ioc[.]one - OSINT Cyber Threat Intelligence Database

ZINC weaponizing open-source software - Microsoft Security Blog

Tags

country:	North Korea India
attack-pattern:	Data Credentials - T1589.001 Dll Search Order Hijacking - T1574.001 Domains - T1583.001 Domains - T1584.001 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Ssh - T1021.004 Vnc - T1021.005 Dll Search Order Hijacking - T1038 Remote Access Tools - T1219 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	44c88211-50e9-421e-913a-39cb2642ce96
Fingerprint	a4903919696d8495
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 29, 2022, 9 a.m.
Added to db	Sept. 29, 2022, 7 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	ZINC weaponizing open-source software
Title	ZINC weaponizing open-source software - Microsoft Security Blog
Detected Hints/Tags/Attributes	101/2/60

Source URLs

	Redirection	Url
Details	Source	https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	www.microsoft.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	olidhealth.com
Details	Domain	4	hurricanepub.com
Details	Domain	5	turnscor.com
Details	Domain	5	elite4print.com
Details	Domain	2	cats.runtimerec.com
Details	Domain	2	recruitment.raystechserv.com
Details	File	367	readme.txt
Details	File	55	putty.exe
Details	File	2	c:\programdata\colorui.dll
Details	File	6	c:\windows\system32\colorcpl.exe
Details	File	2	c:\programdata\colorcpl.exe
Details	File	2	colurui.dll
Details	File	2	%appdata%\mscoree.dll
Details	File	68	mscoree.dll
Details	File	2	%appdata%kitty%presentationhost.exe
Details	File	2	c:\programdata\cisco\fixmapi.exe
Details	File	8	mapistub.dll
Details	File	4	compat.php
Details	File	2	tightvnc.exe
Details	File	3	securepdf.exe
Details	File	208	setup.exe
Details	File	2	setup64.exe
Details	File	2	c:\colrctl\colorui.dll
Details	File	2	c:\colorctrl\colorcpl.exe
Details	File	12	colorui.dll
Details	File	2	c:\windows\system\credwiz.exe
Details	File	11	iexpress.exe
Details	File	4	support.asp
Details	File	2	amazon-kitty.exe
Details	File	2	amazon_it_assessment.iso
Details	File	2	it_assessment.iso
Details	File	2	amazon_assessment_test.iso
Details	File	2	c:\programdata\comms\colorui.dll
Details	File	2	%appdata%\kitty\mscoree.dll
Details	File	60	c:\windows\system32\schtasks.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	6	c:\programdata\packagecolor\colorcpl.exe
Details	File	4	pdfreader.exe
Details	File	21	include.php
Details	File	6	contacts.php
Details	File	2	dbconn.php
Details	File	2	barplotdashboard.obj
Details	File	2	ect.php
Details	File	2	kitty.exe
Details	File	14	presentationhost.exe
Details	File	16	colorcpl.exe
Details	md5	6	0CE1241A44557AA438F27BC6D4ACA246
Details	md5	2	C3A9B30B6A313F289297C9A36730DB6D
Details	sha256	3	1492fa04475b89484b5b0a02e6ba3e52544c264c294b57210404b96b65e63266
Details	sha256	3	aaad412aeb0f98c2c27bb817682f08673902a48b65213091534f96fe6f5494d9
Details	sha256	2	63cddab76e9d63e3cbea421b607342735d924e462c40f3917b1b5fbdf8d4a20d
Details	sha256	2	e1ecf0f7bd90553baaa83dcdc177e1d2b20d6ee5520f5d9b44cdf59389432b10
Details	sha256	2	c5a470cdf6f57125a8671f6b8843149cc78ccbc1a7bc615f34b23d9f241312bf
Details	sha256	2	71beb4252e93291c7b14dfcb4cbb5d58144a76181fbe4aab3592121a3dbd9c55
Details	sha256	2	37e30dc2faaabaf93f0539ffbde032461ab63a2c242fbe6e1f60a22344c8a334
Details	sha256	2	14f736b7df6a35c29eaed82a47fc0a248684960aa8f2222b5ab8cdad28ead745
Details	IPv4	4	137.184.15.189
Details	IPv4	5	172.93.201.253
Details	IPv4	4	44.238.74.84
Details	Pdb	2	tvnviewer.pdb