ioc[.]one - OSINT Cyber Threat Intelligence Database

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host

Tags

attack-pattern:

Data Direct Cmstp - T1218.003 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Cmstp - T1191 Hypervisor - T1062 Powershell - T1086 Scheduled Task - T1053 Windows Management Instrumentation - T1047

Show in Graph

Common Information

Type	Value
UUID	796c8c8d-a4fa-4a11-9d09-758bde7ea9ab
Fingerprint	ac243967ed3386c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 26, 2019, 4:07 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Vulnerability Information
Title	Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
Detected Hints/Tags/Attributes	93/1/95

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2019/09/divergent-analysis.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	activexobject.wscript.shell
Details	Domain	52	socket.io
Details	Domain	2	uoibppop.tk
Details	Domain	2	1292172017.rsc.cdn77.org
Details	Domain	904	snort.org
Details	File	1	zfjrailgdh.reg
Details	File	3	shell.reg
Details	File	2	bav01.js
Details	File	2	trpl.png
Details	File	3	windivert.dll
Details	File	2	windivert32.sys
Details	File	2	windivert64.sys
Details	File	226	certutil.exe
Details	File	198	msmpeng.exe
Details	File	1122	svchost.exe
Details	File	2	04sall.js
Details	File	3	05sall.js
Details	File	1	strpk.png
Details	File	59	app.js
Details	File	2	divergent.exe
Details	File	2	mdivergent.exe
Details	File	5	init.js
Details	File	27	node.exe
Details	File	2	em_02.js
Details	File	1	em_03.js
Details	File	1	now_i_see_you.dll
Details	File	2	strkp.png
Details	sha256	1	e4a49af295d6e61877a458a014fe63b733be942c506496b53070aa3d9ca421d8
Details	sha256	1	5863f35959aa542a27319e098f40166f3ace09d265f4ec6d739318c0b739745e
Details	sha256	1	47b5dac9152220fbbf122eff89ac93d42e9196f5ab665a2a6d99594246ab8a81
Details	sha256	1	062688aec1bdf1208bd72a77696e1fbcd1076f54bd6e59141ed12b6f8e3ba32c
Details	sha256	1	c7052f4676102bfe39ab19c227832861caa2959933e296ee1806973619948624
Details	sha256	1	781adc919a705ca3e8a82fe1d1eac68f651c50ba402172aea033eaec7879e932
Details	sha256	1	05fbd38ea0b99621d22ce5f057173fdec40f3dccd63f887e1c301766c6597714
Details	sha256	1	2135acda2d2739773fbb827e8d180ac901c040d2f071127bb597a714591672cd
Details	sha256	1	72b6a8bf9598bd445e26a04ab58be62ed3941fb1fe4cf4a094a6272a77b66009
Details	sha256	1	ba04eacaa80bb5da6b02e1e7fdf3775cf5a44a6179b2c142605e089d78a2f5b6
Details	sha256	1	a82dd93585094aeba4363c5aeedd1a85ef72c60a03738b25d452a5d895313875
Details	sha256	1	2f4a9ef2071ee896674e3da1a870d4efab4bb16e2e26ea3d7543d98b614ceab9
Details	sha256	1	77498f0ef4087175aa85ce1388f9d02d14aaf280e52ce7c70f50d3b8405fea9f
Details	sha256	1	b2d29bb9350a0df93d0918c0208af081f917129ee46544508f2e1cf30aa4f4ce
Details	sha256	1	bf2cdd1dc2e20c42d2451c83b8280490879b3515aa6c15ab297419990e017142
Details	sha256	1	a7656ccba0946d25a4efd96f4f4576494d5f1e23e6ad2acc16d2e684656a2d4f
Details	sha256	1	607b2f3fd1e73788a4d6f5a366c708dbb12d174eba9863ade0af89ca40e1fdba
Details	IPv4	2	176.9.117.194
Details	IPv4	1	95.70.244.209
Details	IPv4	1	13.228.224.121
Details	IPv4	1	54.241.31.99
Details	IPv4	1	103.31.4.11
Details	IPv4	1	103.31.4.54
Details	IPv4	1	198.41.128.74
Details	IPv4	1	198.41.128.55
Details	IPv4	1	131.0.72.36
Details	IPv4	1	131.0.72.59
Details	IPv4	1	188.114.96.87
Details	IPv4	1	188.114.96.116
Details	IPv4	1	43.250.192.98
Details	IPv4	1	43.250.192.87
Details	IPv4	1	217.160.231.125
Details	IPv4	1	208.91.197.25
Details	IPv4	1	184.168.221.42
Details	IPv4	1	103.224.248.219
Details	IPv4	1	31.31.196.120
Details	IPv4	1	217.160.223.93
Details	IPv4	1	184.168.221.45
Details	IPv4	1	119.28.87.235
Details	IPv4	7	23.227.38.32
Details	IPv4	2	50.63.202.39
Details	IPv4	24	216.239.34.21
Details	IPv4	1	83.243.58.172
Details	IPv4	1	5.9.41.178
Details	IPv4	1	88.198.26.25
Details	IPv4	1	62.75.189.110
Details	IPv4	1	109.239.101.62
Details	IPv4	1	107.186.67.4
Details	IPv4	1	184.168.221.63
Details	IPv4	1	45.55.154.177
Details	IPv4	1	104.28.2.169
Details	IPv4	1	202.56.240.5
Details	IPv4	1	89.163.255.171
Details	IPv4	1	185.243.114.111
Details	Url	1	https://uoibppop.tk/.
Details	Url	1	https://uoibppop.tk/clean
Details	Url	1	http://1292172017.rsc.cdn77.org/images/trpl.png
Details	Url	1	http://1292172017.rsc.cdn77.org//imtrack/strkp.png
Details	Url	1	https://1292172017.rsc.cdn77.org/images/trpl.png
Details	Url	2	https://1292172017.rsc.cdn77.org/imtrack/strkp.png
Details	Windows Registry Key	41	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKLM\Software\ZfjrAilGdH
Details	Windows Registry Key	1	HKLM\Software\ZfjrAilGdh\Lvt4wLGLMZ
Details	Windows Registry Key	1	HKLM\Software\ZfjrAilGdH\kCu2DZ9WI0
Details	Windows Registry Key	1	HKLM\Software\ZfjrAilGdH\4FLJBnefsN
Details	Windows Registry Key	1	HKLM\SOFTWARE\ZfjrAilGdH\194956
Details	Windows Registry Key	1	HKLM\SOFTWARE\ZfjrAilGdH\2177774
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\fbsjbdfhsv