ioc[.]one - OSINT Cyber Threat Intelligence Database

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks - SentinelLabs

Tags

country:	Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566

Show in Graph

Common Information

Type	Value
UUID	924e6b19-8019-4885-a6dd-667ff86ef020
Fingerprint	b4318999688dd61a
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 1, 2021, midnight
Added to db	Sept. 11, 2022, 12:42 p.m.
Last updated	Nov. 18, 2024, 7:31 a.m.
Headline	NobleBaron \| New Poisoned Installers Could Be Used In Supply Chain Attacks
Title	NobleBaron \| New Poisoned Installers Could Be Used In Supply Chain Attacks - SentinelLabs
Detected Hints/Tags/Attributes	56/3/42

Source URLs

	Redirection	Url
Details	Source	https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	labs.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	scanclientupdate.zip
Details	Domain	5	doggroomingnews.com
Details	Domain	2	74d6b7b2.app.giftbox4u.com
Details	Domain	3	content.pcmsar.net
Details	Domain	5	hanproud.com
Details	Domain	1373	twitter.com
Details	File	4	filesystem.dll
Details	File	1	scanclientupdate.zip
Details	File	1	ekeyalmaz1c.dll
Details	File	27	computerdefaults.exe
Details	File	17	artifact.exe
Details	File	2	msdiskmountservice.dll
Details	File	1	app.gif
Details	File	2	diassvcs.dll
Details	File	3	graphicalcomponent.dll
Details	File	1	java_sre_runtime_update.dll
Details	md5	1	66534e53d8751a24a767221fed01268d
Details	md5	1	77605aa6bd6fb890b9b823bd7a3cc78b
Details	md5	1	e55d9f6300fa32458b909fded48ec2c9
Details	md5	1	600aceaddb22b9a1d6ae374ba7fc28c5
Details	md5	1	8ece22e6b6e564e3cbfb190bcbd5d3b9
Details	sha1	1	fc781887fd0579044bbf783e6c408eb0eea43485
Details	sha1	1	6114655cf8ddfd115156a1c450ba01e31887fabb
Details	sha1	1	247a32ebee0595605bab77fc6ff619f66740310b
Details	sha1	2	19a751ff6c5abd8e209f72add9cd35dd8e3af409
Details	sha1	1	95227f426d8c3f51d4b9a044254e67a75b655d6a
Details	sha256	2	3b94cc71c325f9068105b9e7d5c9667b1de2bde85b7abc5b29ff649fd54715c4
Details	sha256	1	5a9c48f49ab8eaf487cf57d45bf755d2e332d60180b80f1f20297b16a61aa984
Details	sha256	1	51b47cd3fc139e20c21897a00ac4e3b096380f939633233116514a1f2d9e63d5
Details	sha256	2	ca66b671a75bbee69a4a4d3000b45d5dc7d3891c7ee5891272ccb2c5aed5746c
Details	sha256	2	2a352380d61e89c89f03f4008044241a38751284995d000c73acf9cad38b989e
Details	sha256	2	776014a63bf3cc7034bd5b6a9c36c75a930b59182fe232535bb7a305e539967b
Details	sha256	4	a4f1f09a2b9bc87de90891da6c0fca28e2f88fd67034648060cef9862af9a3bf
Details	sha256	2	c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78
Details	IPv4	4	45.135.167.27
Details	IPv4	7	139.99.167.177
Details	Threat Actor Identifier - APT	666	APT29
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	https://twitter.com/malwarere/status/1398394028127932416
Details	Url	2	https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium
Details	Url	4	https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset
Details	Url	3	https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns