THREAT REPORT
Common Information
| Type | Value |
|---|---|
| UUID | fea9b7b0-d0a5-4fe5-84bc-143364ce9b32 |
| Fingerprint | a147b583f0f2275eab265bd493a88ed1c80053c2a8849a3f59343b1d211ccc65 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 20, 2022, 12:39 p.m. |
| Added to db | April 14, 2024, 8:50 a.m. |
| Last updated | Aug. 31, 2024, 9:18 a.m. |
| Headline | THREAT REPORT |
| Title | THREAT REPORT |
| Detected Hints/Tags/Attributes | 412/4/200 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | CVE | 128 | cve-2019-11510 |
|
| Details | CVE | 10 | cve-2012-5687 |
|
| Details | CVE | 73 | cve-2014-8361 |
|
| Details | CVE | 10 | cve-2014-9583 |
|
| Details | CVE | 6 | cve-2015-0554 |
|
| Details | CVE | 4 | cve-2015-7248 |
|
| Details | CVE | 6 | cve-2015-7254 |
|
| Details | CVE | 7 | cve-2014-4019 |
|
| Details | CVE | 5 | cve-2014-1225 |
|
| Details | CVE | 5 | cve-2014-2962 |
|
| Details | CVE | 5 | cve-2013-5947 |
|
| Details | Domain | 54 | welivesecurity.com |
|
| Details | Domain | 1 | the-haba.com |
|
| Details | Domain | 1 | 2ld.xyz |
|
| Details | Domain | 1 | ro2.host |
|
| Details | Domain | 1 | update.npicgames.com |
|
| Details | Domain | 1 | n1.nplayon.com |
|
| Details | Domain | 1 | nt.nplayon.com |
|
| Details | Domain | 1 | haveibeenemotet.com |
|
| Details | Domain | 1 | trojandownloader.adload.ae |
|
| Details | Domain | 1 | trojandownloader.adload.ad |
|
| Details | Domain | 43 | blockchain.com |
|
| Details | Domain | 1 | login.bıockchaln.com |
|
| Details | Domain | 3 | d24ak3f2b.top |
|
| Details | Domain | 9 | vfghe.com |
|
| Details | Domain | 6 | d18mpbo349nky5.cloudfront.net |
|
| Details | Domain | 1 | biggames.club |
|
| Details | Domain | 8 | glotorrents.pw |
|
| Details | Domain | 10 | propu.sh |
|
| Details | Domain | 3 | hardyload.com |
|
| Details | Domain | 5 | maranhesduve.club |
|
| Details | Domain | 11 | mrproddisup.com |
|
| Details | Domain | 3 | cdn.special-offers.online |
|
| Details | Domain | 3 | wwclickads.club |
|
| Details | Domain | 9 | update.updtbrwsr.com |
|
| Details | Domain | 8 | iclickcdn.com |
|
| Details | Domain | 3 | goviklerone.com |
|
| Details | Domain | 5 | update.updtapi.com |
|
| Details | Domain | 2 | dpiwrxl3dmzt3.cloudfront.net |
|
| Details | Domain | 10 | survey-smiles.com |
|
| Details | Domain | 5 | update.brwsrapi.com |
|
| Details | Domain | 8 | vk-online.xyz |
|
| Details | Domain | 3 | i24-7-news.com |
|
| Details | Domain | 5 | update.mrbrwsr.com |
|
| Details | Domain | 1 | iptautup.com |
|
| Details | Domain | 3 | go1news.biz |
|
| Details | Domain | 4 | update.savebrwsr.com |
|
| Details | Domain | 7 | pdloader.com |
|
| Details | Domain | 1 | p4.maranhesduve.club |
|
| Details | Domain | 1 | google-analytics-eapteka.medianation-tools.ru |
|
| Details | Domain | 1 | opentracker.xyz |
|
| Details | Domain | 1 | static.sunnycoast.xyz |
|
| Details | Domain | 3 | attacketslovern.info |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 41 | blogs.microsoft.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 13 | www.joeware.net |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 243 | cve.mitre.org |
|
| Details | Domain | 3 | www.haveibeenemotet.com |
|
| Details | Domain | 154 | us-cert.cisa.gov |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 280 | thehackernews.com |
|
| Details | Domain | 16 | www.coveware.com |
|
| Details | Domain | 133 | www.infosecurity-magazine.com |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 1 | borncity.com |
|
| Details | Domain | 13 | finance.yahoo.com |
|
| Details | Domain | 44 | www.bloomberg.com |
|
| Details | Domain | 28 | www.paypal.com |
|
| Details | Domain | 37 | www.cnbc.com |
|
