Silence: Moving into the darkside
Common Information
| Type | Value |
|---|---|
| UUID | 7f4086c9-227c-421b-ab80-9763baa4b6f3 |
| Fingerprint | 4ec7fa7e980c2f9892acfbe3c9eec6964e64153770a59dc14f32625c017ccdf7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 20, 2019, 9:15 p.m. |
| Added to db | Oct. 15, 2024, 4:37 p.m. |
| Last updated | Oct. 15, 2024, 4:43 p.m. |
| Headline | Silence: Moving into the darkside |
| Title | Silence: Moving into the darkside |
| Detected Hints/Tags/Attributes | 109/3/326 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | 2 | cjlove143@ymail.com |
||
| Details | 2 | iambrunk@sbcglobal.net |
||
| Details | 2 | pakovelli@mail.com |
||
| Details | 2 | payonline@fbank.org |
||
| Details | 2 | prokopenkovg@bankci.ru |
||
| Details | 2 | revamped702@att.net |
||
| Details | 2 | sleof@fpbank.ru |
||
| Details | 2 | svetlana@fcbank.ru |
||
| Details | 2 | touqirkhan@mail.com |
||
| Details | 2 | yu_chernyshova@mail.com |
||
| Details | 8 | info@group-ib.ru |
||
| Details | File | 2 | netsrvc32.exe |
|
| Details | File | 2 | apcs.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 3 | fwmain32.exe |
|
| Details | File | 4 | bot.pl |
|
| Details | File | 2 | thread-93.html |
|
| Details | File | 2 | ircabuse.pl |
|
| Details | File | 2 | ira.pub |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 4 | winexesvc.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 17 | termsrv.dll |
|
| Details | File | 2 | c:\windows\winexesvc.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 3 | mss.exe |
|
| Details | File | 2 | malicious.doc |
|
| Details | File | 2 | malicious.chm |
|
| Details | File | 4 | malicious.js |
|
| Details | File | 2 | счету.docx |
|
| Details | File | 2 | m32.exe |
|
| Details | File | 27 | procdump.exe |
|
| Details | File | 9 | lssas.exe |
|
| Details | File | 14 | sdelete.exe |
|
| Details | File | 1 | договор.docx |
|
| Details | File | 5 | image1.ep |
|
| Details | File | 4 | joiner.dll |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 4 | договор.doc |
|
| Details | File | 2 | i.vbs |
|
| Details | File | 2 | rpc32.exe |
|
| Details | File | 1 | мерения.chm |
|
| Details | File | 1 | намерения.chm |
|
| Details | File | 4 | start.htm |
|
| Details | File | 7 | security.exe |
|
| Details | File | 54 | file.exe |
|
| Details | File | 2 | pripr.exe |
|
| Details | File | 17 | script.php |
|
| Details | File | 2 | c:\programdata\microsoftsupdte.exe |
|
| Details | File | 2 | checkinfo.php |
|
| Details | File | 1 | c:\programdata\intel security.exe |
|
| Details | File | 103 | test.txt |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 3 | usdeclar.txt |
|
| Details | File | 22 | text.txt |
|
| Details | File | 2 | microsoftupdte.exe |
|
| Details | File | 2 | dwenole.exe |
|
| Details | File | 2 | srv_cons.exe |
|
| Details | File | 1206 | index.php |
|
| Details | File | 11 | f.exe |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 2 | smmsrv.exe |
|
| Details | File | 2 | mss.txt |
|
| Details | File | 3 | out.dat |
|
| Details | File | 2 | samsung.exe |
|
| Details | File | 2 | sok83.exe |
|
