Cinoshi Project and the Dark Side of Free MaaS
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Obfuscated Files Or Information Scheduled Task/Job
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Software Discovery - T1418 Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Credentials From Password Stores - T1555 Exfiltration Over Web Service - T1567 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task/Job - T1603 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Software - T1592.002 Software Discovery - T1518 Steal Application Access Token - T1528 Steal Application Access Token - T1635 Steal Web Session Cookie - T1539 System Checks - T1633.001 System Checks - T1497.001 System Location Discovery - T1614 Virtualization/Sandbox Evasion - T1497 Unsecured Credentials - T1552 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Browser Extensions - T1176 Exfiltration Over Command And Control Channel - T1041 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Scheduled Task - T1053 Screen Capture - T1113 System Service Discovery - T1007 System Time Discovery - T1124 User Execution - T1204 Screen Capture Service Stop User Execution
Show in Graph
Common Information
Type Value
UUID 43bb5c6a-2c5b-40ed-8109-12bda734d808
Fingerprint 1ea839b121b3bea1
Analysis status DONE
Considered CTI value 2
Text language
Published March 23, 2023, midnight
Added to db Oct. 24, 2023, 1:26 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Cinoshi Project and the Dark Side of Free MaaS
Title Cinoshi Project and the Dark Side of Free MaaS
Detected Hints/Tags/Attributes 116/3/68
Source URLs
Redirection Url
Details Redirection https://blog.cyble.com/2023/03/23/cinoshi-project-and-the-dark-side-of-free-maas/
Details Source https://cyble.com/blog/cinoshi-project-and-the-dark-side-of-free-maas/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
Details cyble.com blog.cyble.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 30 https://blog.cyble.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
tryno.ru
Details Domain 2 
anaida.evisyn.lol
Details Domain 6 
ionic.zip
Details Domain 34 
system.data
Details Domain 1 
arch666.zip
Details Domain 3 
ipwho.is
Details File 5 
ionic.zip
Details File 3 
entityframework.dll
Details File 3 
entityframework.sql
Details File 5 
server.dll
Details File 51 
system.dat
Details File 24 
a.sql
Details File 7 
ite.dll
Details File 2 
ef6.dll
Details File 7 
linq.dll
Details File 25 
interop.dll
Details File 1 
arch666.zip
Details File 271 
chrome.exe
Details File 1 
getwallet.php
Details File 52 
updater.exe
Details File 1208 
powershell.exe
Details md5 2 
1798e35f14a67741f3425ba67373667d
Details md5 2 
40a85e9ac222d66a0f5cf526868ef2a9
Details md5 2 
29f3e408da86aafe535e179767fb2345
Details sha1 2 
b929ed50142b9b43fb85c5b1ddb87ec00ca09f24
Details sha1 2 
b4553412217971d814650995ce9d98c78660fdab
Details sha1 2 
783303902cafad79efc585fd25705853b4150338
Details sha256 1 
e3aafd9f478b82cbb53ec020cdc2e00e0c4de60a7f66a1166e54ab75b6a9e8c3
Details sha256 1 
cf1705c39dc3dbf65856ac6f5462027d9a290ab2d38da08f76aabd684b8a9944
Details sha256 1 
9b7d799895932d8359d7eb5da378b67a481331fa1a912075339d972496d122d6
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 207 
T1547
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 97 
T1497.001
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 172 
T1555
Details MITRE ATT&CK Techniques 99 
T1539
Details MITRE ATT&CK Techniques 113 
T1552
Details MITRE ATT&CK Techniques 40 
T1528
Details MITRE ATT&CK Techniques 219 
T1113
Details MITRE ATT&CK Techniques 179 
T1087
Details MITRE ATT&CK Techniques 185 
T1518
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 86 
T1124
Details MITRE ATT&CK Techniques 100 
T1007
Details MITRE ATT&CK Techniques 50 
T1614
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 126 
T1567
Details MITRE ATT&CK Techniques 197 
T1489
Details Url 2 
https://tryno.ru/robots
Details Url 2 
https://anaida.evisyn.lol
Details Url 1 
https://ipwho.is/?output=xml
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=eth
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=xmr
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=xlm
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=xrp
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=ltc
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=1&wallet=nec
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=bch
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=dash
Details Url 1 
https://anaida.evisyn.lol/getwallet.php?id=&wallet=steam
Details Url 1 
https://anaida.evisyn.lol/collector.exe
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\bits
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Services\dosvc