ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Analysis Insight: RisePro Information Stealer

Tags

cmtmf-attack-pattern:	Application Layer Protocol Masquerading Scheduled Task/Job
country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Application Layer Protocol - T1437 Control Panel - T1218.002 Credentials - T1589.001 Credentials From Password Stores - T1555 Data From Local System - T1533 Email Accounts - T1585.002 Email Accounts - T1586.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exfiltration Over Web Service - T1567 File And Directory Discovery - T1420 Hardware - T1592.001 Hidden Window - T1564.003 Input Capture - T1417 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Process Discovery - T1424 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 System Checks - T1633.001 System Checks - T1497.001 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Automated Collection - T1119 Credential Dumping - T1003 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Email Collection - T1114 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Hidden Window - T1143 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Network Service Scanning - T1046 Process Discovery - T1057 Query Registry - T1012 Remote System Discovery - T1018 Scheduled Task - T1053 Security Software Discovery - T1063 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Time Discovery - T1124 Automated Collection Masquerading Remote System Discovery

Show in Graph

Common Information

Type	Value
UUID	0a3e7ef5-ba95-4f98-9f66-2df3d56e7a18
Fingerprint	9604099d873b8f8d
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 26, 2024, midnight
Added to db	Aug. 31, 2024, 1:30 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Threat Analysis Insight: RisePro Information Stealer
Title	Threat Analysis Insight: RisePro Information Stealer
Detected Hints/Tags/Attributes	157/4/76

Source URLs

	Redirection	Url
Details	Source	https://blogs.blackberry.com/en/2024/06/threat-analysis-insight-risepro-information-stealer

URL Provider

Details	Provider	Source level domain
Details	blackberry.com	blogs.blackberry.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	56	✔	Latest Articles - BlackBerry Blogs	https://blogs.blackberry.com/en/feed.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	126	T1567
Details	Url	1	http://185.215.113.46/mine/plaza.exe
Details	Url	1	http://185.215.113.46/cost/ladas.exe
Details	Url	1	http://77.91.77.81/cost/go.exe
Details	Url	1	http://77.91.77.81/cost/lenin.exe
Details	Url	1	http://77.91.77.81/mine/amadka.exe
Details	Url	20	https://www.apache.org/licenses/license-2.0
Details	Domain	33	www.apache.org
Details	File	4	c:\windows\syswow64\schtasks.exe
Details	File	45	information.txt
Details	File	58	password.txt
Details	File	99	passwords.txt
Details	sha256	1	2229327fa653ffd07f11773ee22eb00e580b6824ce122a1e788f19859aa9dca2
Details	sha256	1	5e1a1b2e2c20bc50b54e02393fa6f26a2b8c2f4d87f2abdecaca73472b5c5dba
Details	sha256	1	a36d5e790ca17fb6f70884942d868d29c6854054f2db79ed8f4e2d0d16ef1647
Details	sha256	1	4f0e839393df72db99a05ade0848979ff375399b104e59a7cc3847d746c17e5c
Details	sha256	1	56108c707fcaf87b2220c081db115171ff35811946b3ad2d76105715e8530fbe
Details	sha256	1	b4ad80860c773c79c946c3a4df13e534153bd17ceebad6acedac3156dfe0144c
Details	sha256	1	77e97faca59d8de34ddc7272791efac41da9ff5b7b175a99e09a255e2701d725
Details	sha256	1	a78513831b47f4b35ee9063aa167bf5d05c61559b2ac7f8fb93fa966a36e34d2
Details	sha256	1	30baf54d50379893b23b24203611da331d436dfc35f2d0a805bac4da0d310489
Details	sha256	1	c48eb226b641b382fd4155f10c96aacc585c6e65814865cd762e88b8a5cffd14
Details	sha256	1	6b82e6f228cbb8143b68e1739f3d083cf6ab0ba9c202ce1ec769bb12c9030619
Details	sha256	1	5719a862d5a32ec56328f8e066a83b6b0577a6965074ca671d0cecce681d5f79
Details	sha256	1	9d540839e75daf4f31eb36271fef6eb16a913446384d07e4d8dbb2602f18bf0f
Details	sha256	1	15dfbd2df433c9725239d6602bdfc56d00db62f88a1769a534d98cad50536c27
Details	sha256	1	c7a40fb4aa017a0d17b535c1857d51f95b7ed8684a1ea860294bf5d897667839
Details	sha256	1	6113bc3f3f972393acff5022f5ba95fb96c3d9038386ada49ccf244fa5f885fa
Details	sha256	1	ce930238a02a55d7b6f13fdf9b3306de61c5c25513ed396c7e9a8dbd4c45dbd9
Details	sha256	1	19c98cba0d8037a36b00d2c11cc24d25e1f388ba5093a4b6e9017508371fb34b
Details	sha256	1	d2cbb7a5ef2ecdf7c6f8c965df5886a18ea0e630009cdedb3692ed1b8c77b487
Details	sha256	1	078b3f37483cfc697fbd67120311e6109843804f5cae9c46f04fa1b51ba7120a
Details	sha256	1	d435d7cf9077533a7c23129a8d7462e7596505e3990664dd5888fce40652bb14
Details	sha256	1	d7c3c01d62fb59e186b2256894fb089c01e1aeda5dbd86a3004f1857a13313ad
Details	sha256	1	0d5bb8b8da18abd1f3934103c501abf9b9cd3a6e1656853359a568dca3229765
Details	sha256	1	cb21be437c800875400a94b2442bbe02ccaf31ee49e1f440aac378fc2b0b756d
Details	sha256	1	f87dd2b6a63e850b6c2128ec139c6334b572b1c80698fcc30de6f39ffc788f4f
Details	IPv4	1	5.42.92.73
Details	IPv4	1	185.196.9.38
Details	IPv4	1	147.45.47.116
Details	IPv4	1	101.99.92.169
Details	IPv4	1	147.45.47.80
Details	IPv4	1	37.120.237.196
Details	IPv4	1	95.216.41.236
Details	IPv4	1	185.221.198.67
Details	IPv4	1	194.33.191.159
Details	IPv4	1	94.156.8.188
Details	IPv4	1	185.215.113.46
Details	IPv4	1	77.91.77.81
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	66	T1564.003
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	86	T1124
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	444	T1071