Page 127 - Cyber Defense eMagazine Annual RSA Edition for 2024

P. 127

List of IOCs

No. Indicator (SHA-256) Remarks

1 0fa64d5ad4c84011bef6e838d0f70121a3af53df5dbc3b5f5f0c16a8fb495244 Nikki
st
Stealer 1
Payload

2 01ae1b2996a35fb5a3eb40c33763058b01b892253458fb6c9a8b0efc6b98d0a0 JS file

3 7a32c14d724c8904511ccb4eca27cf62aaa31d85a05a0e443d28ad95d35b363c JS file

4 1792a2b01c8aa7d9f3e8e75553d49c5b70d513ec76fbb37f5438a084fbe11200 Nikki
Stealer
nd
2
Payload

MITRE ATT&CK TTPs

No. Tactics Technique

1 Execution (TA0002) T1047: Windows Management
Instrumentation

T1059: Command and Scripting Interpreter

2 Persistence (TA0003) T1547.001: Registry Run Keys / Startup
Folder

T1574.002: DLL Side-Loading

3 Privilege Escalation (TA0004) T1055: Process Injection

T1547.001: Registry Run Keys / Startup
Folder

127

122 123 124 125 126 127 128 129 130 131 132