| Details | Domain | 68 | www.coindesk.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 167 | www.ic3.gov |
|
| Details | Domain | 38 | blog.netlab.360.com |
|
| Details | Domain | 4 | eecd.eset.com |
|
| Details | Domain | 222 | www.blackhat.com |
|
| Details | Domain | 24 | aavar.org |
|
| Details | Domain | 2 | codeblue.jp |
|
| Details | Domain | 4 | help.eset.com |
|
| Details | Domain | 114 | eset.com |
|
| Details | File | 1 | cvoeqo.exe |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 7 | isass.exe |
|
| Details | File | 89 | wininit.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 7 | execute.bat |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 18 | pcalua.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 1 | 0_20201107223915.exe |
|
| Details | File | 1 | 0_20201029171157.exe |
|
| Details | File | 1 | 20201026114749.exe |
|
| Details | File | 4 | filecoder.cer |
|
| Details | File | 7 | spy.key |
|
| Details | File | 1 | spy.cer |
|
| Details | File | 1 | awb-recepit.pdf |
|
| Details | File | 6 | covid-19.doc |
|
| Details | File | 2 | eset_invisimole.pdf |
|
| Details | File | 1 | invisimole_04.indd |
|
| Details | File | 1 | trickbot-linux-variants-active-in-wild.html |
|
| Details | File | 384 | www.inf |
|
| Details | File | 1 | oceanlotus-surfaces.html |
|
| Details | File | 1204 | index.php |
|
| Details | File | 4 | unwanted_application.html |
|
| Details | File | 4 | unsafe_application.html |
|
| Details | Github username | 26 | eset |
|
| Details | Github username | 4 | dropbox |
|
| Details | IPv4 | 1 | 82.202.172.134 |
|
| Details | MITRE ATT&CK Techniques | 7 | T1547.012 |
|
| Details | MITRE ATT&CK Techniques | 7 | T1218.002 |
|
| Details | MITRE ATT&CK Techniques | 33 | T1080 |
|
| Details | MITRE ATT&CK Techniques | 207 | T1547 |
|
| Details | MITRE ATT&CK Techniques | 121 | T1218 |
|
| Details | Threat Actor Identifier - APT-C | 79 | APT-C-23 |
|
| Details | Threat Actor Identifier - FIN | 377 | FIN7 |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt- |
|
| Details | Url | 1 | https://blogs.microsoft.com/on-the-issues/2020/10/20/trickbot-ransomware-disruption- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/10/01/latam-financial-cybercrime-competitors- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/11/12/hungry-data-modpipe-backdoor-hits-pos- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets- |
|
| Details | Url | 2 | https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea |
|
| Details | Url | 2 | https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open |
|
| Details | Url | 4 | https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal |
|
| Details | Url | 1 | https://attack.mitre.org/versions/v8/techniques/t1080 |
|
| Details | Url | 1 | https://www.welivesecurity.com/wp-content/uploads/2020/06/eset_invisimole.pdf#eset_ |
|
| Details | Url | 1 | https://github.com/eset/malware-ioc/tree/master/quarterly_reports/2020_q4 |
|
| Details | Url | 1 | https://github.com/dropbox/dbxcli |
|
| Details | Url | 3 | https://www.joeware.net/freetools/tools/adfind |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group |
|
| Details | Url | 1 | https://attack.mitre.org/techniques/t1547/012 |
|
| Details | Url | 1 | https://attack.mitre.org/software/s0008 |
|
| Details | Url | 1 | https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech- |
|
| Details | Url | 5 | https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/advance-fee_scam |
|
| Details | Url | 106 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve |
|
| Details | Url | 1 | https://www.haveibeenemotet.com |
|
