ioc[.]one - OSINT Cyber Threat Intelligence Database

COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report - Stay updated with the latest cybersecurity news.

Tags

country:	Russia
attack-pattern:	Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	2d8448c2-9c6c-4903-bb5f-18addfb678f4
Fingerprint	a5ac095d0db51691
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 9, 2020, midnight
Added to db	Jan. 18, 2023, 8:48 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report
Title	COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report - Stay updated with the latest cybersecurity news.
Detected Hints/Tags/Attributes	64/2/102

Source URLs

	Redirection	Url
Details	Source	https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/

URL Provider

Details	Provider	Source level domain
Details	reasonsecurity.com	blog.reasonsecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	4	corona-virus-map.com
Details	Domain	3	coronavirusstatus.space
Details	Domain	145	api.telegram.org
Details	Domain	14	ipapi.co
Details	Domain	1	gisanddata.maps.arcgis.com
Details	Domain	1	js.arcgis.com
Details	Domain	2	reasonsecurity.com
Details	Email	1	shai@reasonsecurity.com
Details	File	23	com.exe
Details	File	1	%username%\appdata\local\temp\aut9bda.tmp
Details	File	1	%username%\appdata\local\temp\aut9dfe.tmp
Details	File	2	corona.exe
Details	File	1	%username%\appdata\local\temp\auta83e.tmp
Details	File	1	%username%\appdata\local\temp\autaab0.tmp
Details	File	16	bin.exe
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-console-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-datetime-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-debug-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-file-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-file-l1-2-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-file-l2-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-handle-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-heap-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-localization-l1-2-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-memory-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-profile-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-string-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-synch-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-synch-l1-2-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-timezone-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-core-util-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-conio-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-convert-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-environment-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-heap-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-locale-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-math-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-private-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-process-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-string-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-time-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-c bin.exe
Details	File	1	%username%\appdata\local\temp\2fda\api-ms-win-crt-utility-l1-1-0.dll
Details	File	1	%username%\appdata\local\temp\2fda\freebl3.dll
Details	File	1	%username%\appdata\local\temp\2fda\mozglue.dll
Details	File	1	%username%\appdata\local\temp\2fda\msvcp140.dll
Details	File	1	%username%\appdata\local\temp\2fda\nss3.dll
Details	File	1	%username%\appdata\local\temp\2fda\nssdbm3.dll
Details	File	1	%username%\appdata\local\temp\2fda\softokn3.dll
Details	File	1	%username%\appdata\local\temp\2fda\ucrtbase.dll
Details	File	1	%username%\appdata\local\temp\2fda\vcruntime140.dll
Details	File	22	build.exe
Details	File	2	fontgroups.exe
Details	File	1	%username%\appdata\local\temp\autb628.tmp
Details	File	1	fontgroups.sql
Details	File	11	module.dll
Details	File	45	information.txt
Details	File	1	%username%\appdata\local\temp\autcc51.tmp
Details	File	6	module.exe
Details	File	1	enu_64b5614d0f4b35423983.7z
Details	File	2126	cmd.exe
Details	File	1206	index.php
Details	File	1	coronamap.exe
Details	File	1	corona.bat
Details	File	16	sfx.exe
Details	File	8	timeout.exe
Details	File	71	nss3.dll
Details	File	2	passwordlist.txt
Details	File	2	scr.jpg
Details	File	29	ip.txt
Details	File	13	taskschd.dll
Details	File	27	attrib.exe
Details	sha256	2	2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307
Details	sha256	1	0b3e7faa3ad28853bb2b2ef188b310a67663a96544076cd71c32ac088f9af74d
Details	sha256	1	13c0165703482dd521e1c1185838a6a12ed5e980e7951a130444cf2feed1102e
Details	sha256	1	fda64c0ac9be3d10c28035d12ac0f63d85bb0733e78fe634a51474c83d0a0df8
Details	sha256	1	126569286f8a4caeeaba372c0bdba93a9b0639beaad9c250b8223f8ecc1e8040
Details	sha256	1	203c7e843936469ecf0f5dec989d690b0c770f803e46062ad0a9885a1105a2b8
Details	IPv4	1	104.24.103.192
Details	IPv4	11	149.154.167.220
Details	IPv4	1	104.26.9.44
Details	IPv4	5	93.184.220.29
Details	IPv4	1	18.205.183.153
Details	IPv4	1	54.192.87.49
Details	Url	1	https://js.arcgis.com/3.31/dijit/form/_listbase.js
Details	Url	1	https://js.arcgis.com/3.31/dijit/form/mappedtextbox.js
Details	Url	1	http://coronavirusstatus.space/.
Details	Windows Registry Key	31	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	1	HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3887374624-1885671809-3229943349-1001\Device\HarddiskVoume4\Windows\SysWOW64\cmd.exe
Details	Windows Registry Key	3	HKCU\Software\Classes\Local