“Marko Polo” Navigates Uncharted Waters With Infostealer Empire
Common Information
| Type | Value |
|---|---|
| UUID | 1540985b-d6d0-4a82-b364-cdd47a610d4c |
| Fingerprint | 42f361329de369a067d91df42f3e2f258b24e5bdd3856a64a078b7e13dc98295 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 16, 2024, 2:32 p.m. |
| Added to db | Sept. 18, 2024, 4:12 p.m. |
| Last updated | Sept. 18, 2024, 4:16 p.m. |
| Headline | “Marko Polo” Navigates Uncharted Waters With Infostealer Empire |
| Title | “Marko Polo” Navigates Uncharted Waters With Infostealer Empire |
| Detected Hints/Tags/Attributes | 140/4/211 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2024-0917.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS216319 |
|
| Details | Autonomous System Number | 8 | AS210644 |
|
| Details | Autonomous System Number | 15 | AS13335 |
|
| Details | Autonomous System Number | 8 | AS197695 |
|
| Details | Autonomous System Number | 2 | AS399486 |
|
| Details | Autonomous System Number | 7 | AS47583 |
|
| Details | Autonomous System Number | 1 | AS46475 |
|
| Details | Autonomous System Number | 4 | AS210352 |
|
| Details | Autonomous System Number | 1 | AS216309 |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 3 | partyworld.io |
|
| Details | Domain | 40 | dropbox.com |
|
| Details | Domain | 3 | ask-ashika.com |
|
| Details | Domain | 3 | punitrai.com |
|
| Details | Domain | 4 | rafaelsuarezlopez.com |
|
| Details | Domain | 3 | partyroyale.io |
|
| Details | Domain | 4 | betbhaibetting.com |
|
| Details | Domain | 3 | wealthgenixs.com |
|
| Details | Domain | 3 | vorion.io |
|
| Details | Domain | 1 | hoskinmetrologie.com |
|
| Details | Domain | 3 | vixcall.app |
|
| Details | Domain | 3 | plumbonwater.com |
|
| Details | Domain | 4 | vortax.io |
|
| Details | Domain | 4 | vortax.app |
|
| Details | Domain | 3 | vortax.org |
|
| Details | Domain | 4 | vortax.space |
|
| Details | Domain | 3 | pdfunity.com |
|
| Details | Domain | 3 | vdeck.io |
|
| Details | Domain | 3 | vdeck.app |
|
| Details | Domain | 3 | showpiecekennelmating.com |
|
| Details | Domain | 3 | abstractfit.com |
|
| Details | Domain | 3 | nizaj.com |
|
| Details | Domain | 2 | mudabirmunib.com |
|
| Details | Domain | 3 | egypt-pyramids.com |
|
| Details | Domain | 3 | chat2voice.com |
|
| Details | Domain | 2 | allworxusergroup.com |
|
| Details | Domain | 4 | weworkhappy.com |
|
| Details | Domain | 3 | vmaxiscall.app |
|
| Details | Domain | 3 | vmaxismeeting.app |
|
| Details | Domain | 3 | vmaxis.io |
|
| Details | Domain | 3 | vmsphere.app |
|
| Details | Domain | 3 | vmmeethub.app |
|
| Details | Domain | 3 | up-connect.life |
|
| Details | Domain | 3 | up-connect.world |
|
| Details | Domain | 3 | up-connect.pro |
|
| Details | Domain | 3 | goheard.digital |
|
| Details | Domain | 3 | go-heard.life |
|
| Details | Domain | 3 | go-heard.pro |
|