| Details | File | 2 | firefoxportebles.exe |
|
| Details | File | 26 | app.exe |
|
| Details | File | 2 | sapp.exe |
|
| Details | File | 2 | sockstest.exe |
|
| Details | File | 2 | sockstest.settings |
|
| Details | File | 2 | c:\intel\slog.log |
|
| Details | File | 3 | app3.exe |
|
| Details | File | 2 | app4.exe |
|
| Details | File | 2 | app11.exe |
|
| Details | File | 2 | j133295_18107_a4.exe |
|
| Details | File | 2 | sop.exe |
|
| Details | File | 13 | msxfs.dll |
|
| Details | File | 2 | tkxv.dll |
|
| Details | File | 2 | c:\intel\lib_m_rmj.dll |
|
| Details | File | 2 | lux.dll |
|
| Details | File | 2 | fuckacp.exe |
|
| Details | File | 4 | injector.exe |
|
| Details | File | 2 | lib_hpbsi.dll |
|
| Details | File | 2 | li.dll |
|
| Details | File | 2 | lib_hkuel.dll |
|
| Details | File | 2 | lib_xqkrn.dll |
|
| Details | File | 2 | c:\intel\___log.txt |
|
| Details | File | 5 | atmapp.exe |
|
| Details | File | 2 | farse.log |
|
| Details | File | 8 | cleaner.exe |
|
| Details | File | 2 | c:\windows\system32\rserver30\radm_log.htm |
|
| Details | File | 1 | radm_log.htm |
|
| Details | File | 2 | obdp952.tmp |
|
| Details | md5 | 2 | 081ee959cbe6bc7dde7a6d13168e4fb4 |
|
| Details | md5 | 1 | eea57047413bd7ae6b58e3a3fc492109 |
|
| Details | md5 | 1 | 2920949fd2fd189144ce71d0fa44239d |
|
| Details | md5 | 2 | 5b4417521c71cc89cd3b2fe94ab395b2 |
|
| Details | md5 | 2 | c6c84da4f27103db4ff593f4d4f45d95 |
|
| Details | md5 | 2 | b4313151019b2091cbd27c8810e5c7c5 |
|
| Details | md5 | 2 | ef0fb10c602e3ee81e3677c83a44b409 |
|
| Details | md5 | 2 | a58a830dce460e91217328bdefb25cbe |
|
| Details | md5 | 2 | a1e210598820cbb08e269b2dfd96e741 |
|
| Details | md5 | 3 | 404d69c8b74d375522b9afe90072a1f4 |
|
| Details | md5 | 2 | b09b8be361cd0e30a70cc4603a31d1ee |
|
| Details | md5 | 2 | 3345dde0c827dcbda993f7216a8d7c12 |
|
| Details | md5 | 2 | 43eda1810677afe6791dd7a33eb3d83c |
|
| Details | md5 | 2 | 7d3614df9409da3933637f09587af28c |
|
| Details | md5 | 2 | 7d8af1f6cf7d08c0c39e03033585d404 |
|
| Details | md5 | 2 | 9b037ead562c789620a167af85d32f72 |
|
| Details | md5 | 2 | 97599e2edc7e7025d5c2a7d7a81dac47 |
|
| Details | md5 | 2 | 9628d7ce2dd26c188e04378d10fb8ef3 |
|
| Details | md5 | 2 | 0074d8c3183e2b62b85a2b9f71d4ccd8 |
|
| Details | md5 | 2 | 440b21958ad0e51795796d3c1a72f7b3 |
|
| Details | md5 | 2 | b7f97100748857eb75a6558e608b55df |
|
| Details | md5 | 2 | f1954b7034582da44d3f6a160f0a9322 |
|
| Details | md5 | 3 | cfffc5a0e5bdc87ab11b75ec8a6715a4 |
|
| Details | md5 | 2 | c4f18d40b17e506f42f72b8ff111a614 |
|
| Details | md5 | 2 | b43f65492f2f374c86998bd8ed39bfdd |
|
| Details | md5 | 2 | a3de4a1e5b66d96183ad42800d6be862 |
|
| Details | md5 | 2 | d7491ed06a7f19a2983774fd50d65fb2 |
|
| Details | md5 | 2 | 121c7a3f139b1cc3d0bf62d951bbe5cb |
|
| Details | md5 | 2 | dc4ac53350cc4b30839db19d8d6f3b5f |
|
| Details | md5 | 2 | a6cb04fad56f1fe5b8f60fabf2f64005 |
|
| Details | md5 | 2 | a6771cafd7114df25ac0ef2688722fdf |
|
| Details | md5 | 2 | 88cb1babb591381054001a7a588f7a28 |
|
| Details | md5 | 3 | 50565c4b80f41d2e7eb989cd24082aab |
|
| Details | md5 | 3 | 8191dae4bdeda349bda38fd5791cb66f |
|
