ioc[.]one - OSINT Cyber Threat Intelligence Database

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086 Remote Access Tools - T1219

Show in Graph

Common Information

Type	Value
UUID	7ba6cc87-69f0-427b-bdc9-d32d0b156a85
Fingerprint	ac5028d70914fe62
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 12, 2024, midnight
Added to db	Sept. 12, 2024, 12:11 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
Title	Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
Detected Hints/Tags/Attributes	52/2/31

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html
Details	Source	https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	37	cve-2024-6670
Details	CVE	24	cve-2024-6671
Details	CVE	20	cve-2024-4885
Details	Domain	3	fedko.org
Details	Domain	339	system.net
Details	Domain	50	webhook.site
Details	File	9	nmpoller.exe
Details	File	1	c:\\programdata\\a.ps1
Details	File	20	setup.msi
Details	File	1	c:\\windows\\temp\\mssetup.msi
Details	File	9	a.ps1
Details	File	1	access-windows64-offline.exe
Details	File	1	c:\\programdata\\ftpd32.exe
Details	File	269	msiexec.exe
Details	File	1208	powershell.exe
Details	File	1	c:\programdata\a.ps1
Details	File	27	c:\windows\system32\msiexec.exe
Details	File	1	c:\windows\temp\mssetup.msi
Details	File	1	pua.ps1
Details	File	1	c:\programdata\ftpd32.exe
Details	sha256	3	6daa94a36c8ccb9442f40c81a18b8501aa360559865f211d72a74788a1bbf3ce
Details	sha256	3	f1c68574167eaea826a90595710e7ee1a1e75c95433883ce569a144f116e2bf4
Details	sha256	3	992974377793c2479065358b358bb3788078970dacc7c50b495061ccc4507b90
Details	IPv4	3	45.227.255.216
Details	IPv4	2	185.123.100.160
Details	Url	1	https://webhook.site/b6ef7410-9ec8-44f7-8cdf-7890c1cf5837','c:\\programdata\\a.ps1
Details	Url	3	http://45.227.255.216:29742/ddqcz2ckw8/setup.msi
Details	Url	3	https://fedko.org/wp-includes/id3/setup.msi
Details	Url	2	http://185.123.100.160/access/remote
Details	Url	1	http://185.123.100.160','c:\\programdata\\ftpd32.exe
Details	Url	3	https://webhook.site/b6ef7410-9ec8-44f7-8cdf-7890c1cf5837