| Details | Domain | 3 | go-heard.world |
|
| Details | Domain | 3 | goheard.xyz |
|
| Details | Domain | 3 | go-heard.eu |
|
| Details | Domain | 3 | goheard.us |
|
| Details | Domain | 3 | goheard.io |
|
| Details | Domain | 3 | goheard.app |
|
| Details | Domain | 5 | yous.ai |
|
| Details | Domain | 3 | woospeech.top |
|
| Details | Domain | 3 | voicocall.com |
|
| Details | Domain | 5 | voico.io |
|
| Details | Domain | 3 | voico.site |
|
| Details | Domain | 3 | voico.app |
|
| Details | Domain | 3 | vicall.org |
|
| Details | Domain | 3 | vicall.app |
|
| Details | Domain | 3 | callzy.io |
|
| Details | Domain | 3 | cancelspacecoastdaily.com |
|
| Details | Domain | 3 | adsotic.com |
|
| Details | Domain | 3 | nightverse.game |
|
| Details | Domain | 2 | an4nt.com |
|
| Details | Domain | 2 | metacosmoi.com |
|
| Details | Domain | 4 | faruvinnovations.com |
|
| Details | Domain | 3 | gamepilot.ai |
|
| Details | Domain | 1 | sending.me |
|
| Details | Domain | 6 | nortexapp.xyz |
|
| Details | Domain | 3 | allieat.com |
|
| Details | Domain | 4 | assetsreserve.com |
|
| Details | Domain | 6 | nortex.uk |
|
| Details | Domain | 6 | nort-ex.lol |
|
| Details | Domain | 6 | nort-ex.eu |
|
| Details | Domain | 6 | nort-ex.world |
|
| Details | Domain | 6 | nortex.blog |
|
| Details | Domain | 6 | nor-tex.pro |
|
| Details | Domain | 6 | nortex.life |
|
| Details | Domain | 6 | nortex-app.pro |
|
| Details | Domain | 6 | nor-tex.xyz |
|
| Details | Domain | 3 | nortex.chat |
|
| Details | Domain | 6 | lastnuggets.com |
|
| Details | Domain | 74 | discord.gg |
|
| Details | Domain | 4 | twitch.com |
|
| Details | Domain | 5 | runeonlineworld.io |
|
| Details | Domain | 1 | drivelandblather.com |
|
| Details | Domain | 1 | affine.pro |
|
| Details | Domain | 4 | wasper.app |
|
| Details | Domain | 3 | engineeredbasementsolutions.com |
|
| Details | Domain | 3 | room.icu |
|
| Details | Domain | 3 | spectra.land |
|
| Details | Domain | 3 | columbuskitchenpros.com |
|
| Details | Domain | 2 | everworldstory.com |
|
| Details | Domain | 3 | institutoangelabatista.com |
|
| Details | Domain | 3 | peerme.io |
|
| Details | Domain | 5 | tidyme.io |
|
| Details | Domain | 3 | myfirstlovemusicfestival.com |
|
| Details | Domain | 3 | blocksofnews.com |
|
| Details | Domain | 3 | amigosdepomapata.com |
|
| Details | Domain | 3 | adelargentina.com |
|
| Details | Domain | 3 | virginturf.com |
|
| Details | Domain | 4 | novatercaagilidade.com |
|
| Details | Domain | 3 | biketrailtreasures.com |
|
| Details | Domain | 3 | primejobpk.com |
|
| Details | Domain | 3 | mcxncdextips.com |
|
| Details | Domain | 3 | concreteadvantagefl.com |
|
| Details | Domain | 3 | savvysellerstudio.com |
|
| Details | Domain | 3 | pasture2tablefarm.com |
|
| Details | Domain | 2 | thanphongspring.com |
|
| Details | Domain | 3 | elonmuskhouse.com |
|
| Details | Domain | 3 | leed-consultants.com |
|
| Details | Domain | 3 | hiranika.com |
|
| Details | Domain | 3 | dixonpumpsonline.com |
|
| Details | Domain | 2 | asdas1252qwdqwsd215612.com |
|
| Details | Domain | 3 | topplayerpokermoneysang.com |
|
| Details | Domain | 3 | bestwaytoearnmoneyonline.com |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | File | 2 | partyworld.exe |
|
| Details | File | 1 | partysetup.dmg |
|
| Details | File | 1 | partylauncher.dmg |
|
| Details | File | 1 | vorionlauncher.dmg |
|
| Details | File | 2 | vortaxsetup.dmg |
|
| Details | File | 1 | vdeck-setup.exe |
|
| Details | File | 1 | vdeck.dmg |
|
| Details | File | 1 | vdeckinstall.dmg |
|
| Details | File | 1 | vdecksetup.dmg |
|
| Details | File | 1 | voicosetup.dmg |
|
| Details | File | 1 | callzyinstaller.dmg |
|
| Details | File | 1 | nightversesetup.dmg |
|
| Details | File | 1 | nightverselauncher.dmg |
|
| Details | File | 1 | nortex.exe |
|
| Details | File | 2 | nortexapp.dmg |
|
| Details | File | 4 | runeonlineworld.exe |
|
| Details | File | 1 | runeinstaller.dmg |
|
| Details | File | 1 | wasper.exe |
|
| Details | File | 1 | wasperlauncher.dmg |
|
| Details | File | 1 | room.dmg |
|
| Details | File | 1 | spectrasetup.dmg |
|
| Details | File | 1 | tidyme.dmg |
|
| Details | File | 1 | zoominstallerfull.dmg |
|
| Details | File | 1 | zoom.dmg |
|
| Details | File | 2 | zoominstall.dmg |
|
| Details | File | 2 | zoomsetup.dmg |
|
| Details | File | 1 | zoominstaller.dmg |
|
| Details | File | 8 | setup.dmg |
|
| Details | File | 6 | installer.dmg |
|
| Details | File | 3 | launcher.dmg |
|
| Details | sha256 | 3 | 5528e226b747abad7e843e6d7f92f48dda13f626a766285b2e889bd8fc746b12 |
|
| Details | sha256 | 3 | 0b4f5327c6c89f8aa2d642fc7a1955bc90ffcd8b41f21974517b7f58c3ed7323 |
|
| Details | sha256 | 3 | 35be11ddfa4f1d776f0b6b814a325f50189100222fe04436a50563c89c2a02bd |
|
| Details | sha256 | 3 | 66085c5ac7b06960e90d4babc1a3e92fb57eaf557f61cc605865950039398a59 |
|
| Details | sha256 | 3 | 374fe0a3bd4b4dc99e1e07976fc0171c28a86f34d6810bc77e69bc58ccd764c7 |
|
| Details | sha256 | 3 | cbfb45a16512c901cdfa9eff356bd7f139edc0c51133733ba80a7c0d9d1a2a61 |
|
| Details | sha256 | 3 | 77ee7274f0a8208fccefb0138258421113554281bdf21e4d9f25fe6b11856dc4 |
|
| Details | sha256 | 3 | 9a7a070029bb51daf70514402e9f6aeed4acd46a18c13478ddd3fa242a9f8a95 |
|
| Details | sha256 | 3 | fa634cee8d9b6d25081c943ca1c9156f846b7915ce2cba4f01329cc411e6e081 |
|
| Details | sha256 | 3 | 61db02e38f376e6639130ed344498b7ad190006e9e7eea46a98f83001bb419dd |
|
| Details | sha256 | 3 | 609129a9188ca3d16832594d44d746d7434e67a99c6dd20c1785aface9ed117d |
|
| Details | sha256 | 3 | c0a1c698a5d84366a7f2b64751ee0a69f5e4887e0a0bc62841fae6d9f33417aa |
|
| Details | sha256 | 3 | d9f006c0b4cd266e641424865631091a125b4c95ae53b8341af1d9988de94383 |
|
| Details | sha256 | 3 | c7fa247cd265cbaf766be6a041fc18ecf6380ee41196ad3b7d36bc61c1130118 |
