ioc[.]one - OSINT Cyber Threat Intelligence Database

PNG Steganography Hides Backdoor - Avast Threat Labs

Tags

country:	Cambodia Hong Kong Mexico Vietnam
attack-pattern:	Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Windows Service - T1543.003 Vulnerabilities - T1588.006 Connection Proxy - T1090 New Service - T1050 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	80bc01bb-9eff-4f77-bf94-31c0897e6daf
Fingerprint	2f8511110dc58a41
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 10, 2022, 12:15 p.m.
Added to db	Nov. 10, 2022, 1:37 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	PNG Steganography Hides Backdoor
Title	PNG Steganography Hides Backdoor - Avast Threat Labs
Detected Hints/Tags/Attributes	88/2/30

Source URLs

	Redirection	Url
Details	Source	https://decoded.avast.io/martinchlumecky/png-steganography/
Details	Source	https://decoded.avast.io/martinchlumecky/png-steganography/?utm_source=rss&utm_medium=rss&utm_campaign=png-steganography

URL Provider

Details	Provider	Source level domain
Details	avast.io	decoded.avast.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	100	✔	Avast Threat Labs	https://decoded.avast.io/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	14	content.dropboxapi.com
Details	Domain	6	api.dropboxapi.com
Details	Domain	1174	gmail.com
Details	Email	1	vershabelyanova1@gmail.com
Details	File	28	wlbsctrl.dll
Details	File	8	tsmsisrv.dll
Details	File	10	tsvipsrv.dll
Details	File	7	c:\windows\system32\wlbsctrl.dll
Details	File	1	c:\windows\system32\tsmsisrv.dll
Details	File	1	c:\windows\system32\tsvipsrv.dll
Details	File	4	vmguestlib.dll
Details	File	1	vmstatsprovider.dll
Details	File	1	jsprofile.jsp
Details	File	1260	explorer.exe
Details	File	1	ieproxy.dat
Details	File	1	iexplore.log
Details	File	1	sqmapi.dat
Details	File	2	time.txt
Details	File	96	rar.exe
Details	File	1	asia1dpt-pc-c.rar
Details	File	15	ettercap.exe
Details	sha256	2	29a195c5ff1759c010f697dc8f8876541651a77a7b5867f4e160fd8620415977
Details	sha256	2	9e1c5ff23cd1b192235f79990d54e6f72adbfe29d20797ba7a44a12c72d33b86
Details	sha256	2	af2907fc02028ac84b1af8e65367502b5d9af665ae32405c3311e5597c9c2774
Details	sha256	2	1413090eaa0c2dafa33c291eeb973a83deb5cbd07d466afaf5a7ad943197d726
Details	IPv4	1	192.168.100.99
Details	Url	7	https://content.dropboxapi.com/2/files/download
Details	Url	8	https://content.dropboxapi.com/2/files/upload
Details	Url	1	https://api.dropboxapi.com/2/files/delete_v2
Details	Url	2	https://api.dropboxapi.com/2/files/list_folder