GOLD MELODY: Profile of an Initial Access Broker
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 77431f6c-a36f-4bad-a342-45e03af3514f |
| Fingerprint | f8b1affba14bb9c5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 20, 2023, midnight |
| Added to db | Oct. 24, 2023, 1:12 p.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | GOLD MELODY: Profile of an Initial Access Broker |
| Title | GOLD MELODY: Profile of an Initial Access Broker |
| Detected Hints/Tags/Attributes | 128/2/86 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 3 | cve-2016-0545 |
|
| Details | CVE | 3 | cve-2021-42237 |
|
| Details | CVE | 122 | cve-2017-5638 |
|
| Details | CVE | 18 | cve-2021-4104 |
|
| Details | CVE | 397 | cve-2021-44228 |
|
| Details | CVE | 4 | cve-2017-7504 |
|
| Details | CVE | 68 | cve-2020-14882 |
|
| Details | CVE | 27 | cve-2020-14750 |
|
| Details | CVE | 7 | cve-2021-22941 |
|
| Details | Domain | 9 | bc.pl |
|
| Details | Domain | 27 | responder.py |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 53 | blogs.blackberry.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | File | 4 | winexesvc.exe |
|
| Details | File | 9 | bc.pl |
|
| Details | File | 35 | 2.txt |
|
| Details | File | 1 | common_login_bottom2.jsp |
|
| Details | File | 3 | la.txt |
|
| Details | File | 1 | la.aspx |
|
| Details | File | 7 | b.txt |
|
| Details | File | 14 | c.txt |
|
| Details | File | 4 | d.txt |
|
| Details | File | 3 | bb.txt |
|
| Details | File | 2 | bbb.txt |
|
| Details | File | 5 | wget.bin |
|
| Details | File | 1 | c:\windows\temp\8fde\wget.bin |
|
| Details | File | 69 | comsvcs.dll |
|
| Details | File | 1 | _mo64.bin |
|
| Details | File | 25 | responder.py |
|
| Details | File | 1 | '_mo64.bin |
|
| Details | File | 2 | wmhost.exe |
|
| Details | File | 1 | winnta.exe |
|
| Details | File | 2 | rdp.ps1 |
|
| Details | File | 1 | statusagentproxy.dll |
|
| Details | File | 1 | ti2.bin |
|
| Details | File | 1 | ti3.bin |
|
| Details | File | 1 | txportmap.bin |
|
| Details | File | 3 | 7z.bin |
|
| Details | File | 1 | pscp.bin |
|
| Details | File | 1 | auditd.bin |
|
| Details | File | 1 | ti2.exe |
|
| Details | md5 | 1 | c6c1c3d7e25327a6d46039aa837491e5 |
|
| Details | md5 | 1 | f7f4ca923b29964a8d081cea04db6f73 |
|
| Details | md5 | 1 | fd544bda416f0819df01b457d42888af |
|
| Details | md5 | 1 | 64f2652fd9a907fd4cfc129a5556e97b |
|
| Details | md5 | 1 | b53063c59d999ff1a6b8b1fc15f58ffc |
|
| Details | md5 | 1 | 3e564d0ae79990368be84758e6b858a5 |
|
| Details | md5 | 1 | b5bdeadf31fc968c9cc219e204115456 |
|
| Details | md5 | 1 | 0a3d502a5a5c8ea38124ec32dbf2247d |
|
| Details | md5 | 1 | ce76362104bd6d8c920a2a9c4cce3fe2 |
|
| Details | md5 | 1 | 274edd99626cce95a06da525bb028e1f |
|
| Details | md5 | 1 | 36128eefecb9fce9f4e4e9b5fb67957c |
|
| Details | md5 | 1 | 8a69699df490e6c028cfe6a22340a827 |
|
| Details | md5 | 1 | 2dfe49db47d7e6ca0d7c5f3641da4911 |
|
| Details | md5 | 1 | 8addc16baeb0474d41ba2d3805665969 |
|
| Details | md5 | 1 | 05d5fa365498651bcbb8a356cd580b25 |
|
| Details | md5 | 1 | 5cd4fd735e59f81d0c595b06ee61ad10 |
|
| Details | md5 | 1 | b3135736bcfdab27f891dbe4009a8c80 |
|
| Details | md5 | 1 | 9240e1744e7272e59e482f68a10f126f |
|
| Details | md5 | 1 | b20ba6df30bbb27ae74b2567a81aef66 |
|
| Details | md5 | 1 | e787591a5ef810bfc9ecd45cb6d3d51e |
|
| Details | md5 | 1 | 687157882f603897bf6d358d49a12064 |
|
| Details | md5 | 1 | 3e2ba059fe882ee4f8ec7ed2952ebee0 |
|
| Details | md5 | 1 | a3d5ead160614336a013f5de4cff65a5 |
|
| Details | md5 | 1 | 198b1d73238a5b456f558e70b503f52e |
|
| Details | md5 | 1 | 711552fff3830d8e1bf99ff745b91b32 |
|
| Details | md5 | 1 | a7a9a5676a1467ac8360b600e83eeae1 |
|
| Details | md5 | 1 | f02f4c22992830ee15fba7a4fbf9f26a |
|
| Details | md5 | 1 | e7942dffdc98b9e32f1ec30e8e00c1f4 |
|
| Details | md5 | 1 | 851aab4341e73f400ab0969cab29298d |
|
| Details | md5 | 1 | 5286a79be3eb5a8a4a639aa9d1319f4f |
|
| Details | md5 | 1 | 4bc05be75e5c5e20e2beb58dea27127a |
|
| Details | md5 | 1 | 5adde740a47f88fceb845c8b1b236017 |
|
| Details | IPv4 | 3 | 149.28.193.216 |
|
| Details | IPv4 | 1 | 149.28.207.216 |
|
| Details | IPv4 | 1 | 149.28.207.120 |
|
| Details | IPv4 | 1 | 195.123.240.183 |
|
| Details | IPv4 | 1 | 64.190.113.185 |
|
| Details | Mandiant Uncategorized Groups | 10 | UNC961 |
|
| Details | Url | 1 | https://www.mandiant.com/resources/blog/mobileiron-log4shell-exploitation |
|
| Details | Url | 2 | https://www.crowdstrike.com/blog/prophet-spider-exploits-oracle-weblogic-to-facilitate-ransomware-activity |
|
| Details | Url | 1 | https://blogs.blackberry.com/en/2022/01/log4u-shell4me |
|
| Details | Url | 1 | https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile |
|
| Details | Url | 1 | https://community.netwitness.com/t5/netwitness-community-blog/the-shadows-of-ghosts-inside-the-response-of-a-unique-carbanak/ba-p/518668 |
|
| Details | Url | 3 | https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivated |