ddf324bb368b2464d547abd0c572ef5e2f77943a920 file-hashintel-blogmalware | Medium | 53 | Jul 2, 26 |
IOC Relationship Graph
IOC Relationship Graph9 total IOCs
CVESHA256MD5