Threat Intelligence Dossier on a Social Engineering Attack
Subject: Phishing Website
Method: Cyber Threat Hunting
CAPEC-98: Phishing
Attack Pattern ID: 98
https://capec.mitre.org/data/definitions/98.html
CAPEC-416: Manipulate Human Behavior
Attack Pattern ID: 416
Abstraction: Meta
https://capec.mitre.org/data/definitions/416.html
CAPEC-410: Information Elicitation
Attack Pattern ID: 410
Abstraction: Meta
https://capec.mitre.org/data/definitions/410.html
CAPEC-407: Pretexting
Attack Pattern ID: 407
Abstraction: Standard
https://capec.mitre.org/data/definitions/407.html
MITRE ATT&CK Techniques Detection:
This report has 2 indicators that were mapped to 4 attack techniques and 4 tactics.
ATT&CK ID: T1035
Tactics: Execution
Permissions Required: Administrator, SYSTEM
Description: Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager(...)
Source: https://attack.mitre.org/wiki/Technique/T1035
Informative Indicators:
Opened the service control manager
ATT&CK ID: T1179
Tactics: Credential Access, Persistence, Privilege Escalation
Permissions Required: Administrator, SYSTEM
Description: Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources(...)
Source: https://attack.mitre.org/wiki/Technique/T1179
Informative Indicators:
Installs hooks/patches the running process
Anti-Virus Results:
17% from a Multi Scan Analysis
Last Update: 11/27/2019
Flagged by Hybrid-Analysis as a Phishing Site
Sandbox Technology: Windows 7 32 bit
Size: 50B
Type: url
Mime: text/plain
Last Anti-Virus Scan:
11/27/2019 19:17:16 (UTC)
Last Sandbox Report:
11/27/2019 19:17:15 (UTC)
Threat Score: 100/100
+++-------------------------------------------------------+++
Proof of Concept:
https://www.virustotal.com/gui/url/a6663dcb*******fdaf5a*******e*******f87a3d91bd*******aed56fd9811/details
https://www.virustotal.com/gui/url/f37c44a087ba5ff905afec26e*******e7b1580cc7bef9e63c9230a5fbf0ddf9a4/detection
https://www.hybrid-analysis.com/sample/efe*******df58a22ee4e*******815ad7e2255cf0f1e6e523d*******dd48dc/5ddecbbbe*******f51e7712