(Kaspersky) This malware is 63kb in size. It is bound to a variety of other software packages that vary in name, but the host package is consistently detected as “Virus.Win32.Pioneer.dx”. It drops the igfxext.exe “selective infector” component to disk and runs it.
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
| IP:Port | Timestamp |
|---|
| Domain | Timestamp |
|---|
| URL | Timestamp |
|---|
Tool: Pioneer
Names: Pioneer, Virus.Win32.Pioneer.dx, igfxext.exe
Description: (Kaspersky) This malware is 63kb in size. It is bound to a variety of other software packages that vary in name, but the host package is consistently detected as “Virus.Win32.Pioneer.dx”. It drops the igfxext.exe “selective infector” component to disk and runs it.
Category: Malware
Type: Dropper
Information: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf
Information: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070901/darkhotelappendixindicators_kl.pdf
Last-card-change: 2020-04-20
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |