ioc[.]one - OSINT Cyber Threat Intelligence Database

EvilCoder Project Selling Multiple Dangerous Tools Online

Tags

cmtmf-attack-pattern:	Application Layer Protocol Masquerading Obfuscated Files Or Information Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Cmstp - T1218.003 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Steganography - T1027.003 Web Protocols - T1071.001 Tool - T1588.002 Standard Application Layer Protocol - T1071 Cmstp - T1191 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Screen Capture - T1113 System Information Discovery - T1082 Masquerading Screen Capture

Show in Graph

Common Information

Type	Value
UUID	6b462695-425f-4f13-b9ad-8b2f6d40cbaa
Fingerprint	abb4140527fbc492
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 19, 2022, midnight
Added to db	Oct. 24, 2023, 1:40 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	EvilCoder Project Selling Multiple Dangerous Tools Online
Title	EvilCoder Project Selling Multiple Dangerous Tools Online
Detected Hints/Tags/Attributes	79/3/93

Source URLs

	Redirection	Url
Details	Redirection	https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/
Details	Source	https://cyble.com/blog/evilcoder-project-selling-multiple-dangerous-tools-online/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com
Details	cyble.com	blog.cyble.com

Attributes

Details	Type	#Events	Value
Details	Domain	95	ip-api.com
Details	Domain	1	system6458.ddns.net
Details	File	1260	explorer.exe
Details	File	1	xworm.exe
Details	File	83	sbiedll.dll
Details	md5	1	56b84fe8827326c715996ec14e2d6f05
Details	md5	1	cd76badf66246e0424954805222e4f58
Details	md5	1	a29c3748c9361f9fe19b87d3358cb46d
Details	md5	1	989b8118ff0e8e72214253e161a9887f
Details	md5	1	e38e59e6d534262dd55a3b912bf169cc
Details	md5	1	b97cc4a173bc566365e0ab4128f2181a
Details	md5	1	744a85f5ddef7c029f2f9ed816ec66ef
Details	md5	1	4b8235bdd494bf5b762528dd96931072
Details	md5	1	fed104dae34e598ebc7fa681a39f4fcd
Details	md5	1	28347b4d82e5b28655e091dd35d218bf
Details	md5	1	e22cdc1cd9d43143e45cc1260a87e197
Details	md5	1	8ae59924803c3ea7b8da29786bc4f332
Details	md5	1	ab67fe7c24d9c075ef7567d796cc5544
Details	md5	1	93ec63f85938d09a4161b8569014adee
Details	md5	1	651103da17aae5c2e3fc8f9ab45140d2
Details	md5	1	7ae4668d2e693daa13a81c9cbeaeb31f
Details	md5	1	594472ed0352490ab2a8f89e68d30e08
Details	md5	1	1263b78103ae7586a1c982e5db37e1c7
Details	md5	1	8cdaf4513877c0d4ffa3bbfabb3d44c5
Details	md5	1	f3170f958826b128145589fc21ef7f32
Details	md5	1	f2341a3d23188aefb43735b1fc68f7c8
Details	md5	1	ba27b6fe77a27d890b02e9901a1a0335
Details	md5	1	a2431ec170f3cd0d1cd8dc1808a9d967
Details	md5	1	f5e96cfa82804513c81c7548cad9bfc0
Details	md5	1	63d1d6e2ab3c1a306fc477860f45a264
Details	md5	1	c4bdbb3cc647499b082dd6ea44d0c67b
Details	md5	1	54b32e41c9c4b6f8bab625fa6f4759e4
Details	sha1	1	366133968ea8bef322a22a977da1b9c7aaab9559
Details	sha1	1	e8c6d68e67d853180d36116e3ba27e4f12346dc2
Details	sha1	1	a7e95c1d51a278b59097524a14d042257f3e2801
Details	sha1	1	93c2c2c80274ed4c663423c596d0648e8b548ec2
Details	sha1	1	fdce6ef81ccf3d697f20c020020bbb6b51f8b1f1
Details	sha1	1	2edbb78ec7c8f6a561eb30fd43c31841d74217df
Details	sha1	1	af6bd2d2732269d0b6bbb78006e4980511ac8546
Details	sha1	1	72af980aaaa635bc4425b59ef523f8088b3874d5
Details	sha1	1	be06e7a5bff1bcd1fd27ff6789ae87513cd9d4de