| Details | md5 | 2 | 4107f2756edb33af1f79b1dce3d2fd77 |
|
| Details | md5 | 2 | 6743f474e3a6a02bc1ccc5373e5ebbfa |
|
| Details | md5 | 2 | 14863087695d0f4b40f480fd18d061a4 |
|
| Details | md5 | 2 | f69c35969745ae1b60403868e085062e |
|
| Details | md5 | 2 | 86EA1F46DF745A30577F02FC24E266FF |
|
| Details | md5 | 2 | B3ABB10CC8F4CBB454992B95064A9006 |
|
| Details | md5 | 2 | 1EE9F88CC7867E021A818DFF012BDF9E |
|
| Details | md5 | 2 | 79e61313febe5c67d168cfc3c88cd743 |
|
| Details | md5 | 2 | c49e6854c79043b624d07da20dd4c7ad |
|
| Details | md5 | 2 | 86ea1f46df745a30577f02fc24e266ff |
|
| Details | md5 | 2 | c8d0ccd2e58c1c467ee8b138c8a15eec |
|
| Details | md5 | 2 | d81ae5e0680d09c118a1705762b0bfce |
|
| Details | md5 | 2 | ddb276dbfbce7a9e19feecc2c453733d |
|
| Details | md5 | 2 | 40228a3ea22e61a0f53644881cd59281 |
|
| Details | md5 | 2 | 8A9D278B473B6C5625D57739714702FC |
|
| Details | md5 | 2 | cefd39402d7f91d8cf5f1cd6ecbf0681 |
|
| Details | md5 | 2 | 1ee9f88cc7867e021a818dff012bdf9e |
|
| Details | md5 | 2 | b3abb10cc8f4cbb454992b95064a9006 |
|
| Details | md5 | 2 | 874e94cb3f076a21d3fb9da6eb541bab |
|
| Details | md5 | 2 | 9b9757975d33c9c01b2d3de95d737202 |
|
| Details | md5 | 3 | 00b470090cc3cdb30128c9460d9441f8 |
|
| Details | md5 | 3 | 104913aa3bd6d06677c622dfd45b6c6d |
|
| Details | md5 | 3 | 3be61ecba597022dc2dbec4efeb57608 |
|
| Details | md5 | 3 | 4c1bc95dd648d9b4d1363da2bad0e172 |
|
| Details | md5 | 3 | 57f51443a8d6b8882b0c6afbd368e40e |
|
| Details | md5 | 3 | 5df8067a6fcb6c45c3b5c14adb944806 |
|
| Details | md5 | 3 | 68e190efe7a5c6f1b88f866fc1dc5b88 |
|
| Details | md5 | 2 | 98c5c33f5c0bd07ac3e24935edab202a |
|
| Details | md5 | 3 | 9c7e70f0369215004403b1b289111099 |
|
| Details | md5 | 3 | c43f1716d6dbb243f0b8cd92944a04bd |
|
| Details | md5 | 3 | cfc0b41a7cde01333f10d48e9997d293 |
|
| Details | md5 | 3 | ed74331131da5ac4e8b8a1c818373031 |
|
| Details | md5 | 2 | c3a70d2bf53f2eb6d05cafbb5e640855 |
|
| Details | md5 | 2 | d565500ebee6109edba0be7dea86bf72 |
|
| Details | md5 | 2 | ee650c800d2eedd471ed59aa9435e55f |
|
| Details | md5 | 2 | aa9c31883b3d8e493efad2f983908be3 |
|
| Details | md5 | 2 | 9596e59ea38350bc181ce56ffa7d6453 |
|
| Details | md5 | 2 | 15d097a50718f2e7251433ea65401588 |
|
| Details | md5 | 2 | 7b6345708e8d40254ab6fed6d124cc6d |
|
| Details | md5 | 2 | 2ad83e13b2a36b398a8632ef6ce5aa07 |
|
| Details | md5 | 2 | dfddcbcc3b15034ae733c858cb4e587b |
|
| Details | md5 | 2 | dd74fcfa1a985beeb972022e3a722589 |
|
| Details | md5 | 2 | 8a9d278b473b6c5625d57739714702fc |
|
| Details | md5 | 3 | 242b471bae5ef9b4de8019781e553b85 |
|
| Details | md5 | 2 | 1648437368e662fbe4805a1f95aa9fd0 |
|
| Details | md5 | 3 | dde658eb388512ee9f4f31f0f027a7df |
|
| Details | IPv4 | 2 | 46.183.221.89 |
|
| Details | IPv4 | 2 | 92.222.68.32 |
|
| Details | IPv4 | 2 | 91.207.7.79 |
|
| Details | IPv4 | 2 | 91.207.7.97 |
|
| Details | IPv4 | 2 | 5.200.55.198 |
|
| Details | IPv4 | 2 | 185.7.30.137 |
|
| Details | IPv4 | 2 | 109.234.34.35 |
|
| Details | IPv4 | 2 | 193.0.178.12 |
|
| Details | IPv4 | 3 | 31.31.204.161 |
|
| Details | IPv4 | 2 | 185.100.67.129 |
|
| Details | IPv4 | 2 | 46.30.43.83 |
