How a Malicious Application Used a Game Demo to Deliver an Infostealer
Tags
attack-pattern: | Data Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Windows Management Instrumentation - T1047 |
Common Information
Type | Value |
---|---|
UUID | 853d1b2a-bd8b-4cc1-be31-a0cb4269fe70 |
Fingerprint | 3404885a6d070571 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 20, 2024, 6:20 p.m. |
Added to db | Dec. 21, 2024, 4:22 a.m. |
Last updated | Dec. 22, 2024, 12:40 p.m. |
Headline | How a Malicious Application Used a Game Demo to Deliver an Infostealer |
Title | How a Malicious Application Used a Game Demo to Deliver an Infostealer |
Detected Hints/Tags/Attributes | 27/1/10 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1 | playarenawars.pages.dev |
|
Details | Domain | 53 | file.io |
|
Details | Domain | 88 | mega.nz |
|
Details | Domain | 1 | ageoneverdownx.com |
|
Details | File | 2 | passwords.db |
|
Details | File | 110 | passwords.txt |
|
Details | File | 1 | %userprofile%\appdata\local\programs\arenawars\passwords.txt |
|
Details | IPv4 | 1 | 143.244.215.221 |
|
Details | IPv4 | 1 | 172.67.160.130 |
|
Details | Url | 1 | https://playarenawars.pages.dev/. |