ioc[.]one - OSINT Cyber Threat Intelligence Database

Upgraded Aggah malspam campaign delivers multiple RATs

Tags

attack-pattern:

Data Direct Cmstp - T1218.003 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Mshta - T1218.005 Network Security Appliances - T1590.006 Powershell - T1059.001 Scheduled Task - T1053.005 Software - T1592.002 Tool - T1588.002 Cmstp - T1191 Mshta - T1170 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	18c0def9-18a3-4dfb-9ce1-c759eea9f78e
Fingerprint	a4211899c93fcf8b
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 29, 2020, 11:48 a.m.
Added to db	Oct. 9, 2022, 4:11 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Vulnerability Information
Title	Upgraded Aggah malspam campaign delivers multiple RATs
Detected Hints/Tags/Attributes	64/1/161

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2020/04/upgraded-aggah-malspam-campaign.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	358	pastebin.com
Details	Domain	904	snort.org
Details	File	4	list.csv
Details	File	1	hager.xls
Details	File	8	order.xls
Details	File	3	quotation.xls
Details	File	1	shipment.csv
Details	File	1	422513.csv
Details	File	1	t.csv
Details	File	1	3053432.xls
Details	File	47	cmstp.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	7	%windir%\system32\reg.exe
Details	File	149	msbuild.exe
Details	File	312	calc.exe
Details	sha256	1	af70b67e70ba11e54deefc140b9fda0e7fe918f8bf1cf19eb184278c20ded621
Details	sha256	1	a4931fd893b630efa9b4cf7c7ca1a1b7827ec2cef7d270baaa7737b4103be235
Details	sha256	1	39d059d7891d0b194face48f21093f6de9ae14e3f788f8a30c128398a0bf545c
Details	sha256	1	ee913965822c4bbd2454a497431a82cb9d5fb360f51f313519fb132dc0532f67
Details	sha256	1	23d1a8e46a5713a39a7d636e9d22d3c24237a09f51248b7cfc421e99056c5c6b
Details	sha256	1	85f7e45904e059698dca69aefd0f49c1ac7434703f6d4eb913e95de5b8162df6
Details	sha256	1	cac81dd6d21cd8011f819fe998684e5f91710661b5cb7a2598fc0623dbe2b1ce
Details	sha256	1	1fc6f05a4a0947806e0c77492c6afe5a4f8ce20c4450ebbf2eb35818f8962210
Details	sha256	1	40d72cad9e7c10eb1b2415148cd641f8425419ace468ee3f418849d9675b8f0d
Details	sha256	1	6c6d611e629030213f065c058a969d3f19f91dfb2fe78c15acbabb9e687321ed
Details	sha256	1	733b3e58c8b7280cb351539dfd4f0cf57be967a595a4ac237369f6f80a3be926
Details	sha256	1	0eb1f2c85d6c1fcbb1546cec47d572245e291f3522e5fc49cfbe47f9415c8539
Details	sha256	1	20e0a74e41af798ff364ca479630d120ed0f9d990ad097f30e75f632d6a0c3f9
Details	sha256	1	238c97a1150ab97f075d40aec1fddff80a0cd5ad5c551e23c4144ff6dfc8f91d
Details	sha256	1	1038e891dc459285da10f15d7ef679588f6d80a661c7f92dee44487003d0f76d
Details	sha256	1	35f523e5de8e240c9ae8f20d198a4bfde3877631390f24e2dc877223bdce5045
Details	sha256	1	73000931708116073e9bf7f326497564677fb9e36cd2195523e68376da2e44cd
Details	sha256	1	98ebeb1b1e6f97222680028d4e100c9bd0663cb953003382846432dc2adb23c2
Details	sha256	1	0a32978459907400ee525773ed2c7fd1521ceda18b75bd5f01645e9522eb5f81
Details	sha256	1	70370381401dafa66b29ec8029d382bfcffedd3cc5e44290cb3fefa728347730
Details	sha256	1	80707eab36cebfb26becd728e5dd155c22d0d272f1f62a9acd17abed6feccd8a
Details	sha256	1	7ec1cb6e477faea97fb78093c857099e4fdf72f535cab3433cdeb40a282e6359
Details	sha256	1	dbe17317d20e8d6b308b5ce32a53fd0b02b0d9914cafcceed06790a62da17c2d
