# Malware analysis about sample of APT Patchwork ## Table of Contents * [Malware analysis](#Malware-analysis) + [Initial vector](#Initial-vector) * [Cyber Threat Intel](#Cyber-Threat-Intel) * [Indicators Of Compromise (IOC)](#IOC) * [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK) * [Links](#Links) + [Original Tweet](#Original-Tweet) + [Link Anyrun](#Links-Anyrun) + [Documents](#Documents) ## Malware analysis ### Initial vector ###### The initial vector ![alt text](link "") ## Cyber kill chain ###### The process graph resume the cyber kill chain used by the attacker. ![alt text]() ## Cyber Threat Intel ## References MITRE ATT&CK Matrix ###### List of all the references with MITRE ATT&CK Matrix |Enterprise tactics|Technics used|Ref URL| | :---------------: |:-------------| :------------- | |||| |||| |||| ## Indicators Of Compromise (IOC) ###### List of all the Indicators Of Compromise (IOC) | Indicator | Description| | ------------- |:-------------:| ||| ||Domain requested| ||IP requested| ||HTTP/HTTPS requests|| ||IP C2| ||Domain C2| ###### This can be exported as JSON format [Export in JSON]() ## Links ###### Original tweet: [https://twitter.com/_jsoo_/status/1166353584923041798](https://twitter.com/_jsoo_/status/1166353584923041798) ###### Links Anyrun: * [Azerbaijan delegation to pakistan.inp](https://app.any.run/tasks/9a133077-a806-4e11-9e4a-711b8764b153/) ###### Documents: * [Recent InPage Exploits Lead to Multiple Malware Families](https://unit42.paloaltonetworks.com/unit42-recent-inpage-exploits-lead-multiple-malware-families/) * [InPage zero-day exploit used to attack financial institutions in Asia](https://securelist.com/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/76717/) * [Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups](https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups-english/)