Threat Advisory
Common Information
| Type | Value |
|---|---|
| UUID | 0b181c10-cd54-4f8a-8604-9dd1f04643e6 |
| Fingerprint | 2e1b3919651ba4ac964cebe0e43db1741f624fe4bde114f2aeb36c882b0751e3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 5, 2023, 5:20 p.m. |
| Added to db | Feb. 7, 2024, 7:26 p.m. |
| Last updated | Aug. 31, 2024, 2:37 a.m. |
| Headline | Threat Advisory |
| Title | Threat Advisory |
| Detected Hints/Tags/Attributes | 79/2/48 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | ocmtancmi2c5t.xyz |
|
| Details | Domain | 16 | zeltser.com |
|
| Details | Domain | 3 | bgobgogimrihehmxerreg.site |
|
| Details | Domain | 3 | buyerbrand.xyz |
|
| Details | Domain | 4 | costexcise.xyz |
|
| Details | Domain | 5 | doorblu.xyz |
|
| Details | Domain | 4 | gapi-node.io |
|
| Details | Domain | 3 | lazagrc3cnk.xyz |
|
| Details | Domain | 3 | omdowqind.site |
|
| Details | Domain | 3 | ooinonqnbdqnjdnqwqkdn.space |
|
| Details | Domain | 3 | weomfewnfnu.site |
|
| Details | Domain | 2 | winextrabonus.life |
|
| Details | Domain | 3 | gstatic-node.io |
|
| Details | Domain | 63 | www.rapid7.com |
|
| Details | Domain | 435 | www.hivepro.com |
|
| Details | File | 18 | chromesetup.exe |
|
| Details | File | 8 | vmwarehostopen.exe |
|
| Details | File | 48 | mshtml.dll |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | md5 | 1 | 1bcf03b31489b63436d4216249bbf246 |
|
| Details | md5 | 2 | e07aa33f0e6aec02240a232e71b7e741 |
|
| Details | md5 | 1 | e24bdc9074518cf8e0afd9f017855eee |
|
| Details | sha1 | 1 | 2106fc1e0f83df0f658934129a5a374948cc97a0 |
|
| Details | sha1 | 1 | afdf930278ae74d600d31463ba31ec2543ceb121 |
|
| Details | sha1 | 1 | e330e5b7f62ca55cb6e6c97406e0b56878806960 |
|
| Details | IPv4 | 2 | 94.228.169.55 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1059.006 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1189 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 93 | T1059.007 |
|
| Details | MITRE ATT&CK Techniques | 39 | T1218.007 |
|
| Details | MITRE ATT&CK Techniques | 121 | T1218 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1574.001 |
|
| Details | MITRE ATT&CK Techniques | 164 | T1574 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 239 | T1106 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 7 | T1055.013 |
|
| Details | MITRE ATT&CK Techniques | 57 | T1497.003 |
|
| Details | MITRE ATT&CK Techniques | 238 | T1497 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | Url | 3 | https://ocmtancmi2c5t.xyz/82z2fn2afo/b3/update.msi |
|
| Details | Url | 2 | https://zeltser.com/media/docs/malware-analysis-lab.pdf |
|
| Details | Url | 1 | https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute- |