ioc[.]one - OSINT Cyber Threat Intelligence Database

The Abuse of ITarian RMM by Dolphin Loader – RussianPanda Research Blog

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dll Side-Loading - T1574.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Dll Side-Loading - T1073 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	3a0a38f2-18da-4766-a474-f4af57359199
Fingerprint	24789910252fa3c0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 16, 2024, 4:01 a.m.
Added to db	Aug. 31, 2024, 8:07 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Dolphin Loader
Title	The Abuse of ITarian RMM by Dolphin Loader – RussianPanda Research Blog
Detected Hints/Tags/Attributes	54/2/48

Source URLs

	Redirection	Url
Details	Source	https://russianpanda.com/The-Abuse-of-ITarian-RMM-by-Dolphin-Loader
Details	Redirection	https://russianpanda95.github.io/The-Abuse-of-ITarian-RMM-by-Dolphin-Loader

URL Provider

Details	Provider	Source level domain
Details	github.io	russianpanda95.github.io
Details	russianpanda.com	russianpanda.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	219	✔	RussianPanda Research Blog	https://russianpanda.com/feed.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	richardmilliestpe.itsm-us1.comodo.com
Details	Domain	1	zeus14-msp.itsm-us1.comodo.com
Details	Domain	1	comodozeropoint.com
Details	Domain	1	salome.zip
Details	Domain	1	core.zip
Details	Domain	1	updater.py
Details	Domain	4	quialitsuzoxm.shop
Details	Domain	4	complaintsipzzx.shop
Details	Domain	4	mennyudosirso.shop
Details	Domain	1	pieddfreedinsu.shop
Details	Domain	4	languagedscie.shop
Details	Domain	4	bassizcellskz.shop
Details	Domain	1	itstrq.itsm-us1.comodo.com
Details	Domain	4	unprotect.it
Details	Domain	75	tria.ge
Details	File	1	token.ini
Details	File	1	rmmservice.log
Details	File	1	salome.zip
Details	File	2	core.zip
Details	File	1	updater.py
Details	File	1	autocrypt.ini
Details	File	103	regasm.exe
Details	File	149	msbuild.exe
Details	File	17	microsoftedgeupdate.exe
Details	File	1	updatecore.exe
Details	File	1	aunteficator_em_bhdaose8_installer_win7-win11_x86_x64.msi
Details	File	1	em_kia5wea1_installer_win7-win11_x86_x64.msi
Details	File	1	em_8azu2ahn_installer_win7-win11_x86_x64.msi
Details	File	1	malvertising-campaign-fake-ai-editor-website-credential-theft.html
Details	md5	1	a2b4081e6ac9d7ff9e892494c58d6be1
Details	md5	1	f740670bd608f6a564366606e0bba8da
Details	md5	1	a295cf96ebabdfa1d30424e72ed6d4df
Details	md5	1	5b295738eaf3c6aa623e2699f6d79e3a
Details	md5	1	a504ca75b88e18b18509cb44acb27631
Details	md5	1	8259de1408aae0f9ddeb85b2f47cfa30
Details	md5	1	91584a4b3f28029ecdfb9f04e3cc801f
Details	md5	1	f227b281d745d53fcb06fe2bf7de7d26
Details	md5	1	a674a4ac02d85b5b208f17a5b5655c30
Details	md5	1	d01de188808d566745d1ce888b431910
Details	md5	1	0f8f5de30b3560e08fcbfdb8e740748d
Details	IPv4	2	95.217.44.124
Details	IPv4	1	45.141.87.55
Details	Url	1	https://houseofgoodtones.org/richardmilliestpe/aunteficator_em_bhdaose8_installer_win7-win11_x86_x64.msi
Details	Url	1	https://unprotect.it/technique/easycrypter
Details	Url	1	https://www.trendmicro.com/en_id/research/24/h/malvertising-campaign-fake-ai-editor-website-credential-theft.html
Details	Url	1	https://tria.ge/240812-sd558s1apb/behavioral1
Details	Url	1	https://tria.ge/240811-s15g8awalq/behavioral3
Details	Url	1	https://tria.ge/240624-drrsfazalp/behavioral2