Rewterz Threat Advisory – GhostDNS campaign: Trusted binaries abused, DLL Hijacking and Code Injection - Rewterz
Tags
| cmtmf-attack-pattern: | Code Injection |
| country: | Brazil Portugal |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Code Injection - T1540 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 3a417a19-9b12-426a-8b48-f03e06f69ad0 |
| Fingerprint | c50428d52f2d5741 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 22, 2018, 5:22 p.m. |
| Added to db | Dec. 19, 2024, 3:52 a.m. |
| Last updated | Dec. 25, 2024, 4:23 p.m. |
| Headline | Rewterz Threat Advisory – GhostDNS campaign: Trusted binaries abused, DLL Hijacking and Code Injection |
| Title | Rewterz Threat Advisory – GhostDNS campaign: Trusted binaries abused, DLL Hijacking and Code Injection - Rewterz |
| Detected Hints/Tags/Attributes | 26/4/62 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 5 | cve-2018-10933 |
|
| Details | CVE | 3 | cve-2018-3253 |
|
| Details | CVE | 437 | cve-2017-11882 |
|
| Details | Domain | 3 | cl.ly |
|
| Details | Domain | 2 | flashplayers2018.com |
|
| Details | Domain | 2 | javadownloadbrasil.site |
|
| Details | Domain | 2 | musicalad.com.br |
|
| Details | Domain | 2 | nfmicrosoft.com |
|
| Details | Domain | 2 | netframework2018-microsoft.com |
|
| Details | Domain | 3 | corretorandremendes.com.br |
|
| Details | Domain | 2 | open.zip |
|
| Details | Domain | 4 | ss2.us |
|
| Details | Domain | 2 | new10.zip |
|
| Details | Domain | 2 | supgmx.egnyte.com |
|
| Details | Domain | 87 | rewterz.com |
|
| Details | 54 | soc@rewterz.com |
||
| Details | File | 1315 | index.php |
|
| Details | File | 3 | ponto.php |
|
| Details | File | 2 | open.zip |
|
| Details | File | 2 | webflash_iess.doc |
|
| Details | File | 2 | x.cer |
|
| Details | File | 2 | flatrom.jpg |
|
| Details | File | 2 | newpepe.png |
|
| Details | File | 2 | xalita.jpg |
|
| Details | File | 2 | paulo.jpg |
|
| Details | File | 2 | testepepeu.jpg |
|
| Details | File | 2 | new10.zip |
|
| Details | sha1 | 2 | e0247073e68070413235a8aa92008de2970e1bf0 |
|
| Details | sha1 | 2 | 9b6016d9523de39bf2e5f854549ced9a3f35be85 |
|
| Details | sha1 | 2 | 4f66783ace879e221c0db62a92c21ffe587f7b3b |
|
| Details | sha1 | 2 | 5c1ad7c4cd06316172e4aa579c9eb9159c72dbaa |
|
| Details | sha1 | 2 | 08359247b1f9069aa07f015921035f362185d665 |
|
| Details | sha1 | 3 | 87358cc245fdf172ec532c2b1c729e1a6f9cb18e |
|
| Details | sha1 | 2 | 9422fafbc54983efb10a75a18f039a149f3c1cb2 |
|
| Details | sha1 | 2 | 8e12ff6cfc217d5c9a6d1a7487634e50abeb672e |
|
| Details | sha1 | 2 | 75a29fec62a95b4c820454cd82ddf70742a67602 |
|
| Details | sha1 | 2 | 0ea42e64f4c8653d865eea79eb3b37b81206cac1 |
|
| Details | sha1 | 2 | 934bf6e81040089253c209a6b4286a235c240473 |
|
| Details | sha1 | 2 | 7c5f9c7541fe56fa11703156086d9f9d9c735800 |
|
| Details | sha1 | 2 | bbc8628f92209364c79ec38284dc772b81100bd7 |
|
| Details | sha1 | 2 | 2203714d747145f9363a6f0de0d5e7f2fea792aa |
|
| Details | sha1 | 2 | 222d89261cb18d5eb26ac84041bfa0e1b399a2d5 |
|
| Details | sha1 | 2 | b77dd8a56f480f052e262abf9fb856e8b9f8757d |
|
| Details | sha1 | 2 | 363e4734f757bdeb89868efe94907774a327695e |
|
| Details | IPv4 | 2 | 185.135.9.102 |
|
| Details | IPv4 | 2 | 198.50.138.133 |
|
| Details | IPv4 | 2 | 198.50.138.131 |
|
| Details | Url | 2 | http://185.135.9.102/suspiro/index.php |
|
| Details | Url | 2 | http://198.50.138.133/latex/index.php |
|
| Details | Url | 2 | http://198.50.138.131/hilton/index.php |
|
| Details | Url | 3 | http://corretorandremendes.com.br/images/conta/ponto.php |
|
| Details | Url | 2 | http://f.cl.ly/items/1k3w1b0g0a3p0o41220g/open.zip |
|
| Details | Url | 2 | http://flashplayers2018.com/webflash_iess.doc |
|
| Details | Url | 2 | http://x.ss2.us/x.cer |
|
| Details | Url | 2 | https://cl.ly/390j3n40002a/download/new10.zip |
|
| Details | Url | 2 | https://cl.ly/0a5f7eb35382/download/flatrom.jpg |
|
| Details | Url | 2 | https://cl.ly/0b2e2g2c3y2l/download/newpepe.png |
|
| Details | Url | 2 | https://cl.ly/694965a97454/download/xalita.jpg |
|
| Details | Url | 2 | https://cl.ly/8a89ef6803d6/download/paulo.jpg |
|
| Details | Url | 2 | https://cl.ly/f6f5fac35d25/download/testepepeu.jpg |
|
| Details | Url | 2 | https://s3.amazonaws.com/f.cl.ly/items/2y1a3w3i3k12242b0r36/new10.zip?awsaccesskeyid=akiajefuzrcwslb2qa5q&expires=1531388058&signature=vdxq29gfo |
|
| Details | Url | 2 | https://supgmx.egnyte.com/dd/pplfr0onre |