CyberThreatIntel/Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md

# Malware analysis about sample of APT Patchwork
## Table of Contents
* [Malware analysis](#Malware-analysis)
  + [Initial vector](#Initial-vector)
* [Cyber Threat Intel](#Cyber-Threat-Intel)
* [Indicators Of Compromise (IOC)](#IOC)
* [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK)
* [Links](#Links)
  + [Original Tweet](#Original-Tweet)
  + [Link Anyrun](#Links-Anyrun)
  + [Documents](#Documents)

## Malware analysis <a name="Malware-analysis"></a>
### Initial vector <a name="Initial-vector"></a>
###### The initial vector
![alt text](link "")

## Cyber kill chain <a name="Cyber-kill-chain"></a>
###### The process graph resume the cyber kill chain used by the attacker.
![alt text]()
## Cyber Threat Intel <a name="Cyber-Threat-Intel"></a>
## References MITRE ATT&CK Matrix <a name="Ref-MITRE-ATTACK"></a>
###### List of all the references with MITRE ATT&CK Matrix

|Enterprise tactics|Technics used|Ref URL|
| :---------------: |:-------------| :------------- |
||||
||||
||||

## Indicators Of Compromise (IOC) <a name="IOC"></a>

###### List of all the Indicators Of Compromise (IOC)

| Indicator     | Description|
| ------------- |:-------------:|
|||
||Domain requested|
||IP requested|
||HTTP/HTTPS requests||
||IP C2|
||Domain C2|
###### This can be exported as JSON format [Export in JSON]()	

## Links <a name="Links"></a>
###### Original tweet: [https://twitter.com/_jsoo_/status/1166353584923041798](https://twitter.com/_jsoo_/status/1166353584923041798) <a name="Original-Tweet"></a>
###### Links Anyrun: <a name="Links-Anyrun"></a>
* [Azerbaijan delegation to pakistan.inp](https://app.any.run/tasks/9a133077-a806-4e11-9e4a-711b8764b153/)
###### Documents: <a name="Documents"></a>
* [Recent InPage Exploits Lead to Multiple Malware Families](https://unit42.paloaltonetworks.com/unit42-recent-inpage-exploits-lead-multiple-malware-families/)
* [InPage zero-day exploit used to attack financial institutions in Asia](https://securelist.com/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/76717/)
* [Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups](https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups-english/)
Create Malware analysis 27-08-19.md 2019-09-06 22:04:29 +00:00			`# Malware analysis about sample of APT Patchwork`
			`## Table of Contents`
			`* [Malware analysis](#Malware-analysis)`
			`+ [Initial vector](#Initial-vector)`
			`* [Cyber Threat Intel](#Cyber-Threat-Intel)`
			`* [Indicators Of Compromise (IOC)](#IOC)`
			`* [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK)`
			`* [Links](#Links)`
			`+ [Original Tweet](#Original-Tweet)`
			`+ [Link Anyrun](#Links-Anyrun)`
			`+ [Documents](#Documents)`

			`## Malware analysis <a name="Malware-analysis"></a>`
			`### Initial vector <a name="Initial-vector"></a>`
			`###### The initial vector`
			`![alt text](link "")`

			`## Cyber kill chain <a name="Cyber-kill-chain"></a>`
			`###### The process graph resume the cyber kill chain used by the attacker.`
			`![alt text]()`
			`## Cyber Threat Intel <a name="Cyber-Threat-Intel"></a>`
			`## References MITRE ATT&CK Matrix <a name="Ref-MITRE-ATTACK"></a>`
			`###### List of all the references with MITRE ATT&CK Matrix`

			`\|Enterprise tactics\|Technics used\|Ref URL\|`
			`\| :---------------: \|:-------------\| :------------- \|`
			`\|\|\|\|`
			`\|\|\|\|`
			`\|\|\|\|`

			`## Indicators Of Compromise (IOC) <a name="IOC"></a>`

			`###### List of all the Indicators Of Compromise (IOC)`

			`\| Indicator \| Description\|`
			`\| ------------- \|:-------------:\|`
			`\|\|\|`
			`\|\|Domain requested\|`
			`\|\|IP requested\|`
			`\|\|HTTP/HTTPS requests\|\|`
			`\|\|IP C2\|`
			`\|\|Domain C2\|`
			`###### This can be exported as JSON format [Export in JSON]()`

			`## Links <a name="Links"></a>`
			`###### Original tweet: [https://twitter.com/_jsoo_/status/1166353584923041798](https://twitter.com/_jsoo_/status/1166353584923041798) <a name="Original-Tweet"></a>`
			`###### Links Anyrun: <a name="Links-Anyrun"></a>`
			`* [Azerbaijan delegation to pakistan.inp](https://app.any.run/tasks/9a133077-a806-4e11-9e4a-711b8764b153/)`
			`###### Documents: <a name="Documents"></a>`
			`* [Recent InPage Exploits Lead to Multiple Malware Families](https://unit42.paloaltonetworks.com/unit42-recent-inpage-exploits-lead-multiple-malware-families/)`
			`* [InPage zero-day exploit used to attack financial institutions in Asia](https://securelist.com/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/76717/)`
Update Malware analysis 27-08-19.md 2019-09-08 15:27:48 +00:00			`* [Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups](https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups-english/)`