| Details | Url | 1 | https://us-cert.cisa.gov/ncas/alerts/aa20-280a |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/emotet-malware-wants-to-invite-you- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2018/11/23/black-friday-special-emotet-filling-inboxes- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/qbot-partners-with-egregor- |
|
| Details | Url | 1 | https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/trickbots-new-module-aims-to-infect- |
|
| Details | Url | 1 | https://thehackernews.com/2020/10/trickbot-linux-variants-active-in-wild.html |
|
| Details | Url | 2 | https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/maze-ransomware-shuts-down- |
|
| Details | Url | 1 | https://www.infosecurity-magazine.com/news/red-alert-us-hospitals-flooded |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/revil-ransomware-gang-claims-over- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/egregor-ransomware-bombards- |
|
| Details | Url | 1 | https://www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they- |
|
| Details | Url | 1 | https://borncity.com/win/2020/05/20/warning-infected-cookie-consent-logo-delivers- |
|
| Details | Url | 1 | https://finance.yahoo.com/quote/btc-usd |
|
| Details | Url | 1 | https://www.bloomberg.com/news/articles/2020-12-17/bitcoin-price-what-investors-need- |
|
| Details | Url | 1 | https://www.paypal.com/us/smarthelp/article/cryptocurrency-on-paypal-faq- |
|
| Details | Url | 1 | https://www.cnbc.com/select/visa-backs-first-credit-card-to-offer-bitcoin-rewards |
|
| Details | Url | 1 | https://www.coindesk.com/price/ethereum |
|
| Details | Url | 1 | https://www.coindesk.com/price/monero |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/new-worm-turns-windows-linux- |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials |
|
| Details | Url | 1 | https://www.zdnet.com/article/apple-notarizes-six-malicious-apps-posing-as-flash- |
|
| Details | Url | 1 | https://www.welivesecurity.com/wp-content/uploads/2020/10/eset_threat_report_q32020. |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware |
|
| Details | Url | 1 | https://twitter.com/esetresearch/status/1270339046645141507?s=20 |
|
| Details | Url | 1 | https://twitter.com/esetresearch/status/1331947342870802432 |
|
| Details | Url | 1 | https://www.ic3.gov/media/y2020/psa201229 |
|
| Details | Url | 1 | https://blog.netlab.360.com/heh-an-iot-p2p-botnet |
|
| Details | Url | 1 | https://eecd.eset.com/agenda/detail/3 |
|
| Details | Url | 1 | https://eecd.eset.com/agenda/detail/6 |
|
| Details | Url | 1 | https://eecd.eset.com/agenda/detail/8 |
|
| Details | Url | 1 | https://www.blackhat.com/asia-20/briefings/schedule/#krk |
|
| Details | Url | 1 | https://aavar.org/avar2020/index.php/cdrthief-malware-that-targets-linux-voip- |
|
| Details | Url | 1 | https://codeblue.jp/2020/en/talks/?content=talks_11 |
|
| Details | Url | 57 | https://attack.mitre.org |
|
| Details | Url | 3 | https://attack.mitre.org/techniques/enterprise |
|
| Details | Url | 4 | https://attack.mitre.org/software |
|
| Details | Url | 13 | https://attack.mitre.org/groups |
|
| Details | Url | 1 | https://attack.mitre.org/versions/v8/techniques/t1547/012 |
|
| Details | Url | 1 | https://attack.mitre.org/versions/v8/software/s0260 |
|
| Details | Url | 1 | https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover |
|
| Details | Url | 1 | https://attack.mitre.org/versions/v8/techniques/t1218/002 |
|
| Details | Url | 1 | https://attack.mitre.org/versions/v8/groups/g0047 |
|
| Details | Url | 2 | https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game |
|
| Details | Url | 1 | https://help.eset.com/glossary/en-us/unwanted_application.html |
|
| Details | Url | 1 | https://help.eset.com/glossary/en-us/unsafe_application.html |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Microsoft\Print |