ioc[.]one - OSINT Cyber Threat Intelligence Database

DirtyMoe: Code Signing Certificate - Avast Threat Labs

Tags

country:	China Thailand Taiwan
attack-pattern:	Data Code Signing - T1553.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Software - T1592.002 Tool - T1588.002 Code Signing - T1116 Private Keys - T1145 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	82925edf-6259-42a1-9971-8565f237ffdc
Fingerprint	3d1dcb3f297e2594
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 17, 2021, 12:05 p.m.
Added to db	Sept. 11, 2022, 12:45 p.m.
Last updated	Oct. 15, 2024, 5:28 p.m.
Headline	DirtyMoe: Code Signing Certificate
Title	DirtyMoe: Code Signing Certificate - Avast Threat Labs
Detected Hints/Tags/Attributes	78/2/39

Source URLs

	Redirection	Url
Details	Source	https://decoded.avast.io/martinchlumecky/dirtymoe-3/

URL Provider

Details	Provider	Source level domain
Details	avast.io	decoded.avast.io

Attributes

Details	Type	#Events	Value
Details	Domain	1	cs-g2-crl.thawte.com
Details	Domain	6	crl3.digicert.com
Details	Domain	3	csc3-2010-crl.verisign.com
Details	File	1	linking.exe
Details	File	1	wfp_drive.sys
Details	File	1	denuvo64.sys
Details	File	1	logindrvs.sys
Details	File	1	wsap-filmora.dll
Details	File	1	slipdrv7.sys
Details	File	4	utorrent.exe
Details	File	1	rtdriver.sys
Details	File	1	slipdrv10.sys
Details	File	1	loginnpdrivex64.sys
Details	File	3	sbiedrv.sys
Details	File	1	slipdrv81.sys
Details	File	2	v4.exe
Details	File	1	ecdm.sys
Details	File	1	μtorrent.exe
Details	md5	1	3c5883bd1dbcd582ad41c8778e4f56d9
Details	md5	1	06b7aa2c37c0876ccb0378d895d71041
Details	md5	1	5f78149eb4f75eb17404a8143aaeaed7
Details	sha1	1	02a8dc8b4aead80e77b333d61e35b40fbbb010a0
Details	sha1	1	8564928aa4fbc4bbecf65b402503b2be3dc60d4d
Details	sha1	2	31e5380e1e0e1dd841f0c1741b38556b252e6231
Details	sha256	1	88d3b404e5295cf8c83cd204c7d79f75b915d84016473dfd82c0f1d3c375f968
Details	sha256	1	376f4691a80ee97447a66b1af18f4e0bafb1c185fbd37644e1713ad91004c7b3
Details	sha256	1	937bf06798af9c811296a5fc1a5253e5a03341a760a50cac67aefedc0e13227c
Details	sha256	1	b0214b8dfcb1cc7927c5e313b5a323a211642e9eb9b9f081612ac168f45bf8c2
Details	sha256	1	5a4ac6b7aab067b66bf3d2baacee300f7edb641142b907d800c7cb5fccf3fa2a
Details	sha256	1	da720ccafe572438e415b426033dacafba93ac9bd355ebdb62f2ff01128996f7
Details	sha256	1	15fe970f1be27333a839a873c4de0ef6916bd69284fe89f2235e4a99bc7092ee
Details	sha256	1	32484f4fbbecd6dd57a6077aa3b6ccc1d61a97b33790091423a4307f93669c66
Details	sha256	1	c93a9b3d943ed44d06b348f388605701dbd591dab03ca361efec3719d35e9887
Details	Microsoft Patch Numbers	2	KB5003690
Details	Pdb	1	f:\projects\c++\win7pgkill\amd64\logindrvs.pdb
Details	Pdb	1	f:\projects\c++\wfp\objfre_win7_amd64\amd64\wfp_drive.pdb
Details	Url	1	http://cs-g2-crl.thawte.com/thawtecsg2.crl
Details	Url	1	http://crl3.digicert.com/sha2-assured-cs-g1.crl
Details	Url	2	http://csc3-2010-crl.verisign.com/csc3-2010.crl