Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
Tags
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Bypass User Account Control - T1548.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Bypass User Account Control - T1088 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 9e177768-c6b5-48e6-983b-65ceb10cee23
Fingerprint 84343919adaa1693
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 9, 2023, midnight
Added to db Feb. 14, 2023, 2:57 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
Title Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
Detected Hints/Tags/Attributes 80/3/62
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_ph/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_th/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_nl/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_se/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_dk/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_ae/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_no/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_be/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_id/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_ie/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_gb/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_ca/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
Details Source https://www.trendmicro.com/en_fi/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 11 
cve-2015-2291
Details Domain 145 
api.telegram.org
Details Domain 3 
enigma.bot.net
Details Domain 4 
api.mylnikov.org
Details Domain 12 
discordapp.com
Details File 18 
trojanspy.msi
Details File 3 
contract.rar
Details File 2 
questions.txt
Details File 28 
word.exe
Details File 748 
kernel32.dll
Details File 146 
wininet.dll
Details File 37 
userenv.dll
Details File 34 
psapi.dll
Details File 59 
netapi32.dll
Details File 45 
mpr.dll
Details File 41 
wtsapi32.dll
Details File 2 
api-ms-win-core-processthreads-l1-1-0.dll
Details File 125 
ntoskrnl.exe
Details File 41 
rpcrt4.dll
Details File 291 
user32.dll
Details File 3 
api-ms-win-core-com-l1-1-0.dll
Details File 16 
cabinet.dll
Details File 185 
shell32.dll
Details File 47 
oleaut32.dll
Details File 86 
ole32.dll
Details File 533 
ntdll.dll
Details File 68 
mscoree.dll
Details File 229 
advapi32.dll
Details File 3 
updatetask.dll
Details File 1018 
rundll32.exe
Details File 2 
updattask.dll
Details File 8 
iqvw64.sys
Details File 9 
driver.sys
Details File 198 
msmpeng.exe
Details File 3 
iqvw64e.sys
Details File 256 
net.exe
Details File 2 
iocs-enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs-tm.txt
Details md5 1 
95b4de74daadf79f0e0eef7735ce80bc
Details md5 2 
1693D0A858B8FF3B83852C185880E459
Details md5 2 
1898ceda3247213c084f43637ef163b3
Details md5 2 
28ca7a21de60671f3b528a9e08a44e1c
Details md5 2 
28CA7A21DE60671F3B528A9E08A44E1C
Details md5 2 
50949ad2b39796411a4c7a88df0696c8
Details md5 2 
4DC2D57D9DB430235B21D7FB735ADF36
Details sha1 2 
5f1536f573d9bfef21a4e15273b5a9852d3d81f1
Details sha1 2 
d04e5db5b6c848a29732bfd52029001f23c3da75
Details sha1 2 
21f1cfd310633863babaafe7e5e892ae311b42f6
Details sha1 2 
67a502395fc4193721c2cfc39e31be11e124e02c
Details sha1 2 
98bf3080a85743ab933511d402e94d1bcee0c545
Details sha256 3 
658725fb5e75ebbcb03bc46d44f048a0f145367eff66c8a1a9dc84eef777a9cc
Details sha256 2 
3a1eb6fabf45d18869de4ffd773ae82949ef80f89105e5f96505de810653ed73
Details sha256 3 
03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23
Details sha256 3 
4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b
Details sha256 3 
d5b4c2c95d9610623e681301869b1643e4e2bf0adca42eac5d4d773b024fa442
Details sha256 3 
8dc192914e55cf9f90841098ab0349dbe31825996de99237f35a1aab6d7905bb
Details sha256 3 
4d2fb518c9e23c5c70e70095ba3b63580cafc4b03f7e6dce2931c54895f13b2c
Details IPv4 3 
193.56.146.29
Details Url 33 
https://api.telegram.org/bot
Details Url 2 
http://ip-api.com/line/?fields=hosting/content/dam/trendmicro/global/en/research/23/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs/iocs-enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs-tm.txt
Details Url 2 
https://api.mylnikov.org/geolocation/wifi?v=1.1
Details Url 2 
https://discordapp.com/api/v6/users
Details Windows Registry Key 2 
HKCU\SOFTWARE\Intel