OLD SNAKE, NEW SKIN
Common Information
| Type | Value |
|---|---|
| UUID | e7d2b6ac-93a4-4417-8cfa-b0d0f55d2a58 |
| Fingerprint | 5f2281c7a2fa436ae757529f7360c0e3f3fdaeeccbdcba6eeb486fb15961460f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 13, 2023, 4:09 p.m. |
| Added to db | Oct. 15, 2024, 4:26 p.m. |
| Last updated | Oct. 15, 2024, 4:31 p.m. |
| Headline | OLD SNAKE, NEW SKIN |
| Title | OLD SNAKE, NEW SKIN |
| Detected Hints/Tags/Attributes | 0/0/147 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS201206 |
|
| Details | Autonomous System Number | 2 | AS202448 |
|
| Details | Autonomous System Number | 1 | AS208258 |
|
| Details | Autonomous System Number | 3 | AS30823 |
|
| Details | Autonomous System Number | 2 | AS39798 |
|
| Details | Autonomous System Number | 2 | AS44812 |
|
| Details | Autonomous System Number | 2 | AS58073 |
|
| Details | Autonomous System Number | 3 | AS60404 |
|
| Details | Autonomous System Number | 6 | AS8100 |
|
| Details | CVE | 15 | cve-2021-36934 |
|
| Details | Domain | 35 | group-ib.com |
|
| Details | Domain | 2 | microsoft-updates.servehttp.com |
|
| Details | Domain | 3 | microsoft-patches.servehttp.com |
|
| Details | Domain | 1 | webmail.gavaf.org |
|
| Details | Domain | 15 | backup.zip |
|
| Details | Domain | 1 | mail.cbm.gov |
|
| Details | Domain | 1 | nucleus.vision |
|
| Details | Domain | 1 | nitro.network |
|
| Details | Domain | 1 | nucleusvision.com |
|
| Details | Domain | 1 | nucleusvision.sytes.net |
|
| Details | Domain | 1 | nucleusvision.co |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 3 | microsoft-winupdate.servehttp.com |
|
| Details | Domain | 2 | mail.nepal.gavnp.org |
|
| Details | Domain | 1 | gavaf.org |
|
| Details | Domain | 4 | ap1-acl.net |
|
| Details | Domain | 1 | windowssecurity.zip |
|
| Details | Domain | 1 | supportsession.live |
|
| Details | Domain | 1 | activesheet.pictures |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 9 | steemit.com |
|
| Details | Domain | 1 | windowsecurity.zip |
|
| Details | Domain | 1 | npa.hta.save |
|
| Details | Domain | 1 | nic-share.myftp.org |
|
| Details | Domain | 74 | adodb.stream |
|
| Details | Domain | 7 | xhttp.open |
|
| Details | Domain | 1 | stagger.py |
|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 1 | mail-mohs.ddns.net |
|
| Details | Domain | 1 | obsfucated-chrome.py |
|
| Details | Domain | 1 | try.py |
|
| Details | Domain | 1 | scvhost.py |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 3 | ip.42.pl |
|
| Details | Domain | 1 | microsoft.redirectme.net |
|
| Details | Domain | 1 | windowupdate.myftp.org |
|
| Details | Domain | 1 | akamai.servehttp.com |
|
| Details | Domain | 1 | oneroute.microsoft.com |
|
| Details | Domain | 2 | webmail-org.servehttp.com |
|
| Details | Domain | 1 | outlook.gavaf.org |
|
| Details | Domain | 1 | mail.gavaf.org |
|
| Details | Domain | 1 | srilankanairlines.redirectme.net |
|
| Details | Domain | 1 | expolanka.serveftp.com |
|
| Details | Domain | 1 | lankabelltd.myftp.org |
|
| Details | Domain | 2 | sltelecom.servehttp.com |
|
| Details | Domain | 1 | sltmobitel.hopto.org |
|
| Details | Domain | 1 | bankofceylon.sytes.net |
|
| Details | Domain | 145 | api.telegram.org |
|
| Details | Domain | 1 | domain-lk.sytes.net |
|
| Details | Domain | 1 | foreign-mv.sytes.net |
|
| Details | Domain | 1 | ncit-gov.sytes.net |
|
| Details | Domain | 1 | windefupdate.sytes.net |
|
| Details | Domain | 1 | linux-stable.sytes.net |
|
