Malicious Campaign Targets Latin America: The seller, The operator and a curious link
Tags
country: Argentina Brazil Chile Laos Portugal
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Process Hollowing - T1055.012 Social Media - T1593.001 Software - T1592.002 Visual Basic - T1059.005 Whois - T1596.002 Powershell - T1086 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID 41215e21-c029-453c-ace4-ad94181d6f8f
Fingerprint a521181badbd8763
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 19, 2021, 7:58 a.m.
Added to db Sept. 11, 2022, 12:47 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Vulnerability Information
Title Malicious Campaign Targets Latin America: The seller, The operator and a curious link
Detected Hints/Tags/Attributes 103/3/293
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 140 
archive.org
Details Domain 1 
updatewin32.xyz
Details Domain 2 
vbnet.pe
Details Domain 285 
microsoft.net
Details Domain 904 
snort.org
Details Domain 1 
www.diamantesviagens.com.br
Details Domain 1 
elmerfloyd.com
Details Domain 1 
acscompany.com.br
Details Domain 1 
celulosa-corp.com
Details Domain 1 
bestbue-sec.com
Details Domain 1 
wh890850.ispot.cc
Details Domain 2 
googleservice64.ddns.net
Details Domain 1 
potenzax63.linkpc.net
Details Domain 41 
ddns.net
Details Domain 1 
cdtpitbull.hopto.org
Details Domain 1 
aliveafterguard.tech
Details Domain 1 
111234.ddns.net
Details Domain 1 
cdt2021.hopto.org
Details Domain 1 
micomico.ddns.net
Details Domain 1 
edc.com.ly
Details Domain 2 
111234cdt.ddns.net
Details Domain 194 
drive.google.com
Details File 2 
documento.doc
Details File 1 
envio.rar
Details File 312 
calc.exe
Details File 1 
aquitalimpo.xml
Details File 1 
comments.xml
Details File 1 
msi.ps1
Details File 1 
c:\ add-mppreference -exclusionprocess powershell.exe
Details File 376 
wscript.exe
Details File 40 
aspnet_compiler.exe
Details File 1 
alosh-rat.vbs
Details File 20 
3.txt
Details File 88 
1.txt
Details File 35 
2.txt
Details File 29 
1.doc
Details File 3 
10.doc
Details File 1 
11.doc
Details File 4 
12.doc
Details File 3 
13.doc
Details File 3 
14.doc
Details File 3 
15.doc
Details File 2 
16.doc
Details File 7 
2.doc
Details File 6 
3.doc
Details File 1 
4.doc
Details File 4 
5.doc
Details File 1 
6.doc
Details File 1 
7.doc
Details File 1 
8.doc
Details File 3 
9.doc
Details File 1 
msgbox.txt
Details File 6 
msg.txt
Details File 1 
chile.mp3
Details File 1 
injext.mp3
Details File 1 
kilabword.mp3
Details File 1 
oms3.txt
Details File 1 
async3.txt
Details File 10 
4.txt
Details File 1 
33.txt
Details File 1 
3async.txt
Details File 1 
chile3.txt
Details File 1 
n3.txt
Details File 1 
vvpost2.txt
Details File 5 
test.ps1
Details File 5 
run.ps1
Details File 1 
vb.txt
Details File 1 
oms1.txt
Details File 1 
async2.txt
Details File 1 
async1.txt
Details File 1 
22.txt
Details File 4 
