ioc[.]one - OSINT Cyber Threat Intelligence Database

2024-10-25 HeptaX - Unauthorized RDP Connections. Nalicious LNK. > Powershell > Bat files Samples

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	17f05a11-05b5-409a-8ef5-4c26e123b3b8
Fingerprint	9c9a89f20109af42
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 29, 2024, 3:01 a.m.
Added to db	Oct. 29, 2024, 4:45 a.m.
Last updated	Nov. 12, 2024, 4:57 a.m.
Headline	2024-10-25 HeptaX - Unauthorized RDP Connections. Nalicious LNK. > Powershell > Bat files Samples
Title	2024-10-25 HeptaX - Unauthorized RDP Connections. Nalicious LNK. > Powershell > Bat files Samples
Detected Hints/Tags/Attributes	29/2/21

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/2024-10-25-heptax-unauthorized-rdp-connections-nalicious-lnk-powershell-bat-files-samples/87900

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	6605178dbc4d84e789e435915e86a01c5735f34b7d18d626b2d8810456c4bc72.zip
Details	Domain	36	contagiodump.blogspot.com
Details	Domain	19	contagiominidump.blogspot.com
Details	File	2	k1.bat
Details	File	2	scheduler-once.bat
Details	File	3	bb.ps1
Details	File	6	chromepass.exe
Details	File	1	outcomes.pdf
Details	File	1	6605178dbc4d84e789e435915e86a01c5735f34b7d18d626b2d8810456c4bc72.zip
Details	File	6	b.ps1
Details	File	1	2024-10-25-heptax-unauthorized-rdp.html
Details	sha256	3	18e75bababa1176ca1b25f727c0362e4bb31ffc19c17e2cabb6519e6ef9d2fe5
Details	sha256	3	1d82927ab19db7e9f418fe6b83cf61187d19830b9a7f58072eedfd9bdf628dab
Details	sha256	3	4b127e7b83148bfbe56bd83e4b95b2a4fdb69e1c9fa4e0c021a3bfb7b02d8a16
Details	sha256	3	5ff89db10969cba73d1f539b12dad42c60314e580ce43d7b57b46a1f915a6a2b
Details	sha256	3	6605178dbc4d84e789e435915e86a01c5735f34b7d18d626b2d8810456c4bc72
Details	sha256	3	999f521ac605427945035a6d0cd0a0847f4a79413a4a7b738309795fd21d3432
Details	sha256	3	a8d577bf773f753dfb6b95a3ef307f8b4d9ae17bf86b95dcbb6b2fb638a629b9
Details	IPv4	3	157.173.104.153
Details	Url	1	http://157.173.104.153
Details	Url	1	https://contagiodump.blogspot.com/2024/10/2024-10-25-heptax-unauthorized-rdp.html