ioc[.]one - OSINT Cyber Threat Intelligence Database

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Bypass User Account Control - T1548.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Bypass User Account Control - T1088 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	5818aaae-0a49-4257-b3ad-e98c2ccaa700
Fingerprint	84343939adaa1693
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 9, 2023, midnight
Added to db	Oct. 15, 2024, 4:05 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
Title	Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
Detected Hints/Tags/Attributes	79/3/63

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_sg/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details	Source	https://www.trendmicro.com/en_au/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details	Source	https://www.trendmicro.com/en_in/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details	Source	https://www.trendmicro.com/en_nz/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	11	cve-2015-2291
Details	Domain	25	the.net
Details	Domain	145	api.telegram.org
Details	Domain	1	from.net
Details	Domain	3	enigma.bot.net
Details	Domain	4	api.mylnikov.org
Details	Domain	12	discordapp.com
Details	File	18	trojanspy.msi
Details	File	3	contract.rar
Details	File	2	questions.txt
Details	File	28	word.exe
Details	File	748	kernel32.dll
Details	File	146	wininet.dll
Details	File	37	userenv.dll
Details	File	34	psapi.dll
Details	File	59	netapi32.dll
Details	File	45	mpr.dll
Details	File	41	wtsapi32.dll
Details	File	2	api-ms-win-core-processthreads-l1-1-0.dll
Details	File	125	ntoskrnl.exe
Details	File	41	rpcrt4.dll
Details	File	291	user32.dll
Details	File	3	api-ms-win-core-com-l1-1-0.dll
Details	File	16	cabinet.dll
Details	File	185	shell32.dll
Details	File	47	oleaut32.dll
Details	File	86	ole32.dll
Details	File	533	ntdll.dll
Details	File	68	mscoree.dll
Details	File	229	advapi32.dll
Details	File	3	updatetask.dll
Details	File	1018	rundll32.exe
Details	File	2	updattask.dll
Details	File	8	iqvw64.sys
Details	File	9	driver.sys
Details	File	198	msmpeng.exe
Details	File	3	iqvw64e.sys
Details	File	256	net.exe
Details	File	2	iocs-enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs-tm.txt
Details	md5	2	1693D0A858B8FF3B83852C185880E459
Details	md5	2	1898ceda3247213c084f43637ef163b3
Details	md5	2	28ca7a21de60671f3b528a9e08a44e1c
Details	md5	2	28CA7A21DE60671F3B528A9E08A44E1C
Details	md5	2	50949ad2b39796411a4c7a88df0696c8
Details	md5	2	4DC2D57D9DB430235B21D7FB735ADF36
Details	sha1	2	5f1536f573d9bfef21a4e15273b5a9852d3d81f1
Details	sha1	2	d04e5db5b6c848a29732bfd52029001f23c3da75
Details	sha1	2	21f1cfd310633863babaafe7e5e892ae311b42f6
Details	sha1	2	67a502395fc4193721c2cfc39e31be11e124e02c
Details	sha1	2	98bf3080a85743ab933511d402e94d1bcee0c545
Details	sha256	3	658725fb5e75ebbcb03bc46d44f048a0f145367eff66c8a1a9dc84eef777a9cc
Details	sha256	2	3a1eb6fabf45d18869de4ffd773ae82949ef80f89105e5f96505de810653ed73
Details	sha256	3	03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23
Details	sha256	3	4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b
Details	sha256	3	d5b4c2c95d9610623e681301869b1643e4e2bf0adca42eac5d4d773b024fa442
Details	sha256	3	8dc192914e55cf9f90841098ab0349dbe31825996de99237f35a1aab6d7905bb
Details	sha256	3	4d2fb518c9e23c5c70e70095ba3b63580cafc4b03f7e6dce2931c54895f13b2c
Details	IPv4	3	193.56.146.29
Details	Url	33	https://api.telegram.org/bot
Details	Url	2	http://ip-api.com/line/?fields=hosting/content/dam/trendmicro/global/en/research/23/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs/iocs-enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs-tm.txt
Details	Url	2	https://api.mylnikov.org/geolocation/wifi?v=1.1
Details	Url	2	https://discordapp.com/api/v6/users
Details	Windows Registry Key	2	HKCU\SOFTWARE\Intel