11.txt
Details File 1 
1async.txt
Details File 1 
2async.txt
Details File 1 
chile2.txt
Details File 1 
chile1.txt
Details File 1 
terca.jpg
Details File 3 
runpe.jpg
Details File 1 
scanner.jpg
Details File 1 
sexta.jpg
Details File 1 
rei2.jpg
Details File 1 
qap.jpg
Details File 1 
tv.jpg
Details File 1 
fd.jpg
Details File 1 
n2.txt
Details File 1 
n1.txt
Details File 1 
firasziggsnew1.txt
Details File 1 
firasziggsnew.txt
Details File 1 
paste.mp3
Details File 1 
wp.txt
Details File 1 
dinjector.png
Details File 1 
oms2.txt
Details sha256 1 
56aa47ed75e94dad361eacb1b5bc40044ae34e120d2cbd15105283c2c6727948
Details sha256 1 
ac88d9e338570b2b79c60970db289beeaf8aa39e3f44d412c5a9f5881b480c5c
Details sha256 1 
147a300e77514e4ed827c6e250f781fbf8d7f0360b5e5d995e0242a3e81a0075
Details sha256 1 
fa6a0108e64c04d4510afc3e54a367196bfb21dda3638971489b7705687aa65c
Details sha256 1 
72c90f13ae2ae87c374ffb5b2e2db003882fadc040155149231587750f5ddbc7
Details sha256 1 
bdc3fd3eee890e62d0a81d80ae73b64c56c111940c4aea6fc5c367203dcd5513
Details sha256 1 
eef5993a740d3420cbb18375600f40aafa098958be5a71c0105f12c7b9df1887
Details sha256 1 
61f1b9be329e3e6080f14c4af49acf641858157d3d94f7095ce64bbc1c6e7610
Details sha256 1 
f686254e7d47ad3bfa75a81ab7e0c7f97f786351fcf601ea8a001772e5c907d6
Details sha256 1 
e4d4cc7c45257ece991a5b93a713b78090aed990020d2c31fc5cf6f4bac99420
Details sha256 1 
e53ddc8d759efe84def8137b7ffb0e63740c1d24fb232d91028f4a7e4a01d4f1
Details sha256 1 
1c1975beb0ebd44f954ac7824c4f2687386dd1cda1e9b7133271537457fedc02
Details sha256 1 
73ac27b9c82d1ba56e9b632ab902220cffa20f33b5263c543c73b67b8e77219c
Details sha256 1 
f7bb7c7e066cea1a6874521cc8a5eef1714b758ae213b1b19026104c21ce01f1
Details sha256 1 
05f0bf4bbaf08e709c7dbcbfc40e562b714b590f9b9e8dd9dfe9fe550663642a
Details sha256 1 
b8fe3837f4a592788f5b9ca3b4f6bcd0515df4bbaeefdbf9f44b2ae214acb4b6
Details sha256 1 
a448a9b6e883cf9c3bb5beef9764d22685e69e2ec213c91ad5d5bbc120634c0b
Details sha256 1 
f1b7bd87ea04aa5162b4baa2f37ea061bb9bddf14485a4a548850a0b44b2aa75
Details sha256 1 
4b3d35a8df8a029f52e5ebc6ae981d427691c9d536dcef4178c4424bc046f57c
Details sha256 1 
a3abcf60dc3dcee74e9329ab48f71acfcd63653f2b47dd0846c38a208aac0d64
Details sha256 1 
07b5910e731c2f4bde25d9919703031d8ac73b6344d9c0abf2b39a7e9f8d3b4f
Details sha256 1 
fc40cc9e5547c3ea65850419c19c72af81073289e94421139166eaa228993126
Details sha256 1 
2f3b0ab840cdbfff6a0404f1049f9a6cee0184801f4554c4dec3165724be19bc
Details sha256 1 
ce733816ccb171af8e89f3a334bd00f82c63c20b02fa6345ba67d1bd6365addb
Details sha256 1 
7da245d4eeb382d2cb53de5c7bca042587887c7b52a2df784d58d843470e9c8e
Details sha256 1 
24ff6109c93174a7be6eaf11bb359394be235666241a6f1fd78581b18334ec5d
Details sha256 1 
e7abfae672aad5700fd71c9117b727f90b0de271f5232995d261324d708fb2cc
Details sha256 1 
7442306336019d939e92c7c0a2562be2198872bd7a7a12cbed29a1cdd2d11948
Details sha256 1 
f927ac2182f2a5b8d0da62608c9565ef856534051996c6a3c61f426df4d6f272
Details sha256 1 
038384b895edc2a8ff3090d3a13261871562eb6caab74b9101d416be7bfae139
Details sha256 1 
ff93194ce80707a9f4e8ea4f2e63f8b3a48691ae3ae6cb2867a8c14301683b22
Details sha256 1 
fc78f0ca8c0a89722c66c029df32a2a8f3b07079d9afab57138a50032deb86d3
Details sha256 1 
c2577967641d4c528da21e257ddf399542cb5353b8f717e0cec1200ed8b04389
Details sha256 1 
3d43ad8d86b3c38e68477238cb2cf53bf0c87da437f0fab6f224a04b38376a81
Details sha256 1 
cb94afd551f9cf0c607c85415ed62d51c8c52c098c759544052281a6b7037032
Details sha256 1 
2c47541dd62d14f5495b23b60b414e2f86cc7b9d27822b88f65e423e041b8645
Details sha256 1 
e4171f3de977b6748459975c555126cafc578faffefa7dc93b1e46dd5b6d08ba
Details sha256 1 
37cd7836f979bb993cb9c38da0c4edad72f70eeb876faf1b2e21660e4efb7f6d
Details sha256 1 
d4bcd6ff073ae1a032b43c46440a6e1a70f3d3450106e0cf65c69a299417de23
Details sha256 1 
84c7cbd4484c84fa0fa8daebdf3aa0dd7eb0edc5be0957f224dbfe552b07144e
Details sha256 1 
e2129853b08f99aa4de49ff396608af37dc03dda6efa1fae1f82c5c4e7ab7fcd
Details sha256 1 
486e4f7f5219e6fb03e01a0b488b87a2d85663937a7cd972871ee8ba175cd4f1
Details sha256 1 
a3643cb237606aaec04deff8246c539d3ccb72bfa0ce9c02a235c04d08b87909
Details sha256 1 
06e2db6aa09791067071c4082dba6863de879852e95e678dab267026d7005770
Details sha256 1 
cd1be7351b0175c83ce3f8a7cede5a4fbe39ef750bfa31c2b8707ad2e6217948
Details sha256 1 
e91de341151086d4381599bc0129709b5d67ca4a5ef4a8dc085839e7b903f701
Details sha256 1 
7f9b7d0a8b2d45728c729fcd8100726fd173ae089943349c5cc4162088cbf6e7
Details sha256 1 
4c6951ea6db1d70a6bb016ee2bff6473e83f5cc064699e53bd99ec68dc11c8ad
Details sha256 1 
f6860ba876f3a50faf37e5498c859d40ac4f3fe90c379245b35b74f84c28137a
Details sha256 1 
7be08b532949ac03c0861f63cdfe79395ee75d99ef040f1b921409338243b849
Details sha256 1 
0459d34b98ffd24f0b9ad063a36d62e6b699041c0eba211ddf6e7a25a063f0e3
Details sha256 1 
b56e6c2513a4f50e8d15bccbeb252ae087f34556c144578cd20b830bb3c69b45
Details sha256 1 
87183315cbf7b56aec5e47c658bce8890f04ce8355801d81d0ef93b90d6a3fff
Details sha256 1 
21170aca6f904d55c88e4809f28c844c2daa5ad0ebd96a2e479f28725fc417eb
Details sha256 1 
47b2d8028bf85302ed24bf9c145bbce184c756a6648d996085b9d0f93b1e50b5
Details sha256 1 
d4b2896b62990a75b9d5f858e575c039344a9fc9d219f7c25571f9c75c80b0b6
Details sha256 1 
60cd0888629e035c94a74ab6ba475e6a306a58eaf554dd5e35973d06401dcade
Details sha256 1 
46a571bee09c8b7284212a3e5f7054c6ffb3ccaafea93730253950279dff3363
Details sha256 1 
777ee27781b10eda1626b32433ed99dbcc969c4360734bbcc744789d38ef0cea
Details sha256 1 
7b701642379ec4270aaa6f436c969a60be516c5d48dc874a7a46114d7bc29edd
Details sha256 1 
edaab1e2458537d43981a1496c3eb7bd1d08876b42a36cebcbc538581c1f1bcc
Details sha256 1 
d1321dc8680d9ded1430b55eca3cd9fb8587eb4da27f522a87ec0fe9cbe08b42
Details sha256 1 
786c44c88fa9a51d69e1f110b47b0b6c33f504969f8e49de3835f0497f0ab8ea
