ioc[.]one - OSINT Cyber Threat Intelligence Database

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release - Microsoft Security Blog

Tags

cmtmf-attack-pattern:	Masquerading
country:	United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Code Signing - T1553.002 Credentials - T1589.001 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Code Signing - T1116 Masquerading - T1036 Mshta - T1170 Regsvr32 - T1117 Masquerading

Show in Graph

Common Information

Type	Value
UUID	80cf3091-fd06-45ad-b326-7b4be9b356dd
Fingerprint	bd7426630933a6c8
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 10, 2016, 2:12 p.m.
Added to db	Jan. 18, 2023, 9:18 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Large Kovter digitally-signed malvertising campaign and MSRT cleanup release
Title	Large Kovter digitally-signed malvertising campaign and MSRT cleanup release - Microsoft Security Blog
Detected Hints/Tags/Attributes	74/4/46

Source URLs

	Redirection	Url
Details	Source	https://cloudblogs.microsoft.com/microsoftsecure/2016/05/10/large-kovter-digitally-signed-malvertising-campaign-and-msrt-cleanup-release/

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	cloudblogs.microsoft.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	aefoopennypinchingpolly.com
Details	Domain	1	ahcakmbafocus.org
Details	Domain	1	ahxuluthscsa.org
Details	Domain	1	caivelitemind.com
Details	Domain	1	ierietelio.org
Details	Domain	1	paiyafototips.com
Details	Domain	1	rielikumpara.org
Details	Domain	1	siipuneedledoctor.com
Details	Domain	1	ziejaweleda.org
Details	Domain	155	yandex.com
Details	Domain	1	itgms.org
Details	Email	1	monty.ratliff@yandex.com
Details	File	9	flashplayer.exe
Details	File	1	89597dd177df3daa78f184fe87c4386c.html
Details	File	459	regsvr32.exe
Details	File	1122	svchost.exe
Details	File	56	iexplorer.exe
Details	File	1260	explorer.exe
Details	md5	1	89597dd177df3daa78f184fe87c4386c
Details	md5	1	c26b064b826f4c1aa6711b7698c58fc0
Details	md5	1	e0a31d6b58017428dd8c907b14ea334e
Details	md5	1	18ccf307730767c4620ae960555b9237
Details	md5	1	f6406681e0652e33562d013a8c5329b9
Details	md5	1	42b1b775945a4f21f6105df8e9c698c2
Details	md5	1	3767f655a462c4bf13ae83c5f7656af4
Details	md5	1	a14a38ebe3856766d55c1af35fb1681f
Details	md5	1	321f9b3717655e1886305f4ca01129ad
Details	md5	1	0966f977c6d319e838be9b2ceb689fbe
Details	md5	1	7214015e37750f3ee65d5054a5d1ff8a
Details	md5	1	74dccbc97e6bffbf05ee269adeaac7f8
Details	sha1	1	eafe025671e6264f603868699126d4636f6636c7
Details	sha1	1	0686c48fd59a899dfa9cbe181f8c52cbe8de90f0
Details	sha1	1	62690c0a5a9946f91855a476b7d92447e299c89a
Details	sha1	1	7a678fa58e310749362a432db9ff82aebfb6de62
Details	sha1	1	872d157c9c844636dda2f33be83540354e04f709
Details	sha1	1	37a8ad4a51b6f7b418c17abd8de9fc089a23125d
Details	sha1	1	cfebfe6d4065dd14493abeb0ae6508a6d874d809
Details	sha1	1	c48b21c854d6743c9ebe919bf1271cade9613890
Details	sha1	1	4df10be4b12f3c7501184097abee681a1045f2ed
Details	sha1	1	457f0f7fe85fb97841d748af04166f2a3e752efe
Details	sha1	1	36e81f09d2e1f9440433b080b056d3437a99a8e1
Details	Url	1	https://ahxuluthscsa.org/4792924404046/89597dd177df3daa78f184fe87c4386c.html
Details	Url	1	https://ahxuluthscsa.org/1092920552392/1092920552392/1461879398769944/flashplayer.exe
Details	Windows Registry Key	1	HKCU\software
Details	Windows Registry Key	1	HKLM\software
Details	Windows Registry Key	31	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet