Целевая вредоносная кампания доставляет Remcos, DarkGate и BrockenDoor
Tags
| attack-pattern: | Mshta - T1218.005 Powershell - T1059.001 Right-To-Left Override - T1036.002 Rundll32 - T1218.011 Mshta - T1170 Powershell - T1086 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 68147b96-8be2-4d5d-9c5a-1107e0b1c377 |
| Fingerprint | 333e4fbb1ba3584b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 2, 2024, 11 a.m. |
| Added to db | Dec. 2, 2024, 9:47 a.m. |
| Last updated | Dec. 18, 2024, 2:15 p.m. |
| Headline | Брокенский призрак: Remcos, DarkGate и BrockenDoor |
| Title | Целевая вредоносная кампания доставляет Remcos, DarkGate и BrockenDoor |
| Detected Hints/Tags/Attributes | 28/1/79 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.ru/remcos-darkgate-brockendoor/111207/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 224 | ✔ | Securelist | https://securelist.ru/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | shop.com |
|
| Details | Domain | 2 | sportsboulevard-shop.com |
|
| Details | Domain | 3 | wmpssvc.online |
|
| Details | Domain | 3 | weventlog.store |
|
| Details | Domain | 3 | wscsvc.online |
|
| Details | Domain | 2 | keymerkert.com |
|
| Details | Domain | 3 | tnecharise.me |
|
| Details | Domain | 22 | file.zip |
|
| Details | Domain | 3 | tnecharise.biz |
|
| Details | Domain | 3 | wmiadap.cfd |
|
| Details | Domain | 3 | wmiadap.sbs |
|
| Details | Domain | 360 | system.net |
|
| Details | Domain | 3 | winmetrica.info |
|
| Details | Domain | 3 | wuauserv.site |
|
| Details | Domain | 3 | webkruzjevo.site |
|
| Details | Domain | 3 | snastiisani.xyz |
|
| Details | Domain | 3 | remote.hipool.shop |
|
| Details | File | 4 | c:\windows\system32\forfiles.exe |
|
| Details | File | 4 | cmmon32.exe |
|
| Details | File | 496 | mshta.exe |
|
| Details | File | 5 | dvdplay.exe |
|
| Details | File | 8 | 2024.pdf |
|
| Details | File | 87 | service.exe |
|
| Details | File | 21 | file.zip |
|
| Details | File | 1 | u202efdp.exe |
|
| Details | File | 1 | scan_kartochka_a-automation_annexe.pdf |
|
| Details | File | 2226 | cmd.exe |
|
| Details | File | 1282 | powershell.exe |
|
| Details | File | 1 | 'services.dll |
|
| Details | File | 1053 | rundll32.exe |
|
| Details | File | 2 | services.dll |
|
| Details | md5 | 3 | bbd49c98771b26f571d19f852eb50032 |
|
| Details | md5 | 3 | 514d54cb28d40a67a47cdadfea5aadfb |
|
| Details | md5 | 3 | a8e35c05fd6324119b719aca8ab85f57 |
|
| Details | md5 | 3 | 3dcdbae24c81bef32d5062d5210da238 |
|
| Details | md5 | 1 | 081662478A85A8D5DC4C6191667B57C7 |
|
| Details | md5 | 1 | 6E1642FF15E966B4AABD8A7E7A62AFB5 |
|
| Details | md5 | 1 | E48CA8C77BD1AADE0267B31E5E5C4B16 |
|
| Details | md5 | 1 | 415A4F8F6F5A8FCA2CD1D8A2DB9CD299 |
|
| Details | md5 | 1 | 0A7F371622896D6FE98CA4CECF384A77 |
|
| Details | md5 | 1 | 2FAFF746B3FA3FC39CEE068C2F4B8225 |
|
| Details | md5 | 1 | 96D09190247304C54A4B2235ACD549BD |
|
| Details | md5 | 1 | A8E35C05FD6324119B719ACA8AB85F57 |
|
| Details | md5 | 1 | C3D5C48E7E8CD11AB662DCB832088341 |
|
| Details | md5 | 1 | CAB999DF17597905D9FBA571F4820E5C |
|
| Details | md5 | 1 | D947EBD975257261FC8E8F5DC9729A81 |
|
| Details | md5 | 1 | 1BC0523BF62B072D7CB35FA5BA29BF67 |
|
| Details | md5 | 1 | 353302EF3297119AD7E15D131B85C04D |
|
| Details | md5 | 1 | 35BD6FF114BBAEAA1B8F959E00042A33 |
|
| Details | md5 | 1 | 3645826D1F2BF59E6FA71E22559676C7 |
|
| Details | md5 | 1 | 3E5CD6018E40BFB258087139F7922DF9 |
|
| Details | md5 | 1 | 5B8F3CDC9F406D057E48FF5E33398719 |
|
| Details | md5 | 1 | 5F4B879537AF29B224198D4E18399FE7 |
|
| Details | md5 | 1 | 6343560113D4FB9EFE740F03B3D847F6 |
|
| Details | md5 | 1 | 9546ED5D05D71230C263CC04B5928A70 |
|
| Details | md5 | 1 | DE7DCCE6672E86154CAB335E59885834 |
|
| Details | md5 | 1 | EED9223FF9BC5A20F5FA6114AA9CC6BE |
|
| Details | md5 | 1 | F3B658E97D4602729E2A4E4E5493CE29 |
|
| Details | md5 | 1 | 514D54CB28D40A67A47CDADFEA5AADFB |
|
| Details | md5 | 1 | BBD49C98771B26F571D19F852EB50032 |
|
| Details | md5 | 1 | 0CD75552F9F1750322E2660F5F4B12A0 |
|
| Details | md5 | 1 | 582A296032901A28E2DA9F024F90D4A0 |
|
| Details | md5 | 1 | 8A6FB5ADDA210ED5DF68755D4316E27B |
|
| Details | md5 | 1 | 943F0607DA181651EF79FC5472FBB8E2 |
|
| Details | md5 | 1 | EAD0AD5A55EF4C64F1BE4EBA7B2793B9 |
|
| Details | md5 | 1 | 3DCDBAE24C81BEF32D5062D5210DA238 |
|
| Details | IPv4 | 1513 | 127.0.0.1 |
|
| Details | IPv4 | 3 | 194.87.252.40 |
|
| Details | IPv4 | 3 | 45.151.62.66 |
|
| Details | IPv4 | 3 | 194.87.252.74 |
|
| Details | Url | 2 | https://sportsboulevard-shop.com/nico/scan_rusautomation_tz_299_21.08.2024 |
|
| Details | Url | 2 | https://sportsboulevard-shop.com/nico/scan_rusautomation_tz_299_21.08.2024.pdf |
|
| Details | Url | 2 | https://sportsboulevard-shop.com/9827/service.exe |
|
| Details | Url | 2 | https://keymerkert.com/update |
|
| Details | Url | 2 | http://tnecharise.me/tiinhmbd |
|
| Details | Url | 2 | http://tnecharise.me/cyjdxxrj |
|
| Details | Url | 2 | http://194.87.252.40:9375/payload?payloadid= |
|
| Details | Url | 3 | http://wmiadap.sbs:6180/x |
|
| Details | Url | 3 | http://wmiadap.cfd:6180/x |