ioc[.]one - OSINT Cyber Threat Intelligence Database

MAR-10445155-1.v1 Truebot Activity Infects U.S. and Canada Based Networks | CISA

Tags

country:	Canada
maec-delivery-vectors:	Watering Hole
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	89ecf934-0719-4501-b42f-b8758daa746b
Fingerprint	961669d74f7b8393
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 6, 2023, noon
Added to db	Aug. 12, 2023, 1:30 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	MAR-10445155-1.v1 Truebot Activity Infects U.S. and Canada Based Networks
Title	MAR-10445155-1.v1 Truebot Activity Infects U.S. and Canada Based Networks \| CISA
Detected Hints/Tags/Attributes	50/3/17

Source URLs

	Redirection	Url
Details	Source	https://www.cisa.gov/news-events/analysis-reports/ar23-187a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	www.cisa.gov

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	85	✔	—	https://cisa.gov/uscert/ncas/analysis-reports.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	469		www.cisa.gov
Details	Domain	4		dremmfyttrred.com
Details	Domain	3		droogggdhfhf.com
Details	Domain	154		us-cert.cisa.gov
Details	Domain	84		malware.us-cert.gov
Details	Domain	84		ftp.malware.us-cert.gov
Details	Email	84		submit@malware.us-cert.gov
Details	File	1		3lxjyav6gf.exe
Details	File	1		c:\programdata as a randomly named 13 character file with a .json
Details	File	2		igtyxequcevam.json
Details	File	4		dns.php
Details	File	1		3lxjya6gf.exe
Details	sha256	3		7d75244449fb5c25d8f196a43a6eb9e453652b2185392376e7d44c21bd8431e7
Details	Url	43		http://www.cisa.gov/tlp.
Details	Url	53		https://us-cert.cisa.gov/forms/feedback
Details	Url	84		https://malware.us-cert.gov
Details	Yara rule	2		rule CISA_10445155_01 : TRUEBOT downloader { meta: Author = "CISA Code & Media Analysis" Incident = "10445155" Date = "2023-05-17" Last_Modified = "20230523_1500" Actor = "n/a" Family = "TRUEBOT" Capabilities = "n/a" Malware_Type = "downloader" Tool_Type = "n/a" Description = "Detects TRUEBOT downloader samples" SHA256 = "7d75244449fb5c25d8f196a43a6eb9e453652b2185392376e7d44c21bd8431e7" strings: $s1 = { 64 72 65 6D 6D 66 79 74 74 72 72 65 64 2E 63 6F 6D } $s2 = { 4E 73 75 32 4F 64 69 77 6F 64 4F 73 32 } $s3 = { 59 69 50 75 6D 79 62 6F 73 61 57 69 57 65 78 79 } $s4 = { 72 65 70 6F 74 73 5F 65 72 72 6F 72 2E 74 78 74 } $s5 = { 4C 6B 6A 64 73 6C 66 6A 33 32 6F 69 6A 72 66 65 77 67 77 2E 6D 70 34 } $s6 = { 54 00 72 00 69 00 67 00 67 00 65 00 72 00 31 00 32 } $s7 = { 54 00 55 00 72 00 66 00 57 00 65 00 73 00 54 00 69 00 66 00 73 00 66 } condition: 5 of them }