Magniber Active
Targets South Korean and Asian users. Distributed via malvertising.0
Total Victims
2017-10-01
First Seen
N/A
Last Seen
15
Known TTPs
11.4d
Avg Delay
0
Negotiations
ONION URLS
c3kjvech2jlhiobokx7yky7m4iprlmid3wo5rjham2wxkw3u4xxs74on.onion
2gasrab2vpehi6frkcnmwzn2xls774k7vufviqwi7lmjnotjbnkbj7eo.onion
TOOLS
Magnitude EK
PrintNightmare
FILE EXTENSIONS
.ihsdj
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1090 | Proxy | Command and Control |
| T1070.004 | File Deletion | Defense Evasion |
| T1218.011 | Rundll32 | Defense Evasion |
| T1087 | Account Discovery | Discovery |
| T1047 | Windows Management Instrumentation | Execution |
| T1053.005 | Scheduled Task | Execution |
| T1204.001 | Malicious Link | Execution |
| T1490 | Inhibit System Recovery | Impact |
| T1491.001 | Internal Defacement | Impact |
| T1529 | System Shutdown/Reboot | Impact |
| T1531 | Account Access Removal | Impact |
| T1566.002 | Spearphishing Link | Initial Access |
| T1021.004 | SSH | Lateral Movement |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1134 | Access Token Manipulation | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes