ShadowGate Returns With Greenflash Sundown Exploit Kit
Tags
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 92c15d30-eded-4b87-b608-eebf0528a578
Fingerprint c6b111dc98e62203
Analysis status DONE
Considered CTI value 2
Text language
Published June 27, 2019, midnight
Added to db Jan. 18, 2023, 9:06 p.m.
Last updated Oct. 16, 2024, 2:06 a.m.
Headline ShadowGate Returns With Greenflash Sundown Exploit Kit
Title ShadowGate Returns With Greenflash Sundown Exploit Kit
Detected Hints/Tags/Attributes 48/1/12
Source URLs
Redirection Url
Details Source https://blog.trendmicro.com/trendlabs-security-intelligence/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit/
Details Source https://www.trendmicro.com/en_ie/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_ph/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_id/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_nl/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_au/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_be/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_in/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_se/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_my/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
Details Source https://www.trendmicro.com/en_hk/research/19/f/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Details trendmicro.com blog.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 92 
cve-2018-4878
Details CVE 59 
cve-2018-15982
Details Domain 2 
fastimage.site
Details Domain 1 
ad4989.world
Details Domain 2 
adsfast.site
Details Domain 1 
adsfast.info
Details Domain 1 
cdn-cloud.club
Details File 1 
hp_3.exe
Details File 1 
hp_6.exe
Details sha256 1 
aeb073b5ee2e083aba987c7fcaab7265aabe6e5e2cade821db6d46e406e21e95
Details sha256 1 
58002d0b8acd1a539503d8ea02ff398e7ad079e0b856087f0ca30d767588be4e
Details IPv4 10 
31.0.0.153