“##rpulk. com : 443 - tcp : / / ljewfxhym. com : 443 - tcp : / / bibcxgoilxejw. com : 443 - tcp : / / itglxtgq. com : 443 - tcp : / / gpvuowahrsxwnytibuk. com : 443 - tcp : / / scessqgj. com : 443 - tcp : / / hyfhjonbmfxdy. com : 443 - tcp : / / gbvihdgfxccxlui. com : 443 - tcp : …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1095Non-Application Layer Protocol
97%
“/ cfvvhpilqri. com : 443 - tcp : / / mhkchwobtbl. com : 443 - tcp : / / xkpegnrn. com : 443 - tcp : / / silrvrscpsa. com : 443 - tcp : / / kyfnccxlmofqce. com : 443 - tcp : / / yntwugycoqqchtuf. com : 443 - tcp : / / tpefhdehxevwc. com : 443 - tcp : / / tbaieqlxhwdlxp. com : 443 …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
94%
“modules, configurations, and commands. svchost. exe — hosts modules. dll is dedicated for loading other modules and command execution. figure 4 : processes into which ramnit injects its modules figure 4 : processes into which ramnit injects its modules for more information on ram…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
91%
“information once ramnit has infected the user, it still needs to create a scenario in which it can request information from that unsuspecting user. ramnit authors rely on crafty social engineering to do this and injected content to a bank login page in three different stages : ra…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.003Windows Command Shell
66%
“##e run a batch file from the temp folder from any given user name. this batch file is immediately removed after infection. this is the sdb file content in question and the inner command : iscsicli. * % temp % \.. \.. \ locallow \ cmd. % username %. bat figure 2 : ramnit sdb file…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.