Details	sha256	1	c9d7b63c671f24c049f711c361f1cb92780f838729b2acbe48bb906037347467
Details	sha256	1	913cc2d81a99ec7def735f16761390d0c4f47f28889ecf047525d2f86ff01011
Details	sha256	1	e82fea3940cd5d89202ef5a6fb236696d8364e232e7b6413a838b276fed916bb
Details	sha256	1	f55eb5d585d55b0cf4e00d0a97f8d9941f6547b0cfb314ac26f00a184cd3ab38
Details	sha256	1	595e06556d773d2c87671c817499f13500a910ddab31a0bd6f9e31fc8f46b5dc
Details	sha256	1	09050292abe61da2e39f0c16d2d10f8f7aa70b67b8a6c358724187131d1e3879
Details	sha256	1	23b2f5919d0b943effd748f6341e7dac16e2cc6f65d972f1cac8630c6ea6c524
Details	sha256	1	e742e2858352ad1da32cd45769ba6434aeea7465440667ffc1858c1ba0c8a1f6
Details	sha256	1	3a95d34385daf5fd45467767174ea2524d09396961d8f9ed180ff034604ba467
Details	sha256	1	f78311bc3b478929ccccd51c73e5e270f73db256a110821ca8adb6ef848ffa9d
Details	sha256	1	cba31bbe59853a2dd3a5b0c28b2d960c1292ea13571f08753079e067d2d1d6f3
Details	sha256	1	b2f2c8fe5e31a7c127f55aebae9e57e6347c432ba1c551a75f3372a373393a32
Details	sha256	1	28544b668b766853540aec755f73785ef0e644b21f1fa5f181d924a67f41acae
Details	sha256	1	0f2af9064dabe99260dac84facf4bd1e18051fa989a88e227e3b4684a9697274
Details	sha256	1	2dca36ce5e6d5e6ac382cda2562bc8783eb85053449cb790804b463a64effa67
Details	sha256	1	3ae524895fc071aa931d196767a4d6573e1cf57bfd500ccef7377696e080e702
Details	sha256	1	510b4ce5fb8c87120e28f3c06fb776564aedbcb483240b6b48aa1aada173e82b
Details	sha256	1	225f8bf058226e66ab7590c6f23235668cddb32e37a300d3994406875803c8c1
Details	sha256	1	0364b894e8c3234f2566b7368eecbdb264fa84e2ac7dd494acb9cce9a3ffc74e
Details	sha256	1	2e1af852e853a6841bb58891dea8529bd8458a1ee57595235a1632e71cb3ca59
Details	sha256	1	97931e1e8bdc57f2023b749b700139184c82ad646c97e9cf889f4a2c853f2408
Details	sha256	1	b0aae401bbca253a323b4591f41a69435617992f06e6df07e367184665edfd6e
Details	sha256	1	6045833390cdc30f440a9c5ec0922ae691e427a0e8d6b4750fe6a92e73cf1305
Details	sha256	1	3c657ad3b87ee8f3f666f0d3c93344a770e68119597f182fb128884cfccce35c
Details	sha256	1	2eb47fa90ad933efb1dccc31f18b824ad560dd16e1b8aad3d7004bfc2018180a
Details	sha256	1	23e86df6daedf7aa13aded2f9123fdba812aa60bc30930a5db661a26958c4128
Details	sha256	1	c9ead4ece5af03b5050a4c541c5f89a8eea047a32e697e307d93979e58ccb987
Details	sha256	1	06924e5a0171b69f5e406317994e8f485d30ae404471aad9b5501497d1acfcf7
Details	Url	2	http://pastebin.com/raw
Details	Url	1	https://pastebin.com/u/bakeitup
Details	Url	1	https://pastebin.com/u/bakeitup1
Details	Url	1	https://pastebin.com/u/gogga4
Details	Url	2	https://pastebin.com/u/gogga7
Details	Url	1	https://pastebin.com/u/moneyneeded
Details	Url	1	https://pastebin.com/u/timenamoney
Details	Url	1	https://pastebin.com/u/hushpuppi44
Details	Url	1	https://pastebin.com/u/mompha1
Details	Url	1	https://pastebin.com/u/alphabates3
Details	Url	1	http://j.mp/jaosidna8sxnasox
Details	Url	1	http://j.mp/ksxkssxksis8ijsjlsiajasldm
Details	Url	1	http://j.mp/ajsixans7xnasixn
Details	Url	1	http://j.mp/lkslsodkdfd9sods0kdsodo
Details	Url	1	http://j.mp/osasdkasdjsajasdiskdisdks
Details	Url	1	http://j.mp/asxlijlcsdoicdcli8lkjdclid9k
Details	Url	1	http://j.mp/sodkidkcikiksopsk9ksis6so
Details	Url	1	http://j.mp/ksossksxmsxsxk8su7sjsx7j
Details	Url	1	http://j.mp/qidusldsidadkfmd9klkdkfk
Details	Url	1	http://j.mp/siadljas8asldkasd8asdl9sal
Details	Url	1	http://j.mp/jsakdiuksajsjaskkusk8ilas89
