ioc[.]one - OSINT Cyber Threat Intelligence Database

Malvertising in Google search results delivering stealers

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Search Engines - T1593.002 Software - T1592.002 Tool - T1588.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	303b43cc-1194-455f-a6cc-9272cf88f5cd
Fingerprint	8d4919bb81342711
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 9, 2023, 10 a.m.
Added to db	March 9, 2023, 11:53 a.m.
Last updated	Nov. 18, 2024, 1:24 p.m.
Headline	Malvertising through search engines
Title	Malvertising in Google search results delivering stealers
Detected Hints/Tags/Attributes	45/2/17

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/malvertising-through-search-engines/108996/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		1-windows-x64.zip
Details	Domain	2		blender3d-software.net
Details	Domain	2		blender3d-software.org
Details	Domain	2		afterburner-software.org
Details	Domain	2		tradingviews-software.org
Details	Domain	2		unity-download.com
Details	Domain	2		blahder3dsoft.store
Details	File	3		1-windows-x64.zip
Details	File	2130		cmd.exe
Details	File	1212		powershell.exe
Details	File	40		aspnet_compiler.exe
Details	md5	2		E0BDF36E4A7CF1B332DC42FD8914BA8B
Details	md5	2		BBA8AA93FCDDA5AC7663E90C0EEFA2E7
Details	IPv4	6		45.93.201.114
Details	IPv4	2		91.229.23.200
Details	Url	2		http://45.93.201.114/docs/[randomchars].txt
Details	Url	2		https://blahder3dsoft.store/blender.rar