New OpcJacker Malware Distributed via Fake VPN Malvertising
Tags
| country: | Iran |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Keylogging - T1056.001 Keylogging - T1417.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Remote Access Tools - T1219 |
Common Information
| Type | Value |
|---|---|
| UUID | 26032310-8e9a-4e18-b059-709c6530fc75 |
| Fingerprint | 9c241833acb78fd1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 29, 2023, midnight |
| Added to db | Oct. 15, 2024, 9:57 p.m. |
| Last updated | Nov. 13, 2024, 12:26 p.m. |
| Headline | New OpcJacker Malware Distributed via Fake VPN Malvertising |
| Title | New OpcJacker Malware Distributed via Fake VPN Malvertising |
| Detected Hints/Tags/Attributes | 61/3/26 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 0-rc2-372-gc3ff15f-instal.zip |
|
| Details | Domain | 2 | tradingviewdesktop.zip |
|
| Details | Domain | 4 | axieinfinity.com |
|
| Details | Domain | 5 | metamask.io |
|
| Details | 3 | ronin-wallet@axieinfinity.com.xpi |
||
| Details | 6 | webextension@metamask.io.xpi |
||
| Details | File | 3 | clf_security.iso |
|
| Details | File | 3 | cloudflare_security_setup.iso |
|
| Details | File | 1 | 0-rc2-372-gc3ff15f-instal.zip |
|
| Details | File | 2 | msi_afterburner.iso |
|
| Details | File | 4 | 0.rar |
|
| Details | File | 2 | tradingviewdesktop.zip |
|
| Details | File | 2 | x64.rar |
|
| Details | File | 2 | rawdigger.exe |
|
| Details | File | 2 | librawf.dll |
|
| Details | File | 2 | libpushpp.dll |
|
| Details | File | 2 | mdb.dll |
|
| Details | File | 2 | clp_log.txt |
|
| Details | File | 27 | client32.exe |
|
| Details | File | 11 | client32.ini |
|
| Details | sha256 | 3 | c5b499e886d8e86d0d85d0f73bc760516e7476442d3def2feeade417926f04a5 |
|
| Details | sha256 | 3 | 565ea7469f9769dd05c925a3f3ef9a2f9756ff1f35fd154107786bfc63703b52 |
|
| Details | sha256 | 4 | 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d |
|
| Details | sha256 | 2 | 49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3 |
|
| Details | sha256 | 3 | c68096eb0a655924ca840ea1c71f9372ac055f299b52335ad10ddfa835f3633d |
|
| Details | sha256 | 3 | f772b652176a6e40012969e05d1c75e3c51a8db4471245754975678f04dedaaa |