Details	sha1	1	89e68bfb7e139343d838efc8d584a1a76256bc84
Details	sha1	1	9bbb4afa7dd21e37f09ce9bb81ff7ab961a20f2a
Details	sha1	1	716bf966c68ac8b120b8029a294e9c5d9d21f637
Details	sha1	1	25b7a76554add5b5ed85e9caed7c0ab67b8cb118
Details	sha1	1	2ee39858f4eabf1e469e1934277e61fe6dd5794a
Details	sha1	1	2249bbf4bbfcc7aec0d6e35803074433c4aa6ae8
Details	sha1	1	046c0de06a918ed6b1b6a232e276db55ae5b48ee
Details	sha1	1	a6ff2293ae5bfd10dedb93bfbb12b1ec3faabfe0
Details	sha1	1	d76ac6a11653c3cf7f46cb597bd8c38e5a78e124
Details	sha1	1	41f0699c96e58aadc78d0c50eaf699d9f566698d
Details	sha1	1	6b16d72f6cae6d6ee7c9ed4d2a5a044effd3ab8f
Details	sha1	1	a00b7c3c250c6546ac0d4f349379d943432ef573
Details	sha1	1	2f7801f2e18aa4abe2bc7964ea4626f5949feb2f
Details	sha1	1	42a3c7e173f7951055ccb226cdc768a0e70ddeb3
Details	sha1	1	24a4a5262ccb6a5b2c5ec2b5f6186bf3c6352f07
Details	sha1	1	58e6fb22e83c856e2b88b5f9a6352d999be2b374
Details	sha1	1	b29136f7f196229630aaaf6bba0a1c184f3b92b0
Details	sha1	1	4c891516487d78a854104720b83be59af43a8df3
Details	sha256	1	15f54e2562a9c6f51367327e9f19c11282f21a2de6687f73f0483e6fe3164973
Details	sha256	1	8cfefc291d9088ef0b3ab7dd59d8ff672e73d333c8d18bd1dff4c7695ae8af83
Details	sha256	1	096e33b9b0b4f843a7ea0259f75b4370f00ab90f3807eb89d5f0117da762900d
Details	sha256	1	8f9fff88c0c636c80ca0a4cfa37d3fb620289579a1ecae9ba1d3881235b482ee
Details	sha256	1	b9a9ae029ca542aadea0b384e4cfb50611d1a92c4570db5ddc5e362c4ebe41b4
Details	sha256	1	64519b4e63dbedc44149564f3d472c720fa3c6a87c9ad4f07d88d7fd1914f5b9
Details	sha256	1	8a399e51bdcd4b8d0a041236e80b3094987a80674bda839351fef1585c8c921b
Details	sha256	1	b09bf46468d9ed8b1957246f4cf7fd15679212fe9e5df7df6101179e0594cae6
Details	sha256	1	b327ec6f6dba10eb77cf47e8486059da63d1d77c3206a8a5ba381b2f1e621651
Details	sha256	1	d0b9f3b7f87c8fda4dae8ec3606b7468b0a2d5d32b6b889f983b4ed15a8d2076
Details	sha256	1	cbc87f41023b27b31a0eeac9818fa06db2914b5cc7c18c9392944ddc721b4efb
Details	sha256	1	f89b62d1cf8d2bfd83be841187502318817bc58725a5409c1c2fb6c0c7b14959
Details	sha256	1	83d59c2eb05891dcd30973ebe5c04aab99bd9371323522e9d968f67a3423d13d
Details	sha256	1	d9979fead904eb5fc9f0c0f99c6551b05940f94d001411d611ad8c95b3058769
Details	sha256	1	107ac41ba6ecd2025027721dc98307bd2859d473b1eedabc666e7dc12f537f77
Details	sha256	1	6cf9c275f41580a31b8869f9173589705b7ce998dfff58f735f66b97d89f08fd
Details	sha256	2	40d68523748f6eaf765970a40458faccbe84ef5dff7acbdaf29ac5a69d7cae6f
Details	sha256	1	81a3baf389888e4d554e74975fe15937a502c3b9d8c494b2f0ce4c25deb75b45
Details	sha256	1	4e019e68320099ff0e80a7598053d5968ee8ed91c30cc794a47f9f2f0f3f45de
Details	sha256	1	0aae80e6ca6cbdc0a79dbdf30767182edd94ed65bc378eb6e39d2b68fd78b8e0
Details	sha256	1	0d875a09bf7fb5088aa21f26110db96d1963e743535fd16f0ceb3d16683c2921
Details	sha256	1	21bcba3634c4ad91993b5033179a22b77d1d8ed1da1d1cdd506f8d8a03bc0251
Details	sha256	1	edab4840b84e16587b62b7133bb7fa030d21fcd6658c976b2b9ececa2453ec2b
Details	sha256	1	14a661bbdf915bfde309a2d42c0729fac10ce44d12c66f24b9136f4aae731f6e
Details	sha256	1	54f292586ec66057a859df0225b1338c2b701d1e50e3137e94235375cd9e8c94
Details	sha256	1	e2a4035f3a4f473a79f6b11f6b95254180052d5e6022b5d40fa8ea307abbfbe3
Details	sha256	1	1eba59961ce6b1c1a8741e488cfd8012cbd6b3f4dc8540469a8dd00e8807b60f
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	26	T1027.003
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	442	T1071.001