Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
Common Information
| Type | Value |
|---|---|
| UUID | e0102ee2-29d1-45e7-a150-e526b3fa698c |
| Fingerprint | d9847f22c8380921dc13378321462e0aca79d5c85bde6c31724cace642f6f29f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 11, 2019, 4:10 p.m. |
| Added to db | April 14, 2024, 10:46 a.m. |
| Last updated | Aug. 30, 2024, 10:51 p.m. |
| Headline | Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns |
| Title | Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns |
| Detected Hints/Tags/Attributes | 30/1/134 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | backdoor.win32.flawedammy.ai |
|
| Details | Domain | 1 | backdoor.win32.flawedammy.al |
|
| Details | Domain | 1 | backdoor.win32.flawedammy.am |
|
| Details | Domain | 1 | backdoor.win32.flawedammyy.ac |
|
| Details | Domain | 1 | backdoor.win32.rabased.ac |
|
| Details | Domain | 1 | trojan.x97m.flawedammy.ac |
|
| Details | Domain | 1 | amenyan.zouri.jp |
|
| Details | Domain | 1 | angelmariotti.xyz |
|
| Details | Domain | 1 | billyjimmyer.top |
|
| Details | Domain | 1 | canyoning-austria.at |
|
| Details | Domain | 1 | citroenmehari.dk |
|
| Details | Domain | 1 | dannysannyer.top |
|
| Details | Domain | 1 | datdepot.net |
|
| Details | Domain | 1 | fjiisiis33.icu |
|
| Details | Domain | 1 | furhatsth.net |
|
| Details | Domain | 1 | globe-trotterltd.com |
|
| Details | Domain | 2 | gohaiendo.com |
|
| Details | Domain | 1 | govhotel.us |
|
| Details | Domain | 2 | homeone.co.kr |
|
| Details | Domain | 1 | houusha33.icu |
|
| Details | Domain | 1 | ianhennessee.com |
|
| Details | Domain | 1 | kabatas.ch |
|
| Details | Domain | 1 | kupitorta.net |
|
| Details | Domain | 1 | lecmess.top |
|
| Details | Domain | 1 | losabetos.com.sv |
|
| Details | Domain | 1 | profan.es |
|
| Details | Domain | 1 | slemend.com |
|
| Details | Domain | 1 | statesdr.top |
|
| Details | Domain | 1 | tommyhalfigero.top |
|
| Details | Domain | 1 | topdalescotty.top |
|
| Details | Domain | 1 | traveser.net |
|
| Details | Domain | 1 | tunnelview.co.uk |
|
| Details | Domain | 1 | vairina.top |
|
| Details | Domain | 1 | velquene.net |
|
| Details | Domain | 2 | waiireme.com |
|
| Details | Domain | 1 | www.kerrison.com |
|
| Details | Domain | 1 | zonaykan.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | File | 1 | flawedammy.ai |
|
| Details | File | 48 | trojan.bat |
|
| Details | File | 19 | trojan.html |
|
| Details | File | 1 | da2.dat |
|
| Details | IPv4 | 1 | 159.69.48.50 |
|
| Details | IPv4 | 1 | 169.239.129.103 |
|
| Details | IPv4 | 1 | 94.156.133.183 |
|
| Details | IPv4 | 1 | 103.73.66.137 |
|
| Details | IPv4 | 2 | 109.234.38.177 |
|
| Details | IPv4 | 1 | 116.203.180.29 |
|
| Details | IPv4 | 1 | 158.255.208.175 |
|
| Details | IPv4 | 1 | 160.202.162.147 |
|
| Details | IPv4 | 1 | 163.172.84.54 |
|
| Details | IPv4 | 1 | 167.179.119.235 |
|
| Details | IPv4 | 1 | 169.239.128.168 |
|
| Details | IPv4 | 1 | 169.239.128.169 |
|
| Details | IPv4 | 1 | 172.104.104.166 |
|
| Details | IPv4 | 1 | 172.104.117.15 |
|
| Details | IPv4 | 1 | 195.123.227.20 |
|
| Details | IPv4 | 1 | 27.102.118.143 |
|
| Details | IPv4 | 1 | 45.76.206.149 |
|
| Details | IPv4 | 1 | 45.76.223.177 |
|
| Details | IPv4 | 1 | 45.77.16.211 |
|
| Details | IPv4 | 1 | 5.149.254.25 |
|
| Details | IPv4 | 1 | 66.42.45.55 |
|
| Details | IPv4 | 1 | 92.38.135.134 |
|
| Details | IPv4 | 1 | 92.38.135.88 |
|
| Details | Url | 1 | http://103.73.66.137/01.dat |
|
| Details | Url | 2 | http://109.234.38.177/dom4 |
|
| Details | Url | 1 | http://116.203.180.29/01.dat |
|
| Details | Url | 1 | http://158.255.208.175/da2.dat |