Details sha256 1 
a25771c577fbbfb5cc28cdb598deb82192765e8bd376e78bc87909f62621b7a0
Details sha256 1 
d5f37a5630e46ef134e78b7d3828986afdfc33477f5b5776851b562ae8dc26b8
Details sha256 1 
9165b9f24866c71b77654ac1c7667d93c30bbc29905e9469eb7e48f08104720c
Details sha256 1 
91ccd22f96c1b407da7825ce155e6685765235aa6525c09f2f632429ce79512b
Details sha256 2 
90674a2a4c31a65afc7dc986bae5da45342e2d6a20159c01587a8e0494c87371
Details sha256 1 
82bd8e28f81160039e462330daee5190d7f474e76723aea057ddeadb201bc55c
Details sha256 1 
24332968eb4cc46982b807d76da02fd1ad36235f04bc1e4962924355c9828733
Details sha256 1 
e3e91d69f464752c243cd40661334291be12466aa3d9294b86b419dae1f17c7e
Details sha256 1 
418b71760c6de41ed293744610e252c7474decd221371ffa449411dde751be46
Details sha256 1 
dedb66e5c1313f5952cfa1b1280546c625d5b759cedb87e28950f1c18ef3caf7
Details sha256 1 
43175b875ea94a762963d8b15d84b8c1b0882fa850343a5ce75325fb63612519
Details sha256 1 
17506df03d616598708a6520f901b46bb1624a9f27dfc8a3875ce2c3f8c94fc2
Details sha256 1 
5a3bf8a7e4c103a834f08854a13e67ee4f176611be01bf27f3c7def0c988c768
Details sha256 1 
5df520408cef3d532d41136ed3a2ac24f7a18d060bcf85778aa157c938b6e2dd
Details sha256 1 
2a9edc18b10a532f7632d6b44f2610ca3a823c2b2be7a3fd3126b55af2c68ede
Details sha256 1 
a88857a647d4f0443d67c9d6b025abf76e16e05c0d1499eb2be67a10cd025745
Details sha256 1 
1b3d41d44659ff038cf8aafdc5ff021646771106d957783aecdff725158c216c
Details sha256 1 
991a6446da94bb297078bd1031019395b5ed58bd4a878df0cf8707448028b6ed
Details sha256 1 
a6007d0497b7b79206b7a32dd30ca1d7f4d36e5c548c34be44b7cbf35393e7e2
Details sha256 1 
e31247241e58720b205eeedd3184923641fea7f027245d6896e54ae5538b4f52
Details sha256 1 
806a9803d28f2cdbbe98c4b86865c64be25e2c85e043ae7d76ed04018fd7c8f0
Details sha256 1 
542a389b63f586e36063cc6dc72337955951013f1684386e1d2b325c0510daf7
Details sha256 1 
143f92ade0221b8104c0add0ecbf5f75c84840ec2b9ceb2b1a3317f99d98a863
Details sha256 1 
cd889b56855cffe94ba55d0f4ea6ef13a4ea03e115a49788b1f073098541c83d
Details sha256 1 
b725efa51eafa756f41c4dcd43d01e28c15e90caf19df5bd615fcae8c5b1a1f0
Details sha256 1 
9080f4537909efb164d08911e81e67def4939543605456357ea50f076291fd85
Details sha256 1 
00627edeb9ce2f53fa615e6670ee58415be60f9a04c483b788e0e7add2992aba
Details sha256 1 
7670bba115c1df8eab2509e0d4f53c90f8f8fd22e09a730c3d495d9c951a1f03
Details sha256 1 
624c271f9c06ab2300bb19b6555cf834d5c9a56cc3d0fa2b2fb916b63f73d416
Details sha256 1 
6acba6585f5ae7cae0f1dac3af605861ae1f79847d75c082949ab8d2949aeff3
Details sha256 1 
782af49032f0fffb21ff0f5c38d56e566f4a8b2e53f3a2e1986349cdde7f8e2e
Details sha256 1 
eb4616d6234927f1763fabe82d7f73f26980323af6411951f2db4e244ef29654
Details sha256 1 
0cf9e86a1db39f106933ed31fc94cd318fab33d5f000e1fce80b2e5827a1adfc
Details sha256 1 
b9520bacbd60af9792b105232d453b8b7e4e6b0b1e9e505fb50435d46c97b6e7
Details sha256 1 
839703f5db34e54afdd9a691516cd986bcbecd9856f202d26ca312d9214487d0
Details Url 1 
http://updatewin32.xyz/office365/1.doc
Details Url 1 
http://updatewin32.xyz/office365/10.doc
Details Url 1 
http://updatewin32.xyz/office365/11.doc
Details Url 1 
http://updatewin32.xyz/office365/12.doc
Details Url 1 
http://updatewin32.xyz/office365/13.doc
Details Url 1 
http://updatewin32.xyz/office365/14.doc
Details Url 1 
http://updatewin32.xyz/office365/15.doc
Details Url 1 
http://updatewin32.xyz/office365/16.doc
Details Url 1 
http://updatewin32.xyz/office365/2.doc
Details Url 1 
http://updatewin32.xyz/office365/3.doc
Details Url 1 
http://updatewin32.xyz/office365/4.doc
Details Url 1 
http://updatewin32.xyz/office365/5.doc
Details Url 1 
http://updatewin32.xyz/office365/6.doc
Details Url 1 
http://updatewin32.xyz/office365/7.doc
Details Url 1 
http://updatewin32.xyz/office365/8.doc
Details Url 1 
http://updatewin32.xyz/office365/9.doc
Details Url 1 
https://updatewin32.xyz/async/msgbox.txt
Details Url 1 
http://updatewin32.xyz/office365/msg.txt
Details Url 1 
http://updatewin32.xyz/office365/chile.mp3
Details Url 1 
https://www.diamantesviagens.com.br/terca.hta
Details Url 1 
https://www.diamantesviagens.com.br
Details Url 1 
https://www.diamantesviagens.com.br/clean.hta
Details Url 1 
https://www.diamantesviagens.com.br/scanner.hta
Details Url 1 
https://www.diamantesviagens.com.br/sexta.hta
Details Url 1 
https://www.diamantesviagens.com.br/rei2.hta
Details Url 1 
https://www.diamantesviagens.com.br/qpq.hta
Details Url 1 
https://www.diamantesviagens.com.br/tv.hta
Details Url 1 
https://www.diamantesviagens.com.br/fd.hta
Details Url 1 
http://updatewin32.xyz/injext.mp3
Details Url 1 
http://updatewin32.xyz/kilabword.mp3
Details Url 1 
https://updatewin32.xyz/async/oms3.txt
Details Url 1 
https://updatewin32.xyz/async/async3.txt
Details Url 1 
https://elmerfloyd.com/wp/4.txt
Details Url 1 
https://acscompany.com.br/33.txt
Details Url 1 
https://celulosa-corp.com/3async.txt
Details Url 1 
http://updatewin32.xyz/office365/chile3.txt
Details Url 1 
http://updatewin32.xyz/n3.txt
Details Url 1 
https://bestbue-sec.com/vvpost2.txt
Details Url 1 
http://wh890850.ispot.cc/~invoixec/kill/test.ps1
Details Url 1 
http://wh890850.ispot.cc/~invoixec/kill/run.ps1
Details Url 1 
http://wh890850.ispot.cc/~invoixec/kill/vb.txt
Details Url 1 
https://updatewin32.xyz/async/oms1.txt
Details Url 1 
https://updatewin32.xyz/async/async2.txt
Details Url 1 
https://updatewin32.xyz/async/async1.txt
Details Url 1 
http://updatewin32.xyz/2.txt
Details Url 1 
http://updatewin32.xyz/1.txt
Details Url 1 
https://acscompany.com.br/22.txt
Details Url 1 
https://acscompany.com.br/11.txt
Details Url 1 
https://elmerfloyd.com/wp/1.txt
Details Url 1 
https://elmerfloyd.com/wp/2.txt
Details Url 1 
https://elmerfloyd.com/wp/3.txt
Details Url 1 
https://celulosa-corp.com/1async.txt
Details Url 1 
https://celulosa-corp.com/2async.txt
Details Url 1 
https://updatewin32.xyz/office365/chile2.txt
Details Url 1 
https://updatewin32.xyz/office365/chile1.txt
Details Url 1 
https://www.diamantesviagens.com.br/terca.jpg
Details Url 1 
https://www.diamantesviagens.com.br/runpe.jpg
Details Url 1 
https://www.diamantesviagens.com.br/scanner.jpg
Details Url 1 
https://www.diamantesviagens.com.br/sexta.jpg
Details Url 1 
https://www.diamantesviagens.com.br/rei2.jpg
Details Url 1 
https://www.diamantesviagens.com.br/qap.jpg
Details Url 1 
https://www.diamantesviagens.com.br/tv.jpg
Details Url 1 
https://www.diamantesviagens.com.br/fd.jpg
Details Url 1 
http://updatewin32.xyz/n2.txt
Details Url 1 
http://updatewin32.xyz/n1.txt
Details Url 1 
https://archive.org/download/firasziggsnew1/firasziggsnew1.txt
Details Url 1 
https://archive.org/details/firasziggsnew
Details Url 1 
https://archive.org/details/firasziggsnew/firasziggsnew.txt
Details Url 1 
https://archive.org/details/startilyasasync
Details Url 1 
https://archive.org/details/4ilyasasync
Details Url 1 
https://archive.org/details/3ilyasasync
Details Url 1 
https://archive.org/details/2ilyasasync
Details Url 1 
https://archive.org/details/1ilyasasync
Details Url 1 
https://archive.org/details/4ilyas-normal
Details Url 1 
https://archive.org/details/3ilyas-normal
Details Url 1 
https://archive.org/details/2ilyas-normal
Details Url 1 
https://archive.org/details/1ilyas-normal
Details Url 1 
https://archive.org/details/4ilyascartgpu.
Details Url 1 
https://archive.org/details/3ilyascartgpu.
Details Url 1 
https://archive.org/details/2ilyascartgpu.
Details Url 1 
https://archive.org/details/1ilyascartgpu
Details Url 1 
https://archive.org/details/4ilyas
Details Url 1 
https://archive.org/details/3ilyas
Details Url 1 
https://archive.org/details/2ilyas
Details Url 1 
https://archive.org/details/1ilyas
Details Url 1 
https://archive.org/details/startupbasg
Details Url 1 
https://archive.org/details/encodingbash
Details Url 1 
https://archive.org/details/encoding-voice
Details Url 1 
https://archive.org/details/1-voice
Details Url 1 
https://archive.org/details/2jack-voice
Details Url 1 
https://archive.org/details/encodingh-2firas
Details Url 1 
https://archive.org/details/allbash
Details Url 1 
https://archive.org/details/startbash
Details Url 1 
https://archive.org/details/serverbash
Details Url 1 
https://archive.org/details/startupvoice
Details Url 1 
https://archive.org/details
Details Url 1 
https://updatewin32.xyz/async/paste.mp3
Details Url 1 
http://updatewin32.xyz/3.txt
Details Url 1 
http://edc.com.ly/index/wp.txt
Details Url 1 
http://wh890850.ispot.cc/~invoixec/kill/dinjector.png
Details Url 1 
https://updatewin32.xyz/async/oms2.txt
Details Url 1 
https://drive.google.com/u/1/uc?id=1cu
Details Url 1 
https://archive.org/details/firasziggsnew1