ioc[.]one - OSINT Cyber Threat Intelligence Database

How to Collect Threat Intelligence Using Search Parameters in TI Lookup

Tags

country:	Brazil Czechia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Ip Addresses - T1590.005 Local Email Collection - T1114.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Standard Application Layer Protocol - T1071

Show in Graph

Common Information

Type	Value
UUID	787db619-5c1b-4083-b5b4-c31ed28b29d1
Fingerprint	3d4e0be1e036268f
Analysis status	DONE
Considered CTI value	-2
Text language
Published	Sept. 18, 2024, 11:05 a.m.
Added to db	Sept. 18, 2024, 1:42 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	How to Collect Threat Intelligence Using Search Parameters in TI Lookup
Title	How to Collect Threat Intelligence Using Search Parameters in TI Lookup
Detected Hints/Tags/Attributes	81/3/33

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/how-to-collect-threat-intelligence-using-search-parameters-in-ti-lookup/86482

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	911	any.run
Details	Domain	2	tventyvd20sb.top
Details	Domain	16	tcp.ngrok.io
Details	File	263	iexplore.exe
Details	File	1	%5c%22.exe
Details	File	40	cryptbase.dll
Details	File	8	msasn1.dll
Details	File	82	kernelbase.dll
Details	File	1	%5c%22syswow64%5c%5c%5c%5ckernelbase.dll
Details	File	137	conhost.exe
Details	File	103	regasm.exe
Details	File	2	pdq-connect-agent.exe
Details	File	2126	cmd.exe
Details	File	256	net.exe
Details	File	1	%5c%22net.exe
Details	File	367	readme.txt
Details	md5	2	1af33e1657631357c73119488045302c
Details	md5	26	a0e9f5d64349fb13191bc781f81f42e1
Details	md5	2	1412faf1bfd96e91340cedcea80ee09d
Details	md5	2	ce554fe53b2620c56f6abb264a588616
Details	md5	1	4d77626d9f9d029f9f5059d72264231d
Details	IPv4	3	147.185.221.22
Details	IPv4	2	162.125.66.15
Details	IPv4	3	192.168.37.128
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	34	T1114.001
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	Url	2	https://intelligence.any.run/analysis/lookup/?utm_source=anyrunblog&amp
Details	Url	1	https://intelligence.any.run/analysis/lookup/?utm_source=anyrunblog&utm_medium=article&utm_campaign=search_params_ti&utm_term=180924&utm_content=linktolookup#{%22query%22:%22registrykey:%5c%22currentversion%5c%5c%5c%5cschedule%5c%22%20and%20registryvalue:%5c%22.exe
Details	Url	1	https://intelligence.any.run/analysis/lookup/?utm_source=anyrunblog&utm_medium=article&utm_campaign=search_params_ti&utm_term=180924&utm_content=linktolookup#{%22query%22:%22mitre:%5c%22t1053.005
Details	Url	1	https://intelligence.any.run/analysis/lookup/?utm_source=anyrunblog&utm_medium=article&utm_campaign=search_params_ti&utm_term=180924&utm_content=linktolookup#{%22query%22:%22moduleimagepath:%5c%22syswow64%5c%5c%5c%5ckernelbase.dll
Details	Url	2	http://192.168.37.128:8880
Details	Url	2	http://tventyvd20sb.top/v1/upload.php