Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo
Tags
cmtmf-attack-pattern: Application Layer Protocol Masquerading Obfuscated Files Or Information Process Injection
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Application Layer Protocol - T1437 Dynamic Api Resolution - T1027.007 Ingress Tool Transfer - T1544 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Software - T1592.002 Standard Application Layer Protocol - T1071 Remote File Copy - T1105 Masquerading - T1036 Obfuscated Files Or Information - T1027 Process Injection - T1055 System Network Configuration Discovery - T1016 User Execution - T1204 Masquerading User Execution
Show in Graph
Common Information
Type Value
UUID 27f7edf9-3229-4d6c-bad4-2875829ea8a6
Fingerprint 8e451319acff86a1
Analysis status DONE
Considered CTI value 2
Text language
Published April 28, 2023, midnight
Added to db Oct. 24, 2023, 1:23 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo
Title Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo
Detected Hints/Tags/Attributes 69/4/32
Source URLs
Redirection Url
Details Redirection https://blog.cyble.com/2023/04/28/citrix-users-at-risk-aresloader-spreading-through-disguised-gitlab-repo/
Details Source https://cyble.com/blog/citrix-users-at-risk-aresloader-spreading-through-disguised-gitlab-repo/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
Details cyble.com blog.cyble.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 30 https://blog.cyble.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 67 
gitlab.com
Details Domain 123 
ipinfo.io
Details File 6 
ag.exe
Details File 118 
sc.exe
Details File 533 
ntdll.dll
Details Gitlab username 3 
citrixchat-project
Details md5 1 
df79ba45a9c6bf187697fe7f3e2dd7bc
Details md5 1 
67029b569ad726b1b87cc62760472cc8
Details md5 1 
ffc047f271e2db11338917aecb1f890b
Details sha1 1 
f064b3d1779692c1928869e6b682d0682e0d987d
Details sha1 1 
0d43665fd941533cdd3edbf71fd3f975bcd53967
Details sha1 1 
92d00383cc03d165bb4a2e55fdcedc0dd184450a
Details sha256 1 
867c574602105903116dca0a8b826e474a555980a193524d1aa7f15aecbc9ae4
Details sha256 2 
169c70fc77814578aa83b3a666eb674c49e60ac6964b040de9b1e51c5966bf56
Details sha256 1 
69fd40c6c06cb719050c36234ba5117d275643d8aff72596167e9c2fee608cfb
Details IPv4 1 
193.233.134.57
Details IPv4 2 
45.80.69.193
Details IPv4 2 
193.168.49.8
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 28 
T1027.007
Details MITRE ATT&CK Techniques 245 
T1016
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 492 
T1105
Details Url 4 
https://gitlab.com/citrixchat-project/citrixproject
Details Url 4 
https://ipinfo.io/ip
Details Url 1 
http://193.233.134.57/manager/legit
Details Url 1 
http://193.233.134.57/manager/payload
Details Url 1 
http://193.233.134.57/manager/hvnc
Details Url 1 
http://193.233.134.57/register