| Details | Domain | 8 | decrypt.py |
|
| Details | 1 | exractor007@gmail.com |
||
| Details | 1 | a1b2c3d9e8@gmail.com |
||
| Details | 22 | info@group-ib.com |
||
| Details | File | 2 | 2021.xls |
|
| Details | File | 2 | candidates1.xltm |
|
| Details | File | 2 | calculator.xlsm |
|
| Details | File | 312 | calc.exe |
|
| Details | File | 15 | backup.zip |
|
| Details | File | 816 | index.html |
|
| Details | File | 207 | login.php |
|
| Details | File | 1 | login1.php |
|
| Details | File | 2 | notice.pdf |
|
| Details | File | 12 | error.html |
|
| Details | File | 1 | sysfiles.txt |
|
| Details | File | 4 | generic.asm |
|
| Details | File | 1 | windowssecurity.zip |
|
| Details | File | 1 | %appdata%\windowssecurity.zip |
|
| Details | File | 1 | %appdata%\windowssecurity.exe |
|
| Details | File | 1 | hostcom.exe |
|
| Details | File | 2 | 2020.xls |
|
| Details | File | 2 | items.xls |
|
| Details | File | 9 | invoice.xls |
|
| Details | File | 4 | invisible.vbs |
|
| Details | File | 1 | activesheet.pict |
|
| Details | File | 19 | a.bat |
|
| Details | File | 1 | invisible2.vbs |
|
| Details | File | 1 | %appdata%\invisible2.vbs |
|
| Details | File | 1 | %appdata%\a.bat |
|
| Details | File | 1 | windowsecurity.zip |
|
| Details | File | 1 | %appdata%\windowsecurity.zip |
|
| Details | File | 1 | windowsecurity.exe |
|
| Details | File | 1 | %appdata%\windowsecurity.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 1 | 1610.pdf |
|
| Details | File | 1 | 1611.pdf |
|
| Details | File | 1 | 1612.pdf |
|
| Details | File | 1 | baitadi.pdf |
|
| Details | File | 1 | btn.pdf |
|
| Details | File | 1 | china_nepal_tie.pdf |
|
| Details | File | 1 | covid19.pdf |
|
| Details | File | 6 | my.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 2 | scvhost.txt |
|
| Details | File | 17 | scvhost.exe |
|
| Details | File | 1 | %userprofile%\windowshost\server.exe |
|
| Details | File | 1 | %userprofile%\pictures\scvhost.txt |
|
| Details | File | 53 | server.exe |
|
| Details | File | 1 | opmcm.pdf |
|
| Details | File | 4 | ch.txt |
|
| Details | File | 1 | statement_to_defeat_covid19.pdf |
|
| Details | File | 13 | 2.pdf |
|
| Details | File | 33 | 1.pdf |
|
| Details | File | 2 | press.pdf |
|
| Details | File | 1 | cloudstatus.txt |
|
| Details | File | 1 | inevitable.vbs |
|
| Details | File | 1 | %localappdata%\stealthex.vbs |
|
| Details | File | 1 | %localappdata%\downfile.vbs |
|
| Details | File | 1 | %localappdata%\a.bat |
|
| Details | File | 1 | stealthex.vbs |
|
| Details | File | 1 | %localappdata%\b.bat |
|
| Details | File | 1 | %localappdata%\c.bat |
|
| Details | File | 1 | %localappdata%\d.bat |
|
| Details | File | 1 | %localappdata%\e.bat |
|
| Details | File | 1 | downfile.vbs |
|
| Details | File | 1 | %appdata%\local\\a.bat |
|
| Details | File | 46 | microsoft.xml |
|
| Details | File | 12 | b.bat |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 4 | c.bat |
|
| Details | File | 1 | %localappdata%\\microsoft\\cloudstatus.txt |
|
| Details | File | 1 | cloudap.exe |
|
| Details | File | 5 | d.bat |
|
| Details | File | 1 | %localappdata%\cloudap.exe |
|
| Details | File | 1 | e.bat |
|
| Details | File | 1 | stagger.py |
|
| Details | File | 3 | rs.exe |
|
| Details | File | 10 | 4.txt |
|
| Details | File | 1 | systemlog.txt |
|
| Details | File | 17 | hello.txt |
|
| Details | File | 1 | stager_caller.exe |
|
| Details | File | 1 | %temp%\hello.txt |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 3 | %temp%\scvhost.exe |