ioc[.]one - OSINT Cyber Threat Intelligence Database

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

Tags

country:	Bulgaria Latvia Lithuania Poland Slovakia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Html Smuggling - T1027.006 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Visual Basic - T1059.005 Connection Proxy - T1090 Mshta - T1170

Show in Graph

Common Information

Type	Value
UUID	5f677889-62d9-4554-a71d-d0dd7b28b859
Fingerprint	850d8df30a368d83
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 6, 2024, 7:31 a.m.
Added to db	Dec. 6, 2024, 9:13 a.m.
Last updated	Dec. 17, 2024, 7:36 p.m.
Headline	Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Title	Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Detected Hints/Tags/Attributes	60/3/6

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@kaithi144/hackers-leveraging-cloudflare-tunnels-dns-fast-flux-to-hide-gammadrop-malware-1029409f5371?source=rss------malware-5
Details	Redirection	https://medium.com/@Userlinux/hackers-leveraging-cloudflare-tunnels-dns-fast-flux-to-hide-gammadrop-malware-1029409f5371?source=rss------malware-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	171	✔	Malware on Medium	https://medium.com/feed/tag/malware	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CERT Ukraine	43		UAC-0010
Details	Domain	6		amsterdam-sheet-veteran-aka.trycloudflare.com
Details	File	1		11875.rar
Details	File	496		mshta.exe
Details	IBM X-Force - Unattributed Threat Actor	9		Hive0051
Details	Mandiant Uncategorized Groups	15		UNC530