ioc[.]one - OSINT Cyber Threat Intelligence Database

UNKNOWN

Show in Graph

Common Information

Type	Value
UUID	e512aec3-cc8a-419c-98a0-a9b0169986d6
Fingerprint	f9a1d787f64085fd14fe145cd50e74ae2968b59073e576b659ea6bc8afef9b1a
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 29, 2024, 2:03 p.m.
Added to db	March 12, 2024, 8:14 p.m.
Last updated	Aug. 31, 2024, 5:46 a.m.
Headline	UNKNOWN
Title	UNKNOWN
Detected Hints/Tags/Attributes	30/1/38

Source URLs

	Redirection	Url
Details	Source	https://jsac.jpcert.or.jp/archive/2024/pdf/JSAC2024_2_7_hara_shoji_higashi_vickie-su_nick-dai_en.pdf

URL Provider

Details	Provider	Source level domain
Details	jpcert.or.jp	jsac.jpcert.or.jp

Attributes

Details	Type	#Events	Value
Details	Domain	622	en.wikipedia.org
Details	Domain	46	jsac.jpcert.or.jp
Details	Domain	80	www.eset.com
Details	Domain	1	srmbr.com
Details	Domain	1	vtqebawifwrfj.srmbr.com
Details	Domain	1	plouwvqlxy.myftp.org
Details	Domain	1	kcimqstvpvsvjzr.hopto.org
Details	File	1	sekienkasha.jpg
Details	File	14	csvde.exe
Details	File	2	all.csv
Details	File	49	nltest.exe
Details	File	17	quser.exe
Details	File	1	diagram.xlsx
Details	File	2	%temp%\31558.txt
Details	File	3	sfsdllsample.exe
Details	File	3	sfsdll32.dll
Details	File	69	vcruntime140.dll
Details	File	1	mssitlb.xml
Details	File	1	uianimation.xml
Details	File	1	shiftjis.dat
Details	File	1	contrast-white.dat
Details	File	1	people.txt
Details	File	5	list.xlsx
Details	File	3	jsac2022_9_yanagishita-tamada-nakatsuru-ishimaru_en.pdf
Details	File	5	jsac2021_202_niwa-yanagishita_en.pdf
Details	File	3	elze.exe
Details	File	3	frau.dll
Details	File	1	c:\windows\system32\c_950.dat
Details	sha256	1	217826c36e994d097eadcf856fdcadb21372e5a0845e496dbb6015e1a8d42867
Details	IPv4	1	45.76.197.236
Details	Url	1	https://en.wikipedia.org/wiki/kasha_
Details	Url	2	https://jsac.jpcert.or.jp/archive/2022/pdf/jsac2022_9_yanagishita-tamada-nakatsuru-ishimaru_en.pdf
Details	Url	4	https://jsac.jpcert.or.jp/archive/2021/pdf/jsac2021_202_niwa-yanagishita_en.pdf
Details	Url	2	https://www.eset.com/jp/blog/welivesecurity/unmasking-mirrorface
Details	Url	1	http://vtqebawifwrfj.srmbr.com:443
Details	Yara rule	1	rule Trojan_LODEINFOLDR_generic { meta: Author = "Trend Micro" Created_Time = "2024-01-26" strings: $chunk_1 = { 8A 02 34 ?? 88 01 8A 42 01 34 ?? 88 41 01 8A 42 02 34 ?? 88 41 02 8A 42 03 34 ?? 88 41 03 8A 42 04 34 ?? 88 41 04 8A 42 05 34 ?? 88 41 05 8A 42 06 34 ?? 88 41 06 8A 42 07 34 ?? 88 41 07 8B C1 C6 41 08 00 } condition: uint16(0) == 0x5A4D and all of them }
Details	Yara rule	1	rule Trojan_NOOPLDR_xml { meta: Author = "Trend Micro" Created_Time = "2024-01-26" strings: $s1 = "<Code Type=\"Class\" Language=\"cs\"><![CDATA[using " $s2 = "Software\\\\Microsoft\\\\SQMClient" $s3 = ".GetValue(\"MachineId\").ToString()" $s4 = "SHA384.Create();" $s5 = "new byte[32];Array.Copy(" $s6 = "new byte[16];Array.Copy(" condition: all of them }
Details	Yara rule	1	rule Trojan_NOOPLDR_dll { meta: Author = "Trend Micro" Created_Time = "2024-01-26" strings: $chunk_1 = { 48 8D 05 ?? ?? ?? ?? 48 8D 0D ?? ?? ?? ?? 0F B6 0C 0E 32 0C 06 0F B6 D1 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? } $chunk_2 = { 3D ?? ?? ?? ?? 7E ?? 3D ?? ?? ?? ?? 7F ?? 3D ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? 3D ?? ?? ?? ?? 75 ?? B8 ?? ?? ?? ?? EB ?? } condition: uint16(0) == 0x5A4D and all of them }