FontPack: A dangerous update
Tags
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 249ea0f0-d45e-410d-8308-9daf6f4a0e6e |
| Fingerprint | bc07a8202b1784c8 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | March 6, 2021, midnight |
| Added to db | Aug. 31, 2024, 12:23 a.m. |
| Last updated | Nov. 12, 2024, 7:58 a.m. |
| Headline | UNKNOWN |
| Title | FontPack: A dangerous update |
| Detected Hints/Tags/Attributes | 56/3/11 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.group-ib.com/fontpack |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 36 | ✔ | Blog Group-IB | https://blog.group-ib.com/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | browsertelemetry.tk |
|
| Details | Domain | 34 | exploit.im |
|
| Details | Domain | 78 | bitbucket.org |
|
| Details | 1 | xxxbtc@exploit.im |
||
| Details | File | 1 | wp-kernel.js |
|
| Details | File | 9 | flashplayer.exe |
|
| Details | sha1 | 1 | 1ea09cd229b34951007f81c8e5acd323386e4fb6 |
|
| Details | sha1 | 1 | 36d08c8ab8e161923403cd89bdf3600fccd6629a |
|
| Details | Url | 1 | https://browsertelemetry.tk/admin/login. |
|
| Details | Url | 1 | https://bitbucket.org/flashplayerupdate/flashplayer |
|
| Details | Url | 1 | https://bitbucket.org/adobeflashupdate/flashplayer |