|
| Details | IPv4 | 2 | 5.200.56.161 |
|
| Details | IPv4 | 2 | 77.246.145.86 |
|
| Details | IPv4 | 2 | 77.246.145.82 |
|
| Details | IPv4 | 1 | 85.158.154.147 |
|
| Details | IPv4 | 2 | 185.158.154.17 |
|
| Details | IPv4 | 2 | 185.154.53.132 |
|
| Details | IPv4 | 2 | 158.255.0.35 |
|
| Details | IPv4 | 2 | 95.142.39.5 |
|
| Details | IPv4 | 2 | 95.142.39.6 |
|
| Details | IPv4 | 2 | 185.180.231.63 |
|
| Details | IPv4 | 2 | 195.161.41.2 |
|
| Details | IPv4 | 2 | 81.177.135.99 |
|
| Details | IPv4 | 2 | 81.177.140.58 |
|
| Details | IPv4 | 2 | 81.177.6.226 |
|
| Details | IPv4 | 2 | 185.235.130.69 |
|
| Details | IPv4 | 2 | 217.28.213.250 |
|
| Details | IPv4 | 2 | 217.28.213.162 |
|
| Details | IPv4 | 2 | 217.29.57.176 |
|
| Details | IPv4 | 2 | 193.169.245.89 |
|
| Details | IPv4 | 2 | 139.99.156.100 |
|
| Details | IPv4 | 4 | 158.69.218.119 |
|
| Details | IPv4 | 2 | 91.207.7.86 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 2 | 185.29.9.45 |
|
| Details | IPv4 | 2 | 192.168.19.171 |
|
| Details | IPv4 | 2 | 185.29.10.117 |
|
| Details | IPv4 | 2 | 185.161.208.61 |
|
| Details | IPv4 | 2 | 91.134.146.175 |
|
| Details | IPv4 | 2 | 87.98.227.83 |
|
| Details | IPv4 | 2 | 5.39.30.110 |
|
| Details | IPv4 | 2 | 46.183.221.37 |
|
| Details | IPv4 | 2 | 54.36.191.97 |
|
| Details | IPv4 | 2 | 185.20.184.29 |
|
| Details | IPv4 | 4 | 137.74.224.142 |
|
| Details | IPv4 | 2 | 149.56.131.140 |
|
| Details | IPv4 | 2 | 5.188.231.89 |
|
| Details | IPv4 | 2 | 5.154.191.105 |
|
| Details | IPv4 | 3 | 144.217.14.173 |
|
| Details | IPv4 | 3 | 144.217.162.168 |
|
| Details | IPv4 | 2 | 164.132.228.29 |
|
| Details | IPv4 | 2 | 185.29.11.126 |
|
| Details | IPv4 | 2 | 51.255.200.161 |
|
| Details | IPv4 | 4 | 91.243.80.200 |
|
| Details | IPv4 | 4 | 5.8.88.254 |
|
| Details | IPv4 | 2 | 109.13.212.72 |
|
| Details | IPv4 | 2 | 194.58.97.95 |
|
| Details | IPv4 | 2 | 46.170.125.222 |
|
| Details | IPv4 | 2 | 62.57.131.114 |
|
| Details | IPv4 | 2 | 77.246.145.202 |
|
| Details | IPv4 | 2 | 185.158.154.147 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 2 | http://92.222.68.32/bot.pl |
|
| Details | Url | 2 | http://92.222.68.32/wolf |
|
| Details | Url | 2 | https://forum.voidsec.com/thread-93.html |
|
| Details | Url | 1 | https://github.com/h1r0gh057 |
|
| Details | Url | 1 | https://gist.github.com/dreadpir |
|
| Details | Url | 1 | https://www.vestifinance |
|
| Details | Url | 1 | https://www.welivesecurity.com/2017/05/09/sednit- |
|
| Details | Url | 1 | https://sourceforge.net |
|
| Details | Url | 60 | https://github.com |
|
| Details | Url | 1 | https://www.welivesecurity.com/2017/05/09/sednit-adds- |
|
| Details | Url | 2 | http://192.168.19.171/index.php?xy=1 |
|
| Details | Url | 2 | http://192.168.19.171/index. |
|
| Details | Url | 1 | http://192.168.19.171/index.php?xy=2&axy= |
|
| Details | Url | 2 | http://cnc/index.php?xy=2&axy= |
|
| Details | Url | 1 | http://cnc/index.php?xy=3&axy= |
|
| Details | Url | 5 | https://github.com/gentilkiwi/mimikatz. |
|
| Details | Windows Registry Key | 29 | HKEY_CURRENT_USER\Software |
|
