ioc[.]one - OSINT Cyber Threat Intelligence Database

Rewterz Threat Alert – New All-in-One Stealer ‘EvilExtractor’ Campaign Targets Windows User Data – Active IOCs

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	1bf82290-0288-4833-95ef-0f311510155b
Fingerprint	8c228de52f054744
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 24, 2023, 8:52 a.m.
Added to db	May 2, 2023, 11:20 a.m.
Last updated	Sept. 4, 2024, 9:13 p.m.
Headline	Rewterz Threat Alert – New All-in-One Stealer ‘EvilExtractor’ Campaign Targets Windows User Data – Active IOCs
Title	Rewterz Threat Alert – New All-in-One Stealer ‘EvilExtractor’ Campaign Targets Windows User Data – Active IOCs
Detected Hints/Tags/Attributes	50/2/21

Source URLs

	Redirection	Url
Details	Source	https://www.rewterz.com/rewterz-news/rewterz-threat-alert-new-all-in-one-stealer-evilextractor-campaign-targets-windows-user-data-active-iocs/

URL Provider

Details	Provider	Source level domain
Details	rewterz.com	www.rewterz.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	365	✔	—	https://www.rewterz.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	6	kk2023.zip
Details	File	4	account_info.exe
Details	File	4	kk2023.zip
Details	md5	1	1afb46290a59305692953cc04cdf6749
Details	md5	2	9650ac3a9de8d51fddab092c7956bdae
Details	md5	2	fb970c4367609860c2e5b17737a9f460
Details	md5	1	7844aa5b234d28d70888cf660b428972
Details	md5	2	163d4e2d75f8ce6c838bab888bf9629c
Details	sha1	1	d76da6653d8d774653ab21c34ce118a911a99044
Details	sha1	1	f52b9ec5b9629a746c679394953dc56407b8a419
Details	sha1	1	c4294d92364eb8dd6736448e3767fc827015873d
Details	sha1	1	f7ecc96fd43b2e3fa898befd21c446f48888412d
Details	sha1	1	fbbd9999d3078b4047b3282f186b4ee86e0a3cc7
Details	sha256	2	352efd1645982b8d23a841107007c8b4b024eb6bb5d6b312e5783ce4aa62b685
Details	sha256	2	023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e
Details	sha256	2	75688c32a3c1f04df0fc02491180c8079d7fdc0babed981f5860f22f5e118a5e
Details	sha256	2	826c7c112dd1ae80469ef81f5066003d7691a349e6234c8f8ca9637b0984fc45
Details	sha256	2	b1ef1654839b73f03b73c4ef4e20ce4ecdef2236ec6e1ca36881438bc1758dcd
Details	IPv4	4	193.42.33.232
Details	IPv4	3	45.87.81.184
Details	Url	1	http://193.42.33.232