Uncorking Old Wine: Zero-Day from 2017 + Loader in Unholy Alliance
May 1, 2024, 11:05 p.m.
Tags
External References
Description
An analysis uncovered a suspected malicious campaign targeting entities in Ukraine. The attack employed an old vulnerability from 2017, CVE-2017-8570, as the initial entry vector. The operation utilized a customized loader to deliver the Cobalt Strike Beacon payload. While the specific threat actor behind this activity could not be conclusively determined, the campaign exhibited sophisticated techniques to evade detection and hinder analysis efforts.
Date
Published: April 29, 2024, 5:51 p.m.
Created: April 29, 2024, 5:51 p.m.
Modified: May 1, 2024, 11:05 p.m.
Indicators
b0b762106c22e44f7acaa3177baabd64ea28990d16672e1f902b53f49b2027c4
976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
0bc0e9410f4a9703ff0b5af7ec9383a1cc929572ade09fbd2c69ed2ae1486939
109.107.178.241
weavesilk.space
petapixel.fun
Attack Patterns
Cobalt Strike Beacon
T1218.010
T1027.002
T1547.001
T1059.007
T1573
T1057
T1055
T1566
Additional Informations
Ukraine