|
| Details | sha256 | 3 | 16c1c1b15f8473f1babbbcae1124c7481e9a4e25331beeae5611dc4f153e7b4b |
|
| Details | sha256 | 3 | c6c76d3dad043e0d516d446ca438727ddec6bd978f77eea768d6eaeb216a84d1 |
|
| Details | sha256 | 4 | 856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c |
|
| Details | sha256 | 3 | cf8f04c3f1be5a27acbcaf08a2f0461ee48d2b4d48ddaca87904cb7c9831ab51 |
|
| Details | sha256 | 3 | d17cb6113ccf97b7bc0d02da26afa766bea2e5067e745fab574b0b5b78880065 |
|
| Details | sha256 | 3 | 2f32a84122f86e686f93debcf02b635b0339c6d0b085e02419dff1eaa5724ec0 |
|
| Details | sha256 | 3 | 56adf4dfb61292ceef302e1988ac2ba4551109186ad1c9f3ce87d11914157b0c |
|
| Details | sha256 | 3 | 00a0cb5fb4053ba9a04920ca023aae50859af4bd15fd31286ebca6d0d97f3852 |
|
| Details | sha256 | 3 | 724d7e92e789640991c1066399cdd96f9ddfb7a59d42fd9d8d7e2bf48d39bc2d |
|
| Details | sha256 | 4 | bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d |
|
| Details | sha256 | 3 | 9099108338539e613d8fce7067b9e69d9cf09d1082bbedc0718c9f6d77e46288 |
|
| Details | sha256 | 3 | f7dcc0c21c78db4698e03bf787c4d9329c4ec9fca1c546903a3af34d9c05d449 |
|
| Details | sha256 | 3 | 6798c877acdbcc2feec0f43fda970bc0428d8a9a7394e72325ae8cbd5e150602 |
|
| Details | sha256 | 3 | 5068e7c3a1822f2f66bc99a8b20d86d66a72a828c9d01214a076a415826667ce |
|
| Details | sha256 | 3 | 66f085adee21f3c30ad6d7b8273a4ccac395b958536f7daf3a1772e768ee70cc |
|
| Details | sha256 | 3 | 0b5b9d6be11c9a806763741d52d0e186e6f0e9e54d124fa2fa0374d2465599f5 |
|
| Details | sha256 | 3 | 257476099858ef9d284a0cf5be8e442ec59d30f4453b3807c8e5fcf091b07f6d |
|
| Details | sha256 | 3 | de78d04f0c049d53a40c4af5589a18aee85bd6a40fce7ad6114e421921ebfb93 |
|
| Details | sha256 | 3 | 222e01ce240bf795a31775bfbd74806dd904af514935308cc89188aa1c05b621 |
|
| Details | sha256 | 3 | 9c2c9dd2cd873c8999c3631aac8a34f32f1efed54dd31fe47527d842185ff92d |
|
| Details | sha256 | 3 | 35b9d0b528f576048ea10c9087010b4df0b5d05a9c8af8a3b88e1b88b607f08f |
|
| Details | sha256 | 3 | 1c8705af8ea8598cf5d0b7af572d7e50540bfc146fa1c2ea0859ac554d088b0b |
|
| Details | sha256 | 3 | 87806649eaabc3da46a8ef6a983d561f8716d24dee9406bf2cd68b914c6a06a3 |
|
| Details | IPv4 | 5 | 194.116.217.148 |
|
| Details | IPv4 | 3 | 147.45.43.136 |
|
| Details | IPv4 | 2 | 77.91.77.175 |
|
| Details | IPv4 | 2 | 147.45.43.197 |
|
| Details | IPv4 | 2 | 79.137.202.22 |
|
| Details | IPv4 | 3 | 79.137.197.159 |
|
| Details | IPv4 | 3 | 193.233.132.137 |
|
| Details | IPv4 | 2 | 45.156.27.45 |
|
| Details | IPv4 | 2 | 109.120.176.156 |
|
| Details | IPv4 | 3 | 77.221.151.54 |
|
| Details | IPv4 | 2 | 188.130.207.115 |
|
| Details | IPv4 | 2 | 194.120.116.197 |
|
| Details | IPv4 | 2 | 45.156.27.196 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1189 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 534 | T1005 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 102 | T1020 |