ioc[.]one - OSINT Cyber Threat Intelligence Database

揭秘MuddyWater组织的多款RMM软件攻击

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	55679690-fa6b-4ff9-9ce0-7a9446d5c608
Fingerprint	b38c8f1b06e5e6ca
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 29, 2024, midnight
Added to db	Sept. 25, 2024, 2:57 p.m.
Last updated	Nov. 8, 2024, 3:42 a.m.
Headline	揭秘MuddyWater组织的多款RMM软件攻击
Title	揭秘MuddyWater组织的多款RMM软件攻击
Detected Hints/Tags/Attributes	12/1/97

Source URLs

	Redirection	Url
Details	Source	https://mp-weixin-qq-com.translate.goog/s?__biz=MzUyMjk4NzExMA%3D%3D&mid=2247500427&idx=1&sn=29a99b3ae418762fdd184f8b82c20d79&chksm=f9c1f182ceb678943a0d6cca3a94f0e7860aca6046e8b7a385ad9c266c7630de225b4bd7dd10&scene=178&cur_album_id=1955835290309230595&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de
Details	Source	https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA%3D%3D&mid=2247500427&idx=1&sn=29a99b3ae418762fdd184f8b82c20d79&chksm=f9c1f182ceb678943a0d6cca3a94f0e7860aca6046e8b7a385ad9c266c7630de225b4bd7dd10&scene=178&cur_album_id=1955835290309230595

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com
Details	translate.goog	mp-weixin-qq-com.translate.goog