Details	Url	1	http://j.mp/nlkskjldu8sjlkdjkkljsmk
Details	Url	1	http://j.mp/asniasnxa8sxnasx
Details	Url	1	https://pastebin.com/swjz13tn
Details	Url	1	https://pastebin.com/raa9asip
Details	Url	1	http://pastebin.com/ydnbhm9i
Details	Url	1	http://pastebin.com/rjjl3q8k
Details	Url	1	https://pastebin.com/xb567gn8
Details	Url	1	https://pastebin.com/gusd8kh8
Details	Url	1	https://pastebin.com/rcqxukvb
Details	Url	1	https://pastebin.com/5rm3ub4t
Details	Url	1	https://pastebin.com/8zispntq
Details	Url	1	http://pastebin.com/zkciqthe
Details	Url	1	http://pastebin.com/u15y8bqw
Details	Url	1	http://pastebin.com/vfgssbqr
Details	Url	1	https://pastebin.com/csvu7iv8
Details	Url	1	https://pastebin.com/pyn42zyy
Details	Url	1	https://pastebin.com/pkueey0j
Details	Url	1	http://pastebin.com/tnesjznm
Details	Url	1	https://pastebin.com/baejj2xr
Details	Url	1	https://pastebin.com/2kzmttx1
Details	Url	1	http://pastebin.com/csv8dth1
Details	Url	1	http://pastebin.com/bdxvqe7r
Details	Url	1	https://pastebin.com/36rhyfyf
Details	Url	1	http://pastebin.com/cixwea8n
Details	Url	1	https://pastebin.com/sm2bdvwq
Details	Url	1	https://pastebin.com/8yc77fsa
Details	Url	1	http://pastebin.com/uptchjvz
Details	Url	1	http://pastebin.com/vwyw3bus
Details	Url	1	https://pastebin.com/mhum7fwe
Details	Url	1	http://pastebin.com/fe0jktbg
Details	Url	1	https://pastebin.com/t8bdjpkh
Details	Url	1	https://pastebin.com/rtrp8wut
Details	Url	1	http://pastebin.com/kqjkvnnn
Details	Url	1	http://pastebin.com/wygtprqh
Details	Url	1	http://pastebin.com/8cp9qqjy
Details	Url	1	https://pastebin.com/bxms4jqj
Details	Url	1	https://pastebin.com/dgbjqytk
Details	Url	1	http://pastebin.com/p826zz7d
Details	Url	1	http://pastebin.com/td6tz6ex
Details	Url	1	https://pastebin.com/zyd07ecr
Details	Url	1	http://pastebin.com/gnngrgzn
Details	Url	1	https://pastebin.com/7xxux05w
Details	Url	1	https://pastebin.com/8ejgcnsp
Details	Url	1	http://pastebin.com/2rqbe3qu
Details	Url	1	http://pastebin.com/c3yrje9a
Details	Url	1	https://pastebin.com/m3evtwbt
Details	Url	1	http://pastebin.com/a09gx0w9
Details	Url	1	https://pastebin.com/wdemiaaj
Details	Url	1	https://pastebin.com/mzznwjtj
Details	Url	1	http://pastebin.com/ywpcgxy4
Details	Url	1	http://pastebin.com/fnmcbz0u
Details	Url	1	https://pastebin.com/pna1wj3c
Details	Url	1	http://pastebin.com/dym4umf9
Details	Url	1	https://pastebin.com/0zs4klgn
Details	Url	1	https://pastebin.com/ynajfeqs
Details	Url	1	http://pastebin.com/m0h2a9fp
Details	Url	1	http://pastebin.com/mpis0xvi
Details	Url	1	https://pastebin.com/ksa0lbyu
Details	Url	1	http://pastebin.com/m8zcgw0a
Details	Url	1	https://pastebin.com/dvypbwuf
Details	Url	1	https://pastebin.com/ub8qavxc
Details	Url	1	http://pastebin.com/7nu4s1hk
Details	Url	1	http://pastebin.com/arrakbed
Details	Url	1	https://pastebin.com/z4ywkizu
Details	Url	1	http://pastebin.com/drxejwps
Details	Url	1	https://pastebin.com/q8sxxpy3
Details	Url	1	https://pastebin.com/zu5m82z3
Details	Url	1	http://pastebin.com/n1u2yykh
Details	Url	1	https://pastebin.com/k8ut9fsu
Details	Url	1	http://pastebin.com/aw2dagxf
Details	Url	1	https://pastebin.com/rf8fbz6p
Details	Url	1	http://pastebin.com/hupdxj7g
Details	Url	1	https://pastebin.com/grjj48eq
Details	Windows Registry Key	98	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System