Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence
Tags
| cmtmf-attack-pattern: | Code Injection |
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Direct Code Injection - T1540 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Remote Access Software - T1663 Seo Poisoning - T1608.006 Software - T1592.002 Mshta - T1170 Remote Access Tools - T1219 |
Common Information
| Type | Value |
|---|---|
| UUID | 39a614ec-aca1-4c1c-acc2-851597575400 |
| Fingerprint | 9093df9b95f33a9 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 19, 2024, midnight |
| Added to db | Nov. 6, 2023, 8:05 p.m. |
| Last updated | Nov. 14, 2024, 2:04 p.m. |
| Headline | Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. |
| Title | Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence |
| Detected Hints/Tags/Attributes | 38/4/17 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 374 | ✔ | — | https://www.silentpush.com/blog?format=rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | anydesk-access.com |
|
| Details | Domain | 7 | anydesk.com |
|
| Details | Domain | 1 | golunki.com |
|
| Details | Domain | 1 | 4zuki.com |
|
| Details | Domain | 3 | reggy505.ru |
|
| Details | Domain | 5 | gameindikdowd.ru |
|
| Details | Domain | 5 | jhgfdlkjhaoiu.su |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 4 | silentpush.com |
|
| Details | Domain | 5 | iujdhsndjfks.ru |
|
| Details | File | 39 | anydesk.exe |
|
| Details | File | 36 | c:\windows\system32\mshta.exe |
|
| Details | md5 | 1 | f04469b9a67701e9da38b1d86a10546e |
|
| Details | sha256 | 1 | 61e2f9029baf7ce21d8de2eddea55405f20ed5db26ecbdaea42404ca28a08d7c |
|
| Details | IPv4 | 3 | 94.198.54.97 |
|
| Details | Windows Registry Key | 1 | HKCU\Software\AppDataLow\Software\Microsoft\CE576D4B-D57C-3028-CFE2-D96473361DD8\StopTest |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES |