Skip to main content

Table 8 Error analysis

From: TriCTI: an actionable cyber threat intelligence discovery system via trigger-enhanced neural network





a. b14d8faf7f0cbcfad051cefe5f39645f - dispci.exe installs the bootlocker, communicates with the driver

Two kinds of label conflict: Installation and Command and Control

b. Via an associated C2 IP address, we found an equivalent page on the phishing domain

Two kinds of label conflict: Command and control and Delivery

Incorrect association of IOCs with the campaign stages

c. We observed the sample in the sandbox launched a DDoS attack against around 2017-04-23 21:45:00 is the IP address of the victim

d. A typical representative of this malware family is an obfuscated Java script using ADODB.Stream technology to download and run DLL, EXE and PDF files

ADODB.Stream is not a domain address