ioc[.]one - OSINT Cyber Threat Intelligence Database

REDCURL

Show in Graph

Common Information

Type	Value
UUID	c393f17c-92bf-4f52-90fa-890998703a06
Fingerprint	101c63ca52b145712cb70920f59e8ac64e327e31c9fd06a3028f51d1aa3642da
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 10, 2021, 9:06 a.m.
Added to db	March 12, 2024, 6:43 p.m.
Last updated	Aug. 31, 2024, 4:25 a.m.
Headline	REDCURL
Title	REDCURL
Detected Hints/Tags/Attributes	186/3/156

Source URLs

	Redirection	Url
Details	Source	https://go.group-ib.com/hubfs/report/protected/group-ib-redcurl-the-awakening-threat-research-2021-en.pdf

URL Provider

Details	Provider	Source level domain
Details	group-ib.com	go.group-ib.com

Attributes

Details	Type	#Events	Value
Details	Domain	35	group-ib.com
Details	Domain	1	atspace.tv
Details	Domain	1	filecloudio.club
Details	Domain	5	myartsonline.com
Details	Domain	4	medianewsonline.com
Details	Domain	1	atspace.eu
Details	Domain	1	c1.biz
Details	Domain	1	md.cloudexpdef.email
Details	Domain	1	cloudexpdef.email
Details	Domain	4127	github.com
Details	Domain	369	microsoft.com
Details	Domain	339	system.net
Details	Domain	228	system.io
Details	Domain	52	msn.com
Details	Domain	1	ocgfbca.open
Details	Domain	30	www.msn.com
Details	Domain	454	www.google.com
Details	Domain	46	www.yahoo.com
Details	Domain	15	google.co.uk
Details	Domain	3	tmall.com
Details	Domain	397	www.microsoft.com
Details	Domain	10	www.wikipedia.org
Details	Domain	110	www.reddit.com
Details	Domain	88	www.bing.com
Details	Domain	87	www.amazon.com
Details	Domain	4	www.taobao.com
Details	Domain	281	docs.microsoft.com
Details	Domain	74	adodb.stream
Details	Domain	1	dav.box.com
Details	Domain	1	lz.py
Details	Domain	1	prosmanf.mygamesonline.org
Details	Domain	1	icnfgfoot.c1.biz
Details	Domain	1	gtdsvcop.atspace.eu
Details	Domain	1	plomfroutr.c1.biz
Details	Domain	101	www.group-ib.com
Details	Domain	1373	twitter.com
Details	Domain	330	facebook.com
Details	Email	22	info@group-ib.com
Details	File	4	redcurl.ini
Details	File	478	lsass.exe
Details	File	1018	rundll32.exe
Details	File	8	c:\windows\win.ini
Details	File	1	computername.tmp
Details	File	1	computername.bat
Details	File	1208	powershell.exe
Details	File	185	shell32.dll
Details	File	1	%appdata%\%computername%.pdf
Details	File	41	msxml2.xml
Details	File	13	url.dll
Details	File	85	www.bin
Details	File	4	%.exe
Details	File	1122	svchost.exe
Details	File	306	services.exe
Details	File	1	name%.dll
Details	File	1	mputername.tmp
Details	File	22	_.ps
Details	File	4	syspack.exe
Details	File	1	lz243p.tmp
Details	File	5	sys.txt
Details	File	1	whoami.txt
Details	File	4	net.txt
Details	File	2	disks.txt
Details	File	1	c.tmp
Details	File	3	d.tmp
Details	File	1	inf_%random%.tmp
Details	File	85	log.txt
Details	File	4	log1.txt
Details	File	65	python.exe
Details	File	1	lz.py
Details	File	5	pw.txt
Details	File	1	pw1.txt
Details	File	1	ps_%random%.tmp
Details	File	1	ade.tmp
Details	File	2126	cmd.exe
Details	File	1	paran%username%.dll
Details	File	1	rsjhq.dll
Details	File	1	+.dll
Details	File	1	%appdata%\appidstorage\convpolchk_b816871.dll
Details	File	1	mouseinpsync_98ab1ee.dll
Details	File	1	oobedscvr_cf25318.dll
Details	File	1	%appdata%\microsoft\provision\cellprovcntrl_0877cae.exe
Details	File	1	updorchtls_c30742b.exe
