The Feed 2025–01–10
Common Information
Type Value
UUID 6a3c9801-beca-4565-8501-c0489e8636c3
Fingerprint ad94993b2137af99
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 10, 2025, 9:44 a.m.
Added to db Jan. 10, 2025, 10:58 a.m.
Last updated Jan. 19, 2025, 8:20 a.m.
Headline The Feed 2025–01–10
Title The Feed 2025–01–10
Detected Hints/Tags/Attributes 122/4/86
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2
authenticator.cc
Details Domain 6
authorisev.site
Details Domain 6
contemteny.site
Details Domain 4
dilemmadu.site
Details Domain 4
faulteyotk.site
Details Domain 4
forbidstow.site
Details Domain 4
goalyfeastz.site
Details Domain 4
opposezmny.site
Details Domain 4
seallysl.site
Details Domain 4
servicedny.site
Details Domain 1
banshee-stealer.com
Details Domain 55
steamcommunity.com
Details Domain 3
api7.cfd
Details Domain 3
coincapy.com
Details Domain 3
fotor.software
Details Domain 159
research.checkpoint.com
Details Domain 5
else-accommodation-allowing-throws.trycloudflare.com
Details Domain 7
cod-identification-imported-carl.trycloudflare.com
Details Domain 8
amsterdam-sheet-veteran-aka.trycloudflare.com
Details Domain 5
benjamin-unnecessary-mothers-configured.trycloudflare.com
Details Domain 7
longitude-powerpoint-geek-upgrade.trycloudflare.com
Details Domain 5
attribute-homework-generator-lovers.trycloudflare.com
Details Domain 7
infected-gc-rhythm-yu.trycloudflare.com
Details Domain 56
go.recordedfuture.com
Details Domain 3
groupgreeting.com
Details Domain 72
www.malwarebytes.com
Details Domain 95
mega.nz
Details Domain 1
tech-cloud.org
Details Domain 1
privacycourses.com
Details Domain 6
cscrm-hiring.com
Details Domain 3
cs-applicant-crm-installer.zip
Details Domain 5096
github.com
Details Domain 2
xmrig-6.22.2-gcc-win64.zip
Details Domain 10
temp.zip
Details File 567
mshta.exe
Details File 2
cta-ru-2024-1205.pdf
Details File 1
how-cracks-and-installers-bring-malware-to-your-device.html
Details File 2
2-gcc-win64.zip
Details File 3
%temp%\system\temp.zip
Details File 3
%temp%\system\process.exe
Details File 2
%localappdata%\system32\config.exe
Details File 2
%localappdata%\system32\process.exe
Details File 2
%appdata%\microsoft\windows\start menu\programs\maintenance\info.txt
Details File 2
%appdata%\microsoft\windows\start menu\programs\startup\startup.bat
Details sha256 4
d8ecc92571b3bcd935dcab9cdbeda7c2ebda3021dda013920ace35d294db07be
Details sha256 4
d04f71711e7749a4ff193843ae9ce852c581e55eaf29b8eec5b36c4b9c8699c2
Details sha256 4
3bcd41e8da4cf68bb38d9ef97789ec069d393306a5d1ea5846f0c4dc0d5beaab
Details sha256 4
b978c70331fc81804dea11bf0b334aa324d94a2540a285ba266dd5bbfbcbc114
Details sha256 4
ce371a92e905d12cb16b5c273429ae91d6ff5485dda04bfedf002d2006856038
Details sha256 7
3afc8955057eb0bae819ead1e7f534f6e5784bbd5b6aa3a08af72e187b157c5b
Details sha256 5
93aa6cd0787193b4ba5ba6367122dee846c5d18ad77919b261c15ff583b0ca17
Details sha256 7
b95eea2bee2113b7b5c7af2acf6c6cbde05829fab79ba86694603d4c1f33fdda
Details sha256 3
96558bd6be9bcd8d25aed03b996db893ed7563cf10304dffe6423905772bbfa1
Details sha256 3
62f3a21db99bcd45371ca4845c7296af81ce3ff6f0adcaee3f1698317dd4898b
Details sha256 3
7c370211602fcb54bc988c40feeb3c45ce249a8ac5f063b2eb5410a42adcc030
Details IPv4 4
41.216.183.49
Details IPv4 1
65.108.186.71
Details IPv4 1
41.216.107.90
Details IPv4 1
185.1.161.213
Details IPv4 1
45.150.33.99
Details IPv4 1
85.184.11.127
Details IPv4 1
185.2.167.1
Details IPv4 1
213.164.238.108
Details IPv4 1
67.230.196.160
Details IPv4 1
193.233.169.189
Details IPv4 5
178.130.42.94
Details IPv4 1
104.22.78.165
Details IPv4 4
93.115.172.41
Details Mandiant Temporary Group Assumption 9
TEMP.ZIP
Details Url 12
https://steamcommunity.com/profiles/76561199724331900
Details Url 3
http://api7.cfd/testet123t
Details Url 3
https://coincapy.com/zx
Details Url 3
https://fotor.software/mediakit
Details Url 3
https://fotor.software/macos/collaboration
Details Url 1
https://api7.cfd/testet123t
Details Url 3
https://research.checkpoint.com/2025/banshee-macos-stealer-that-stole-code-from-macos-xprotect
Details Url 2
https://go.recordedfuture.com/hubfs/reports/cta-ru-2024-1205.pdf
Details Url 2
https://www.malwarebytes.com/blog/news/2025/01/groupgreeting-e-card-site-attacked-inzqxq-campaign
Details Url 1
https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html
Details Url 1
https://www.bleepingcomputer.com/news/security/mirrorface-hackers-targeting-japanese-govt-politicians-since-2019
Details Url 3
https://cscrm-hiring.com/cs-applicant-crm-installer.zip
Details Url 4
http://93.115.172.41/private/aw5zdhj1y3rpb25zcg==.txt
Details Url 1
http://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-gcc-win64.zip
Details Url 2
https://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process
Details Windows Registry Key 2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\config
Details Yara rule 2
rule macos_binary {
	meta:
		author = "Antonis Terefos @Tera0017/@Check Point Research"
		descr = "MacOS file format"
	condition:
		uint32(0) == 0xFEEDFACE or uint32(0) == 0xFEEDFACF or uint32(0) == 0xBEBAFECA
}