Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 36c6b94f-dfbc-433f-9618-fc4db8f3726a |
| Fingerprint | c652bd0413c2541 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 22, 2023, midnight |
| Added to db | Oct. 15, 2024, 3:37 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing |
| Title | Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing |
| Detected Hints/Tags/Attributes | 84/2/70 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 14 | iplogger.com |
|
| Details | Domain | 2 | sito-company.com |
|
| Details | Domain | 2 | complete-s.monster |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 3 | colab.research.google.com |
|
| Details | File | 674 | node.js |
|
| Details | File | 2 | 0_download.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 2 | sutilauncher.exe |
|
| Details | File | 2 | sutilauncher.dll |
|
| Details | File | 8 | tool.exe |
|
| Details | File | 3 | upd.php |
|
| Details | File | 11 | app.html |
|
| Details | File | 25 | config.js |
|
| Details | File | 6 | ico.png |
|
| Details | File | 86 | manifest.json |
|
| Details | File | 26 | 0.js |
|
| Details | File | 5 | rules.json |
|
| Details | File | 40 | background.js |
|
| Details | File | 74 | main.js |
|
| Details | File | 2 | clipper.js |
|
| Details | File | 5 | commands.js |
|
| Details | File | 3 | csp.js |
|
| Details | File | 4 | domain.js |
|
| Details | File | 4 | exchangesettings.js |
|
| Details | File | 3 | extensions.js |
|
| Details | File | 4 | getmachineinfo.js |
|
| Details | File | 4 | injections.js |
|
| Details | File | 3 | notifications.js |
|
| Details | File | 8 | proxy.js |
|
| Details | File | 4 | screenshot.js |
|
| Details | File | 3 | screenshotrules.js |
|
| Details | File | 8 | settings.js |
|
| Details | File | 3 | tabs.js |
|
| Details | File | 11 | utils.js |
|
| Details | File | 5 | gmail.js |
|
| Details | File | 4 | svchost.bat |
|
| Details | File | 2 | c:\programdata\dntexception\node.exe |
|
| Details | File | 2 | fnichvxlmq.exe |
|
| Details | File | 2 | lgjnbyhdmf.dat |
|
| Details | File | 27 | attrib.exe |
|
| Details | File | 2 | c:\programdata\dntexception attrib.exe |
|
| Details | File | 14 | cacls.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 2 | c:\ icacls.exe |
|
| Details | File | 37 | icacls.exe |
|
| Details | File | 51 | ipconfig.exe |
|
| Details | File | 46 | netstat.exe |
|
| Details | File | 27 | node.exe |
|
| Details | File | 165 | reg.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 11 | route.exe |
|
| Details | File | 61 | systeminfo.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 11 | svchost.dll |
|
| Details | File | 4 | font.exe |
|
| Details | File | 96 | rar.exe |
|
| Details | sha1 | 2 | 3364dd410527f6fc2c2615aa906454116462bf96 |
|
| Details | sha1 | 2 | 506accb774d2a2be4b0ee3bdd3c549f09684ab9b |
|
| Details | sha1 | 2 | e3887b1eddbdd9d4e5b042a85909b69919204570 |
|
| Details | sha1 | 2 | 6817df1da376e8f6e68fd1ad06d78f02406b6e19 |
|
| Details | sha1 | 1 | 43f11d6ec961fc82cf53e4eca97c429285026f3e |
|
| Details | IPv4 | 2 | 91.212.166.16 |
|
| Details | IPv4 | 2 | 91.103.252.74 |
|
| Details | Url | 2 | https://iplogger.com/1upsk4 |
|
| Details | Url | 2 | https://sito-company.com/launcher/auth?login={login}&pass={pass} |
|
| Details | Url | 2 | https://complete-s.monster/upd.php |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 7 | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User |
|
| Details | Windows Registry Key | 3 | HKLM\SYSTEM\ControlSet001\Control\Class |