|
| Details | Url | 1 | http://160.202.162.147/1.tmp |
|
| Details | Url | 1 | http://163.172.84.54/filename.php |
|
| Details | Url | 1 | http://167.179.119.235/02.dat |
|
| Details | Url | 1 | http://169.239.128.168/dynhost |
|
| Details | Url | 1 | http://169.239.128.169/dynhost |
|
| Details | Url | 1 | http://172.104.104.166/01.dat |
|
| Details | Url | 1 | http://172.104.104.166/m1 |
|
| Details | Url | 1 | http://172.104.104.166/m2 |
|
| Details | Url | 1 | http://172.104.117.15/02.dat |
|
| Details | Url | 1 | http://195.123.227.20/dashost |
|
| Details | Url | 1 | http://27.102.118.143/dom1 |
|
| Details | Url | 1 | http://45.76.206.149/01.dat |
|
| Details | Url | 1 | http://45.76.223.177/02.dat |
|
| Details | Url | 1 | http://45.77.16.211/01.dat |
|
| Details | Url | 1 | http://5.149.254.25/1.tmp |
|
| Details | Url | 1 | http://66.42.45.55/02.dat |
|
| Details | Url | 1 | http://66.42.45.55/m3 |
|
| Details | Url | 1 | http://66.42.45.55/m4 |
|
| Details | Url | 1 | http://92.38.135.134/dom2 |
|
| Details | Url | 1 | http://92.38.135.88/da.dat |
|
| Details | Url | 1 | http://amenyan.zouri.jp/20190706_866384 |
|
| Details | Url | 1 | http://angelmariotti.xyz/xsmkld/index.php |
|
| Details | Url | 1 | http://billyjimmyer.top/xsmkld/index.php |
|
| Details | Url | 1 | http://canyoning-austria.at/dashost |
|
| Details | Url | 1 | http://citroenmehari.dk/20190706_066381.xls |
|
| Details | Url | 1 | http://dannysannyer.top/xsmkld/index.php |
|
| Details | Url | 1 | http://datdepot.net/nzt1 |
|
| Details | Url | 1 | http://fjiisiis33.icu/jquery/jquery.php |
|
| Details | Url | 1 | http://furhatsth.net/q1 |
|
| Details | Url | 1 | http://furhatsth.net/q2 |
|
| Details | Url | 1 | http://globe-trotterltd.com/dashost |
|
| Details | Url | 1 | http://gohaiendo.com/ppk/index.php |
|
| Details | Url | 1 | http://govhotel.us/p.exe |
|
| Details | Url | 1 | http://homeone.co.kr/etaxinvoice_47654385 |
|
| Details | Url | 1 | http://houusha33.icu/jquery/jquery.php |
|
| Details | Url | 1 | http://ianhennessee.com/etaxinvoice_776347 |
|
| Details | Url | 1 | http://kabatas.ch |
|
| Details | Url | 1 | http://kupitorta.net/lsadat1 |
|
| Details | Url | 1 | http://kupitorta.net/lsadat2 |
|
| Details | Url | 1 | http://kupitorta.net/lsadat3 |
|
| Details | Url | 1 | http://lecmess.top/tmp |
|
| Details | Url | 1 | http://losabetos.com.sv/etaxinvoice_846634 |
|
| Details | Url | 1 | http://profan.es/dashost |
|
| Details | Url | 1 | http://slemend.com/cykom1 |
|
| Details | Url | 1 | http://slemend.com/cykom2 |
|
| Details | Url | 1 | http://statesdr.top/q3 |
|
| Details | Url | 1 | http://statesdr.top/q4 |
|
| Details | Url | 1 | http://tommyhalfigero.top/xsmkld/index.php |
|
| Details | Url | 1 | http://topdalescotty.top/xsmkld/index.php |
|
| Details | Url | 1 | http://traveser.net/tmp |
|
| Details | Url | 1 | http://tunnelview.co.uk/es_2.exe |
|
| Details | Url | 1 | http://vairina.top/20190706_089785.xls |
|
| Details | Url | 1 | http://vairina.top/20190706_125803.xls |
|
| Details | Url | 1 | http://vairina.top/t1 |
|
| Details | Url | 1 | http://vairina.top/t2 |
|
| Details | Url | 1 | http://velquene.net/mshost1 |
|
| Details | Url | 1 | http://velquene.net/mshost2 |
|
| Details | Url | 1 | http://waiireme.com/20190706_077345.xls |
|
| Details | Url | 2 | http://waiireme.com/20190706_983782.xls |
|
| Details | Url | 1 | http://waiireme.com/t3 |
|
| Details | Url | 1 | http://waiireme.com/t4 |
|
| Details | Url | 1 | http://www.kerrison.com/dashost |
|
| Details | Url | 1 | http://zonaykan.com/lsadat1 |
|
| Details | Url | 1 | http://zonaykan.com/lsadat2 |
|
| Details | Url | 1 | http://zonaykan.com/lsadat3 |