ioc[.]one - OSINT Cyber Threat Intelligence Database

Silent Skimmer Gets Loud (Again)

Tags

cmtmf-attack-pattern:	Native Code
country:	Japan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Models Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Python - T1059.006 Reflective Code Loading - T1620 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Mshta - T1170 Powershell - T1086 Signed Binary Proxy Execution - T1218 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	01c3a800-124b-481a-9e71-2913101135ef
Fingerprint	a0910551e3aed34b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 4, 2024, 11 p.m.
Added to db	Nov. 7, 2024, 12:53 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Silent Skimmer Gets Loud (Again)
Title	Silent Skimmer Gets Loud (Again)
Detected Hints/Tags/Attributes	101/4/72

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	256	✔	Unit 42	https://unit42.paloaltonetworks.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	22	cve-2017-11317
Details	CVE	67	cve-2019-18935
Details	Domain	397	asp.net
Details	Domain	3	f9e5e09788.ipv6.1433.eu.org
Details	Domain	3	nigntboxcdn.com
Details	File	2	c:\windows\system32\arp.exe
Details	File	3	c:\windows\system32\systeminfo.exe
Details	File	21	c:\windows\system32\reg.exe
Details	File	34	a.txt
Details	File	5	m.txt
Details	File	456	mshta.exe
Details	File	226	certutil.exe
Details	File	1208	powershell.exe
Details	File	128	w3wp.exe
Details	File	3	one.ps1
Details	File	3	logtest.ps1
Details	sha256	3	55271d94eb3c95bb6a1965d44bade5ecef5ff610e87133f169e602eb94c39d6b
Details	sha256	3	1b325d32bc99db4b16e2cc4d4810c195f3643936d7ff5baee43ddd18cae9b2a6
Details	sha256	3	85d67f9f6f82de5a8f5f92fcf9a82bbed2ff6f6d91a06a058a40c5a64882149b
Details	sha256	3	b44e6fd83b87d50c8aa8cf62de2578a13c22292fcf298b7664ed828804280dbe
Details	sha256	3	e3746de8993069f343a7334046a2361318e213e13883513a7c0713a847fd4dc9
Details	sha256	3	64ae2bf6920311be2521c47678c04299bd24c2caec2df5b340aa212a69760fda
Details	sha256	3	12508b830149c2d84f2c80947e78218128d16a834c8d0695068f3e773ac62ef9
Details	sha256	3	0aa0ca465170315d2f02c471d5d96ce5fbd6076f59be83fa5398968e951a5f51
Details	sha256	3	dc53581d4c9140b0f987eb6686d67db6d777f8c89114b062be35b8f2847aa66f
Details	sha256	3	3579bae222eb8d7a7c3c16598cf9e81aecbbfc1a2ac2168430e48acfb02cfb24
Details	sha256	3	5d82f31bc37aa18e5c5110968b1a85aa419c6e2840e17074d2519ed9ad5b914c
Details	sha256	3	5ef5c841f74f9331efb5a43cd16d62fd27eb8293888e872a17c7a57795e37d75
Details	sha256	3	7dadff4d883b32c01bbcb96baf081649dbfadd186b934a7fd3c9754e0ba87ab3
Details	sha256	3	8ae2b420245ebbd983d42bb2d8ceb92f2e7ef40181d8f1cb347797ee7a61b2a1
Details	sha256	3	c0244fafbd5231730fdd0bfef2a972dd074f52ca46dc377494424269add81d2b
Details	sha256	3	c73e3b300ac9eb956a471cefb2282602834b5809c46b7807cfc06f671a5d9f8f
Details	sha256	3	342daa41ba3989d5ecb95c7c19a55c1a00c12b6c2faa2cac052bc910a6edd56f
Details	sha256	3	28f0f37fcdee2ac2c022bb454b30f05458075434fa57662af2de22ba5cfb45c1
Details	sha256	3	29a81d3125ab1c886266a03902204253708f8d181c547a88ceb447ef59f99f60
Details	sha256	3	9b29964d0b3d026aa01713dbdf4361439788c05c8eb8723fc7cfb933245dec45
Details	sha256	3	311935e115d678adbe502c8cc4e5396323f3f015ee186df6dc9f67ae0248104b
Details	sha256	3	06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b
Details	sha256	3	5acac9846035863b178ff75fb2a8bdcd53e5d496007d032c3fb20e0dc8306fd9
Details	sha256	3	b1d10328d0cbe3413d1ec15888e5772e323798072fda1285f17b61a96bf0e34e
Details	sha256	3	91a5f92908c561f1d1814d36da613c5b7411bb45554e1b2d19713f1f6d50a10c
Details	sha256	3	8240d49629a558acc0426dff40c042fa989fb46159bb5971ee3c4211b68a59d0
Details	sha256	3	a2a17e561d50f69e011598fd2e03b0376f6468609a1b2d6be9d458ee5c8b397d
Details	sha256	3	b1da7982199597882a2da8c45114f4cf74fed64447fca8c5f58ced24d7085c77
Details	sha256	3	1c9a9732d600d975b5b44ab326d5cc99123a84d5b400a189902ff6d249a24bda
Details	IPv4	3	48.218.138.60
Details	IPv4	3	172.86.96.245
Details	IPv4	3	20.222.194.41
Details	IPv4	3	20.210.230.146
Details	IPv4	3	13.78.113.103
Details	IPv4	3	13.71.153.8
Details	IPv4	3	20.37.116.136
Details	IPv4	3	167.88.168.11
Details	IPv4	3	45.61.166.209
Details	IPv4	4	172.86.123.127
Details	IPv4	3	172.86.105.129
Details	IPv4	3	20.188.26.190
Details	IPv4	3	13.78.94.29
Details	IPv4	3	52.253.107.167
Details	IPv4	3	20.89.43.151
Details	IPv4	3	20.222.138.18
Details	IPv4	3	60.204.201.75
Details	MITRE ATT&CK Techniques	59	T1218.005
Details	MITRE ATT&CK Techniques	91	T1620
Details	Url	2	http://48.218.138.60/a.txt
Details	Url	2	http://48.218.138.60/m.txt
Details	Url	2	http://172.86.96.245/129-80.hta
Details	Url	3	http://20.222.194.41/securityhealthsystray.hta
Details	Url	3	http://20.210.230.146/securityhealthsystray.hta
Details	Url	3	http://13.78.113.103/one.ps1
Details	Url	3	http://13.71.153.8/logtest.ps1
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows