Uncorking Old Wine: Zero-Day from 2017 + Loader in Unholy Alliance

May 1, 2024, 11:05 p.m.

Description

An analysis uncovered a suspected malicious campaign targeting entities in Ukraine. The attack employed an old vulnerability from 2017, CVE-2017-8570, as the initial entry vector. The operation utilized a customized loader to deliver the Cobalt Strike Beacon payload. While the specific threat actor behind this activity could not be conclusively determined, the campaign exhibited sophisticated techniques to evade detection and hinder analysis efforts.

External References

https://www.deepinstinct.com/blog/uncorking-old-wine-zero-day-cobalt-strike-loader
https://otx.alienvault.com/pulse/662fde22f452655672ad8aae
Tags
apt
cobalt strike
ukraine
malicious document
cobalt strike beacon
zero-day
CVE-2017-8570

Date

  • Created: April 29, 2024, 5:51 p.m.
  • Published: April 29, 2024, 5:51 p.m.
  • Modified: May 1, 2024, 11:05 p.m.

Indicators

  • b0b762106c22e44f7acaa3177baabd64ea28990d16672e1f902b53f49b2027c4
  • 976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
  • 0bc0e9410f4a9703ff0b5af7ec9383a1cc929572ade09fbd2c69ed2ae1486939
  • 109.107.178.241
  • weavesilk.space
  • petapixel.fun
Download all indicators here!

Attack Patterns

  • Cobalt Strike Beacon

Additional Informations

  • Ukraine