Uncorking Old Wine: Zero-Day from 2017 + Loader in Unholy Alliance

May 1, 2024, 11:05 p.m.

Description

An analysis uncovered a suspected malicious campaign targeting entities in Ukraine. The attack employed an old vulnerability from 2017, CVE-2017-8570, as the initial entry vector. The operation utilized a customized loader to deliver the Cobalt Strike Beacon payload. While the specific threat actor behind this activity could not be conclusively determined, the campaign exhibited sophisticated techniques to evade detection and hinder analysis efforts.

Date

  • Created: April 29, 2024, 5:51 p.m.
  • Published: April 29, 2024, 5:51 p.m.
  • Modified: May 1, 2024, 11:05 p.m.

Indicators

  • b0b762106c22e44f7acaa3177baabd64ea28990d16672e1f902b53f49b2027c4
  • 976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
  • 0bc0e9410f4a9703ff0b5af7ec9383a1cc929572ade09fbd2c69ed2ae1486939
  • 109.107.178.241
  • weavesilk.space
  • petapixel.fun

Attack Patterns

Additional Informations

  • Ukraine