Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs | Proofpoint US
Common Information
Type Value
UUID 2219ad56-8f87-4f26-9115-dd5a3e721203
Fingerprint a50519d303750641
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 17, 2024, 4:31 p.m.
Added to db Dec. 17, 2024, 12:39 p.m.
Last updated Dec. 23, 2024, 3:13 p.m.
Headline Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs
Title Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs | Proofpoint US
Detected Hints/Tags/Attributes 84/4/23
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 354 Proofpoint Threat Insight https://www.proofpoint.com/us/threat-insight-blog.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 9
jacknwoods.com
Details Domain 2
www.jacknwoods.com
Details Domain 4
academymusica.com
Details Domain 422
microsoft.com
Details Domain 6
samsnewlooker.com
Details File 4
tmp.pdf
Details File 5
2025.pdf
Details File 3
anvrsa.msi
Details File 1
anvrsa.exe
Details File 3
gfxview.msi
Details File 1
c:\users\public\music\gfxview.msi
Details File 1
xrgtg.exe
Details File 1
c:\windows\cnstaller\mscca69.tmp
Details sha256 3
53a653aae9678075276bdb8ccf5eaff947f9121f73b8dcf24858c0447922d0b1
Details sha256 3
f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733
Details sha256 3
10cec5a84943f9b0c635640fad93fd2a2469cc46aae5e43a4604c903d139970f
Details sha256 3
c7ab300df27ad41f8d9e52e2d732f95479f4212a3c3d62dbf0511b37b3e81317
Details IPv4 3
185.244.151.84
Details IPv4 3
38.180.142.228
Details IPv4 5
96.9.215.155
Details Url 2
http://jacknwoods.com/jacds.php?jin=%computername%_%username%
Details Url 2
https://www.jacknwoods.com/chthuo.php?ain=%computername%_%username%
Details Url 2
http://jacknwoods.com/gfxview.msi