| Details | Windows Registry Key | 36 | HKEY_CURRENT_USER\Software\Microsoft\Windows |
|
| Details | Windows Registry Key | 16 | HKLM\Software |
|
| Details | Windows Registry Key | 2 | HKLM\Software\KingKongThai\cc |
|
| Details | Windows Registry Key | 36 | HKCU\Software |
|
| Details | Windows Registry Key | 14 | HKLM\Software\Microsoft |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 48 | HKLM\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 37 | HKLM\SYSTEM |
|
| Details | Windows Registry Key | 2 | HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application |
|
| Details | CVE | 269 | cve-2017-0199 |
|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | CVE | 117 | cve-2018-0802 |
|
| Details | CVE | 14 | cve-2017-0262 |
|
| Details | CVE | 106 | cve-2018-8174 |
|
| Details | CVE | 47 | cve-2017-0143 |
|
| Details | CVE | 17 | cve-2017-0263 |
|
| Details | CVE | 20 | cve-2008-4250 |
|
| Details | Domain | 15 | group-ib.ru |
|
| Details | Domain | 4 | silence.proxybot.net |
|
| Details | Domain | 4 | proxybot.net |
|
| Details | Domain | 9 | bellsouth.net |
|
| Details | Domain | 3 | bot.pl |
|
| Details | Domain | 2 | forum.voidsec.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 2 | ircabuse.pl |
|
| Details | Domain | 219 | gist.github.com |
|
| Details | Domain | 2 | ira.pubcs16.ro |
|
| Details | Domain | 2 | piratesofcyber.tk |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 2 | fcbank.ru |
|
| Details | Domain | 2 | finamnews019.xyz |
|
| Details | Domain | 2 | cassocial.gdn |
|
| Details | Domain | 2 | variiform.gdn |
|
| Details | Domain | 136 | mail.com |
|
| Details | Domain | 9 | att.net |
|
| Details | Domain | 2 | bankrab.ru |
|
| Details | Domain | 2 | itbank.ru |
|
| Details | Domain | 2 | trustintbank.org |
|
| Details | Domain | 2 | itbank.us |
|
| Details | Domain | 2 | itrbank.ru |
|
| Details | Domain | 51 | reg.ru |
|
| Details | Domain | 2 | itmbank.ru |
|
| Details | Domain | 2 | hoster.kz |
|
| Details | Domain | 2 | itmbank.us |
|
| Details | Domain | 2 | mosfinbank.ru |
|
| Details | Domain | 2 | mostbbank.ru |
|
| Details | Domain | 2 | ppfbank.ru |
|
| Details | Domain | 2 | fbank.org |
|
| Details | Domain | 2 | dgbank.ru |
|
| Details | Domain | 2 | bankci.ru |
|
| Details | Domain | 2 | csbank.ru |
|
| Details | Domain | 2 | mmibank.ru |
|
| Details | Domain | 2 | ibosberbank.ru |
|
| Details | Domain | 4 | fpbank.ru |
|
| Details | Domain | 2 | tvaudio.ru |
|
| Details | Domain | 2 | vivacity.ru |
|
| Details | Domain | 102 | sourceforge.net |
|
| Details | Domain | 2 | jabber.sg |
|
| Details | Domain | 7 | ymail.com |
|
| Details | Domain | 10 | sbcglobal.net |
|
| Details | Domain | 2 | secure2048.at |
|
| Details | Domain | 2 | sinaro.host |
|
| Details | Domain | 1 | spas-ibosberbank.ru |
|
| Details | Domain | 16 | www.group-ib.ru |
|
| Details | Domain | 6 | blog.group-ib.ru |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 330 | facebook.com |
|
| Details | 2 | driley123@bellsouth.net |
||
| Details | 2 | josueruvalcaba@mail.com |
||
| Details | 2 | belov@ppfbank.ru |
||
| Details | 2 | belov@vivacity.ru |
||
| Details | 2 | cap@jabber.sg |