CyberThreatIntel/Additional Analysis/Neutrino/Analysis_2020-02-08.md

Neutrino physics 101

Table of Contents

• Malware analysis
  • The initial vector
  • Loader
• Threat Intelligence
• Cyber kill chain
• Indicators Of Compromise (IOC)
• Yara Rules
• References MITRE ATT&CK Matrix
• Links
  • Original Tweet
  • Link Anyrun
  • Ressources

Malware analysis

The initial vector

The initial vector is an RTF file who use a well-know vulnerability (CVE-2017-11882) for execute a js script (1.a) form the package of OLE objects.

Threat Intelligence

Cyber kill chain

The process graph resume cyber kill chains used by the attacker :

Indicators Of Compromise (IOC)

List of all the Indicators Of Compromise (IOC)

Indicator	Description

The IOC can be exported in JSON

References MITRE ATT&CK Matrix

Enterprise tactics	Technics used	Ref URL

This can be exported as JSON format

Yara Rules

YARA Rules are available here

Links

Original tweet:

• https://twitter.com/JAMESWT_MHT/status/1225796259845414912

Links Anyrun:

• impor.doc

Resources :

• URLhaus Neutrino
• VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format