A Deeper Look into the PaperCut Vulnerabilities
Tags
country: Iran
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 073d3f78-5ed2-481b-8356-b618aa435b36
Fingerprint afe9dde1aa07668a
Analysis status DONE
Considered CTI value 2
Text language
Published May 16, 2023, midnight
Added to db June 5, 2023, 11:50 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline A Deeper Look into the PaperCut Vulnerabilities
Title A Deeper Look into the PaperCut Vulnerabilities
Detected Hints/Tags/Attributes 101/3/64
Source URLs
Redirection Url
Details Source https://www.avertium.com/resources/threat-reports/a-deeper-look-into-the-papercut-vulnerabilities
URL Provider
Details Provider Source level domain
Details avertium.com www.avertium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 274 Threat Reports https://www.avertium.com/resources/threat-reports/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 140 
cve-2023-27350
Details CVE 54 
cve-2023-27351
Details Domain 8 
windowservicecenter.com
Details Domain 7 
upd488.windowservicecemter.com
Details Domain 68 
gmx.com
Details Domain 5 
anydeskupdate.com
Details Domain 5 
anydeskupdates.com
Details Domain 5 
netviewremote.com
Details Domain 5 
updateservicecenter.com
Details Domain 5 
windowcsupdates.com
Details Domain 8 
windowservicecemter.com
Details Domain 5 
windowservicecentar.com
Details Domain 5 
winserverupdates.com
Details Domain 2 
decrypt.support
Details Domain 3 
privyonline.com
Details Domain 2 
data-highstream.com
Details Domain 85 
onionmail.org
Details Domain 5 
ber6vjyb.com
Details Domain 152 
cisa.gov
Details Domain 132 
trendmicro.com
Details Domain 280 
thehackernews.com
Details Domain 17 
malwarebytes.com
Details Domain 6 
huntress.com
Details Domain 162 
bleepingcomputer.com
Details Email 3 
integratorlogin=fimaribahundqf@gmx.com
Details Email 2 
decrypt.support@privyonline.com
Details Email 2 
fimaribahundqf@gmx.com
Details Email 2 
main-office@data-highstream.com
Details Email 2 
prepalkeinuc0u@gmx.com
Details Email 3 
tpyrcne@onionmail.org
Details Email 37 
report@cisa.gov
Details File 1208 
powershell.exe
Details File 20 
setup.msi
Details File 2 
'setup.msi
Details File 137 
conhost.exe
Details File 37 
'cmd.exe
Details File 35 
'powershell.exe
Details File 11 
pc-app.exe
Details File 16 
server.log
Details File 1 
4591187629.exe
Details File 15 
update.dll
Details md5 3 
46fe07c07fd0f45ba45240ef9aae2a44
Details sha1 3 
b918f97c7c6ebc9594de3c8f2d9d75ecc292d02b
Details sha256 3 
f9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb
Details sha256 6 
c0f8aeeb2d11c6e751ee87c40ee609aceb1c1036706a5af0d3d78738b6cc4125
Details IPv4 2 
102.130.112.157
Details IPv4 1 
172.106.112.46
Details IPv4 1 
176.97.76.163
Details IPv4 2 
192.160.102.164
Details IPv4 1 
194.87.82.7
Details IPv4 1 
195.123.246.20
Details IPv4 1 
198.50.191.95
Details IPv4 1 
206.197.244.75
Details IPv4 1 
216.122.175.114
Details IPv4 1 
46.4.20.30
Details IPv4 2 
5.188.206.14
Details IPv4 1 
5.8.18.233
Details IPv4 1 
5.8.18.240
Details IPv4 1 
80.94.95.103
Details IPv4 1 
89.105.216.106
Details IPv4 9 
92.118.36.199
Details IPv4 1 
192.184.35.216
Details Threat Actor Identifier - FIN 127 
FIN11
Details Url 1 
http://192.184.35.216:443/4591187629.exe