ioc[.]one - OSINT Cyber Threat Intelligence Database

SteelFox Trojan imitates popular products to drop stealer and miner malware

Tags

country:	Algeria Egypt Brazil China Sri Lanka India Mexico Russia Vietnam
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Junk Data - T1001.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Ssl Pinning - T1521.003 Windows Service - T1543.003

Show in Graph

Common Information

Type	Value
UUID	532d55de-e725-4f1c-bdcf-fa8397101143
Fingerprint	7a59595453c22e5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 6, 2024, 10 a.m.
Added to db	Nov. 6, 2024, 11:19 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Title	SteelFox Trojan imitates popular products to drop stealer and miner malware
Detected Hints/Tags/Attributes	70/3/38

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	223	✔	Securelist	https://securelist.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	12	cve-2020-14979
Details	CVE	11	cve-2021-41285
Details	Domain	4127	github.com
Details	Domain	3	ankjdans.xyz
Details	Domain	291	raw.githubusercontent.com
Details	Domain	3	www.cloudstaymoon.com
Details	Domain	3	squarecircle.ru
Details	Domain	194	drive.google.com
Details	File	2	foxitcrack.exe
Details	File	2	c:\program files\foxit software\foxit pdf editor\plugins\foxitpdfeditorupdateservice.exe
Details	File	15	agsservice.exe
Details	File	2	c:\program files\autodesk\adodis\v1\setup\lpsad.exe
Details	File	1122	svchost.exe
Details	File	16	winring0.sys
Details	File	3	jetbrains-activator.exe
Details	File	2	autocad-patch.exe
Details	File	2	foxitpatch.exe
Details	File	3	foxitpdfeditorupdateservice.exe
Details	md5	3	fb94950342360aa1656805f6dc23a1a0
Details	md5	3	9dff2cdb371334619b15372aa3f6085c
Details	md5	3	c20e1226782abdb120e814ee592bff1a
Details	md5	3	c6e7c8c76c7fb05776a0b64699cdf6e7
Details	IPv4	3	205.185.115.5
Details	Pdb	2	d:\hotproject\winring0\source\dll\sys\lib\amd64\winring0.pdb
Details	Url	2	https://github.com/cppdev-123.
Details	Url	3	https://ankjdans.xyz
Details	Url	3	https://github.com/davidnguyen67/crackjetbrains
Details	Url	3	https://github.com/trungga123/active-all-app-jetbrains
Details	Url	3	https://github.com/tranquanghuy-09/activate-intellij-idea-ultimate
Details	Url	3	https://github.com/taronsargsyan123/scarasimulation
Details	Url	3	https://raw.githubusercontent.com/tranquanghuy-09/activate-intellij-idea-ultimate/main/jetbrains-activator.exe
Details	Url	3	https://raw.githubusercontent.com/taronsargsyan123/scarasimulation/main/jetbrains-activator.exe
Details	Url	3	https://raw.githubusercontent.com/trungga123/active-all-app-jetbrains/main/jetbrains-activator.exe
Details	Url	3	https://raw.githubusercontent.com/davidnguyen67/crackjetbrains/main/jetbrains-activator.exe
Details	Url	3	https://www.cloudstaymoon.com/2024/05/06/tools-1
Details	Url	3	https://squarecircle.ru/intelij/jetbrains-activator.exe
Details	Url	3	https://drive.google.com/file/d/1bhdbvmywfg2551ommpo3_5vaeynj7pe5/view?usp=sharing
Details	Url	3	https://github.com/cppdev-123