Details	File	1	+.exe
Details	Github username	11	alessandroz
Details	Github username	1	prasathmani
Details	md5	1	154770dbaffd98289e8e6d70bd59b2b9
Details	md5	1	5adda7acabb5c3bb7ddf75a4ab6285c6
Details	md5	1	fc55d2310e0831615d8c7c95ccb95325
Details	md5	1	34232c3210df2251820692885a3b3128
Details	md5	1	d6f318f77d3399e12e3e17abcd45d1c5
Details	md5	1	b74963e673087369da5fbe113b131254
Details	md5	1	2ba63190a59228000e4616c3bd716b49
Details	md5	1	44341aedca34426e87da9dad3f547c11
Details	md5	1	df8030fa5a34d22cb08a7814b63e282f
Details	md5	1	2d65238c24657d395309e5cd01d9a8b7
Details	md5	1	58c3d684fecd62e3fd23f1d8a9fb0efb
Details	md5	1	26047d1dd5529cbb74ac684a8ea1656c
Details	md5	1	f9051aa264fba5b5c030f795418c2652
Details	sha1	1	86b47e687e35b2a2cce185daf25fca7a0073b544
Details	sha1	1	cabc5621cc4eed54be43b5b29fd6e4a25509105b
Details	sha1	1	0dd8168510a6cc55dc2f2126c59d0951d966a87a
Details	sha1	1	5a39a5269ba10fbc7fcadac9f01f54a2f14faee6
Details	sha1	1	373d0a0896a64fe61c7e13664e8f5f322d639e2f
Details	sha1	1	26c5925ab6d08a62e05922a04500b648bc0453c5
Details	sha1	1	839504fe83ae756fd67a8a52a9a9c345b4fbb531
Details	sha1	1	38f90080c6a431eaf6ba947c6e85c3ce19380797
Details	sha1	1	01a9a93954a6ae1c66fe82388c862b192e61270f
Details	sha1	1	2dfce2fbdd44468aca08bf912b2ac33081015366
Details	sha1	1	e125d5585b30805860919930a7fb896b84a8c8b4
Details	sha1	1	57abca2f6fe00e6083cff74171d5efefb3eacebf
Details	sha1	1	f8c96760ee301baf2c24a4991e05eb3c2c155a49
Details	sha256	1	13332ecfa468d7fd57ef373b372e0f98c9a8dc60e8a9570cb7a9c0437583338c
Details	sha256	1	713a21d878c61bd9eace2a2f32f654c8ebf1534ec45c3e47f62b000a96336700
Details	sha256	1	f635be0fc6ff1faf55a60fde5b3a0f273f1c8ed622e6915b9a2fb4ae0085b1d8
Details	sha256	1	b850c56109ba9ecadd5a6af3b764482cc814f7adba24d5a5c60a710e97f2b65f
Details	sha256	1	c0f04cefd10f1e65f342d9456a3cab4b2b1aab6523a4789147e6ef556a7e8585
Details	sha256	1	12ae4ed672f495619fa480477d4b83d058ad3764ecaf86cd490cd3ea689158bc
Details	sha256	1	2cbdda564a8e2cbcffdbab89b978cba561d42da1889de7c817d8e0cd663c3322
Details	sha256	1	cceef032c86d7ebac083c6506506fee8dd83475a10853e11bb133d2ec70115fe
Details	sha256	1	00d10d276f3684787302a826c44718af77ff41020e2fbaed24fbec893e1f2004
Details	sha256	1	d6b6211bf7725ebd9a221ba182320f2cf91a9a0a1b70f685e207be40278e8f80
Details	sha256	1	2310a5e1710b34c140d5a8a29c182efdeae224262498f9c51b9eb1e2b1c9aa8a
Details	sha256	1	da4a1247a9442b685b145c12c5c2aa0469d4826557699308eb69044d24a2df9a
Details	sha256	1	25f10228706b12a5b91240f2606f78827a67655750a0dae53b1a7cd47c1efb63
Details	IPv4	1	37.120.221.28
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	94	T1564.001
Details	MITRE ATT&CK Techniques	119	T1218.011
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	23	T1552.002
Details	MITRE ATT&CK Techniques	11	T1056.002
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	72	T1087.001
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	22	T1087.003
Details	MITRE ATT&CK Techniques	33	T1080
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	34	T1114.001
Details	MITRE ATT&CK Techniques	149	T1102
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	33	T1537
Details	Url	1	http://www.msn.com’).originalstring
Details	Url	6	http://www.msn.com
Details	Windows Registry Key	26	HKCU\Software\Microsoft