Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 937a1aed-e240-409c-9ef8-023cc174a764
Fingerprint a7b5f295c82347c1
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 18, 2024, midnight
Added to db Nov. 18, 2024, 10:34 a.m.
Last updated Nov. 21, 2024, 7:10 p.m.
Headline Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices
Title Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices
Detected Hints/Tags/Attributes 93/2/9
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/24/k/water-barghest.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
ngioweb.su
Details Domain 4 
ultradomafy.net
Details File 1 
ngioweb_config_extractor.py
Details File 41 
jquery.js
Details sha256 1 
db1f96b20679f9fb9cbd96b242ab8530102c0105b64c83c3ae544f87594a6fa9
Details sha256 1 
c91795b59248562e44d6c07526c7ab89dfe45344293703a94a3ae5ff02eab5a4
Details IPv4 2 
1.19.9.1
Details IPv4 3 
195.154.43.182
Details Threat Actor Identifier - APT 794 
APT28