ioc[.]one - OSINT Cyber Threat Intelligence Database

New PXA Stealer targets government and education sectors for sensitive information

Tags

cmtmf-attack-pattern:	Masquerading
country:	Denmark India Sweden Vietnam U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Masquerading - T1036 Powershell - T1086 Masquerading

Show in Graph

Common Information

Type	Value
UUID	73ae6724-372b-4cbf-87cc-56eb888a8384
Fingerprint	850f2cd312f6370d
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 14, 2024, 6 a.m.
Added to db	Nov. 14, 2024, 12:03 p.m.
Last updated	Nov. 16, 2024, 11:18 a.m.
Headline	Cisco Talos Blog
Title	New PXA Stealer targets government and education sectors for sensitive information
Detected Hints/Tags/Attributes	88/4/34

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/new-pxa-stealer/

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	68	✔	Cisco Talos Blog	https://blog.talosintelligence.com/rss/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	tvdseo.com
Details	Domain	2	aehack.com
Details	Domain	3	synaptics.zip
Details	Domain	339	system.net
Details	Domain	228	system.io
Details	Domain	2	eanlaxukai.zip
Details	Domain	2	ozhymuy4qk.zip
Details	Domain	372	wscript.shell
Details	Domain	5	link.save
Details	Domain	2	computername.zip
Details	Domain	904	snort.org
Details	File	3	synaptics.zip
Details	File	4	link.tar
Details	File	2	synaptics.exe
Details	File	4	link.ico
Details	File	128	msedge.exe
Details	File	2	u:\software\microsoft\windows\currentversion\run' -name 'windows security' -propertytype string -value 'c:\windows\explorer.exe
Details	File	2	windowssecurity.bat
Details	File	41	key4.db
Details	File	29	profiles.ini
Details	File	2	important_logins.txt
Details	File	2	all_passwords.txt
Details	File	2	facebook_cookies.txt
Details	File	3	cookie_ext.zip
Details	File	2	webappsstore.sql
Details	File	2	profile.txt
Details	File	2	db_maxcare.sql
Details	File	2	computername.zip
Details	File	2	py.inf
Details	File	2	js.inf
Details	Url	3	https://tvdseo.com/file/synaptics.zip
Details	Url	2	https://tvdseo.com/file/pxa/pxa_pure_enc').read().decode
Details	Url	2	https://tvdseo.com/file/pxa/pxa_bot').read().decode
Details	Url	3	https://tvdseo.com/file/pxa/cookie_ext.zip