ioc[.]one - OSINT Cyber Threat Intelligence Database

New Capesand Exploit Kit Reuses Public Exploits, Tools

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	96e80933-147b-4a26-987b-35a47caa1d04
Fingerprint	f19119d48a0f61a3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 5, 2019, midnight
Added to db	Oct. 15, 2024, 10:42 p.m.
Last updated	Oct. 23, 2024, 12:33 a.m.
Headline	New Capesand Exploit Kit Reuses Public Exploits, Tools
Title	New Capesand Exploit Kit Reuses Public Exploits, Tools
Detected Hints/Tags/Attributes	54/2/33

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_nl/research/19/k/new-exploit-kit-capesand-reuses-old-and-new-public-exploits-and-tools-blockchain-ruse.html
Details	Source	https://www.trendmicro.com/en_no/research/19/k/new-exploit-kit-capesand-reuses-old-and-new-public-exploits-and-tools-blockchain-ruse.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	92	cve-2018-4878
Details	CVE	106	cve-2018-8174
Details	CVE	16	cve-2019-0752
Details	CVE	25	cve-2015-2419
Details	CVE	59	cve-2018-15982
Details	CVE	32	cve-2018-8120
Details	Domain	1	blockchainblog.club
Details	Domain	1	blockchainblogger.club
Details	Domain	1	shophandbag.store
Details	Domain	1	www.blockchainblogger.club
Details	File	3	landing.php
Details	File	1	mess.exe
Details	File	1	njcrypt.exe
Details	File	1	nvidiacatalysts.dll
Details	File	1	cyax_sharp.dll
Details	File	52	trojan.js
Details	File	4	trojan.swf
Details	File	19	trojan.html
Details	File	26	backdoor.msi
Details	sha256	1	6288de662d6dd1a57e99cf8b9259eef467c461e378d431fc53243ecede155b38
Details	sha256	1	a8391b08478ba333bfc7f377d5ee7b0a697b638e9987a6db614c7f192b22a384
Details	sha256	1	79f2250d10ebf83352b7715c30b60cecea14c7edd94fb164afb9353f4f91b038
Details	sha256	1	1f1bb98b7e4e23913ff25b50d1ffd44e6ef447053188eca255d9bd0378602625
Details	sha256	1	eb1be3f00e93a7dfcca563e564ab7d7319676161b56039f4968ceddf791d110a
Details	sha256	1	8e4d24eeb56d50d11338a65aef1e6a88d7ccf6ca347419963dd201f38ae6bcea
Details	sha256	1	559f23832f5b115fc6169ed7f9ac75518ec58b7f5d7206e9be4afc2ecfd7152f
Details	sha256	2	b00cc9a4292fc5cc4ae5371ea1615ec6e49ebaf061dc4eccde84a6f96d95747c
Details	IPv4	1	138.68.15.227
Details	IPv4	1	198.199.104.8
Details	IPv4	1	107.167.244.67
Details	Url	1	http://138.68.15.227/njcrypt.exe
Details	Url	1	http://198.199.104.8/njcrypt.exe
Details	Url	1	http://www.blockchainblogger.club/njcrypt.exe