51 lines
1.6 KiB
Markdown
51 lines
1.6 KiB
Markdown
|
# Analysis about campaign of unknown phishing group (29-09-2019)
|
||
|
## Table of Contents
|
||
|
* [Malware analysis](#Malware-analysis)
|
||
|
+ [Initial vector](#Initial-vector)
|
||
|
* [Cyber Threat Intel](#Cyber-Threat-Intel)
|
||
|
* [Indicators Of Compromise (IOC)](#IOC)
|
||
|
* [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK)
|
||
|
* [Links](#Links)
|
||
|
+ [Original Tweet](#Original-Tweet)
|
||
|
+ [Link Anyrun](#Links-Anyrun)
|
||
|
+ [Documents](#Documents)
|
||
|
|
||
|
## Malware analysis <a name="Malware-analysis"></a>
|
||
|
### Initial vector <a name="Initial-vector"></a>
|
||
|
###### The initial vector
|
||
|
![alt text](link "")
|
||
|
|
||
|
## Cyber kill chain <a name="Cyber-kill-chain"></a>
|
||
|
###### The process graph resume the cyber kill chain used by the attacker.
|
||
|
![alt text]()
|
||
|
## Cyber Threat Intel <a name="Cyber-Threat-Intel"></a>
|
||
|
## References MITRE ATT&CK Matrix <a name="Ref-MITRE-ATTACK"></a>
|
||
|
###### List of all the references with MITRE ATT&CK Matrix
|
||
|
|
||
|
|Enterprise tactics|Technics used|Ref URL|
|
||
|
| :---------------: |:-------------| :------------- |
|
||
|
||||
|
||
|
||||
|
||
|
||||
|
||
|
|
||
|
## Indicators Of Compromise (IOC) <a name="IOC"></a>
|
||
|
|
||
|
###### List of all the Indicators Of Compromise (IOC)
|
||
|
|
||
|
| Indicator | Description|
|
||
|
| ------------- |:-------------:|
|
||
|
|||
|
||
|
||Domain requested|
|
||
|
||IP requested|
|
||
|
||HTTP/HTTPS requests||
|
||
|
||IP C2|
|
||
|
||Domain C2|
|
||
|
###### This can be exported as JSON format [Export in JSON]()
|
||
|
|
||
|
## Links <a name="Links"></a>
|
||
|
###### Original tweet: [https://twitter.com/dvk01uk/status/1176483058058440705](https://twitter.com/dvk01uk/status/1176483058058440705) <a name="Original-Tweet"></a>
|
||
|
###### Links Anyrun: <a name="Links-Anyrun"></a>
|
||
|
* []()
|
||
|
###### Documents: <a name="Documents"></a>
|
||
|
* [link]()
|