ioc[.]one - OSINT Cyber Threat Intelligence Database

BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

Tags

country:	Bolivia Chile Colombia Ecuador Spain Laos
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cmstp - T1218.003 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Vnc - T1021.005 Tool - T1588.002 Cmstp - T1191 Connection Proxy - T1090 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	17471a93-0c0a-4c26-82e7-8075da2a42cd
Fingerprint	aed81cdb81b327c4
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 14, 2023, 9:45 a.m.
Added to db	July 14, 2023, 4:02 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan
Title	BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan
Detected Hints/Tags/Attributes	106/3/35

Source URLs

	Redirection	Url
Details	Source	https://securityintelligence.com/posts/x-force-hive0129-targeting-financial-institutions-latam-banking-trojan/

URL Provider

Details	Provider	Source level domain
Details	securityintelligence.com	securityintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	227	✔	X-Force – Security Intelligence	https://securityintelligence.com/category/x-force/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	6	gtly.to
Details	Domain	1	ecuadorlab.work.gd
Details	Domain	95	ip-api.com
Details	Domain	14	freegeoip.net
Details	Domain	129	api.ipify.org
Details	Domain	88	main.py
Details	File	674	node.js
Details	File	2	c:\windows\system32\svchosts.exe
Details	File	1	flogonw7.dll
Details	File	1	revenra.txt
Details	File	1	htmlvn_c.exe
Details	File	76	main.py
Details	File	1	c:\py\python.exe
Details	File	1	c:\py\main.py
Details	File	271	chrome.exe
Details	File	1	fot.cer
Details	File	73	opera.exe
Details	File	1	flogonw7.log
Details	File	1	%localappdata%\microsoft\user.db
Details	File	7	update.txt
Details	File	1	c:\program files\rdp wrapper\rdpwrap.ini
Details	File	2	%appdata%\chrome\chrome.exe
Details	File	1	%appdata%\doblev\nginx start nginx.exe
Details	File	1	%appdata%\doblev\node start node.exe
Details	File	25	config.js
Details	File	2127	cmd.exe
Details	File	27	computerdefaults.exe
Details	File	1	nservises.exe
Details	IBM X-Force - Unattributed Threat Actor	3	Hive0129
Details	Url	1	https://gtly.to/gy3ga460x
Details	Url	12	http://ip-api.com/json
Details	Url	1	http://freegeoip.net/xml
Details	Url	11	http://api.ipify.org
Details	Windows Registry Key	1	HKCU\Software\Microsoft\MozillaPlugins\Data
Details	Windows Registry Key	1	HKCU\Software\Microsoft\MozillaPlugins