Attributes

Details	Type	#Events	Value
Details	Domain	3	instance-sy9at2-relay.screenconnect.com
Details	Domain	3	mfa.gov
Details	Domain	2	sy9at2-relay.screenconnect.com
Details	Domain	9	ws.onehub.com
Details	Domain	4	freeupload.store
Details	Domain	5	kinneretacil.egnyte.com
Details	Domain	12	filetransfer.io
Details	Domain	6	storyblok.com
Details	Domain	8	attachments.zip
Details	Domain	5	defense-video.zip
Details	Domain	2	instance-uwct38-relay.screenconnect.com
Details	Domain	18	1drv.ms
Details	Domain	67	www.dropbox.com
Details	Domain	1	supplies--no12305570.zip
Details	Domain	5	questionnaire.zip
Details	File	2	执行时会释放出host.msi
Details	File	2	的服务并启动rutserv.exe
Details	File	5	diagnostic.exe
Details	File	3	wihituce08.msi
Details	File	8	attachments.zip
Details	File	5	defense-video.zip
Details	File	1	supplies--no12305570.zip
Details	File	5	questionnaire.zip
Details	md5	2	eb0bba584138044e2d051deab69a57f1
Details	md5	2	809334c0b55009c5a50f37e4eec63c43
Details	md5	2	4055d8b5c2e909f5db8b75a5750a7005
Details	md5	2	cdeb7abfc7775c63745135431272dda3
Details	md5	2	c381c2cb8fdd6acf1636280b9424f573
Details	md5	2	473dfccda44f85d119aadefb92cd085e
Details	md5	2	24c72ffef74be81c5a7d4cb024110328
Details	md5	2	1e9a4e774b61acc8a6b35ee50417e661
Details	md5	2	ef6ec560efd05d21976a6fd3f489e206
Details	md5	2	a2571577f281eda9548d9047b37cbbb8
Details	md5	2	b181ecbb7394e3b1394a8c97af65b7e2
Details	md5	2	5d61614099d6d567441d15c58d6517b0
Details	md5	2	5d013b96a25f0610cd1ac45d61d44d7e
Details	md5	2	aba760ec55fdeccb35adb068443feb89
Details	md5	2	6bc591f4e8eb1ea54b4d6defd019bee8
Details	md5	2	23d99f912f2491749b89e4fd337273bc
Details	md5	2	242098c3e87822bffa7c337987065fbe
Details	md5	2	387fd14f5a89ec121c4c2c989063822f
Details	md5	2	83044ce990501559e34f5a64318778a8
Details	md5	2	93be13bbcad30440a0d0ef3868d67003
Details	md5	2	f1c935ce028022ab2a495eae83adacc6
Details	md5	2	fa55d4fe55eb4b9b34804d94bcd2f88f
Details	md5	2	7ce27d43bdbb6c9238c5d367a86dc37b
Details	md5	2	fa6d5164772ba72dc3931dae8e09b488
Details	md5	2	71ffc9ebbb80f4e2f405034662dfd424
Details	md5	2	3c1b429685e5f1853a3cd955bd0acbd7
Details	md5	2	64fc017a451ef273dcacdf6c099031f3
Details	md5	2	c67d578a14571e4f56430ce4bdc228f9
Details	md5	4	e8f3ecc0456fcbbb029b1c27dc1faad0
Details	md5	4	dd247ccd7cc3a13e1c72bb01cf3a816d
Details	md5	5	8d2199fa11c6a8d95c1c2b4add70373a
Details	md5	5	04afff1465a223a806774104b652a4f0
Details	md5	5	146cc3a1a68be349e70b79f9115c496b
Details	md5	2	2cd569dafe4f537150f0416b021c30ab
Details	md5	2	e8e84ac1ae83a45c260df146e97cb1cb
Details	md5	2	a8fce1e8e89053e143b5431cfa5209cb
Details	md5	2	960594cbdf938bcb03bd0637843d9154
Details	md5	2	b9cff91be734e2a071d3b0fc07dc8386
Details	md5	2	d16bb327c655ac5e52c9452cedb369da
Details	md5	2	ad4ce3a58db27f40e17abf633e319efe
Details	md5	3	d1b4ca2933f49494b4400d5bf5ab502e
Details	md5	2	244a4f81cff4a8dc5872628a40713735
Details	md5	3	aaa9db79b5d6ba319e24e6180a7935d6
Details	md5	2	7ed44b36850a5f192fb56768669d8090
Details	md5	2	66fddebf896a5631172436b740c06ad1
Details	md5	2	8e5ba70473c66334ced67ac3be9970e0
Details	md5	2	8b50f74907810cf23507b5bd8d83f13c
Details	md5	2	c4a88707bba871a667004a4a27de6785
Details	md5	2	a85460ff7d12ccc2b82da8143ac1f594
Details	md5	2	c5a737a346e0a83082b924712926af7d
Details	md5	2	7aeb1fe9ab3efffcf390eadaff696411
Details	md5	5	1f0b9aed4b2c8d958a9b396852a62c9d
Details	md5	2	de578308ac3403ae9e88616b8a292383
Details	IPv4	4	51.255.19.178
Details	IPv4	2	51.254.25.36
Details	IPv4	5	178.32.30.3
Details	IPv4	5	146.70.149.61
Details	IPv4	3	193.109.120.59
Details	Url	2	https://ws.onehub.com/files/x68hqy91
Details	Url	2	https://ws.onehub.com/files/97lrcyvc
Details	Url	2	https://ws.onehub.com/files/gts7uevh
Details	Url	2	https://ws.onehub.com/files/v5ww52ne
Details	Url	2	https://ws.onehub.com/files/kwdphknm
Details	Url	2	https://freeupload.store/rale7/wihituce08.msi/download
Details	Url	2	https://kinneretacil.egnyte.com/fl/grykrfurte
Details	Url	2	https://filetransfer.io/data-package/tume19fv/download
Details	Url	2	https://ws.onehub.com/files/mz8ok6gf
Details	Url	2	http://a.storyblok.com/f/259791/x/91e2f5fa2f/attachments.zip
Details	Url	2	https://a.storyblok.com/f/259837/x/21e6a04837/defense-video.zip
Details	Url	2	https://ws.onehub.com/files/94otjyvd
Details	Url	2	https://ws.onehub.com/files/7w1372el
Details	Url	6	https://1drv.ms/u/s
Details	Url	2	https://www.dropbox.com/s/scj6n0l58yyb3f1/purchase
Details	Url	2	https://a.storyblok.com/f/259791/x/94f59e378f/questionnaire.zip