ioc[.]one - OSINT Cyber Threat Intelligence Database

Google Firebase Hosting Abused to Deliver Sorillus RAT, Phishing Page

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Models Cloud Services - T1021.007 Control Panel - T1218.002 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Serverless - T1583.007 Serverless - T1584.007 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110

Show in Graph

Common Information

Type	Value
UUID	4daab00c-4e6e-41b2-8a5a-31bf72be469f
Fingerprint	80620b882a9f0b8c
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 13, 2023, midnight
Added to db	Oct. 24, 2023, 1:17 p.m.
Last updated	Nov. 12, 2024, 2:50 p.m.
Headline	Google Firebase Hosting Abused to Deliver Sorillus RAT, Phishing Page
Title	Google Firebase Hosting Abused to Deliver Sorillus RAT, Phishing Page
Detected Hints/Tags/Attributes	57/2/29

Source URLs

	Redirection	Url
Details	Source	https://www.esentire.com/blog/google-firebase-hosting-abused-to-deliver-sorillus-rat-phishing-page

URL Provider

Details	Provider	Source level domain
Details	esentire.com	www.esentire.com

Attributes

Details	Type	#Events	Value
Details	Domain	6	web.app
Details	Domain	1	firebaseapp.com
Details	Domain	2	tax-document.zip
Details	Domain	2	canmond.web.app
Details	Domain	2	savuom.web.app
Details	Domain	1	tax-documents.zip
Details	Domain	2	osaomnc.web.app
Details	Domain	2	vinapsminznusx.web.app
Details	Domain	2	wispy-dawn-ea24.porschea50.workers.dev
Details	Domain	1	acctcdn.msftauth.net
Details	Domain	18	workers.dev
Details	Domain	21	www.joesandbox.com
Details	File	2	tax-document.zip
Details	File	1	2022tax-extension.html
Details	File	1	tax-document_pdf.jar
Details	File	2	w2_and_1095a.zip
Details	File	1	tax-documents.zip
Details	File	1	statemtent.htm
Details	File	380	notepad.exe
Details	md5	2	e93b8dddfc9715f1785ff8f554d538a8
Details	md5	2	5f74bc4dc4ed13805295ae2f249450bb
Details	md5	2	eb1974840d85530ce42928edb27a2884
Details	md5	2	9251ca090c5b4d7fe7e309b5f8bbd0cf
Details	md5	2	66a13a6998a62bda15082b09980ca053
Details	md5	2	29fc65f116072a072d52dac21d33335f
Details	md5	2	2e277b66aed7aa20d399f115f4a7a2f8
Details	IPv4	2	185.196.220.62
Details	Url	1	https://www.joesandbox.com/analysis/887395/0/html#devicescreen
Details	Url	2	https://osaomnc.web.app/tax-document.zip