General

  • Target

    http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f

  • Sample

    240611-hhqagaxhlb

Malware Config

Targets

    • Target

      http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__&macros=a_b_c_d_e_f

    Score
    8/10
    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

    • Gatekeeper Bypass

      Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

MITRE ATT&CK Enterprise v15

Tasks