ioc[.]one - OSINT Cyber Threat Intelligence Database

Continue to distribute malware related to cryptocurrency exchange

Tags

country:	China North Korea South Korea Singapore Turkey
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	9e228a6f-b589-494d-8ca5-456594dae6e2
Fingerprint	a006b97d8fe327c3
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 22, 2018, 12:06 a.m.
Added to db	Jan. 30, 2023, 4:32 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline
Title	Continue to distribute malware related to cryptocurrency exchange
Detected Hints/Tags/Attributes	44/2/78

Source URLs

	Redirection	Url
Details	Source	http://taylor-blog.issuemakerslab.com/2018/06/continue-to-distribute-malicious-code.html

URL Provider

Details	Provider	Source level domain
Details	issuemakerslab.com	taylor-blog.issuemakerslab.com

Attributes

Details	Type	#Events	Value
Details	Domain	4	falcancoin.io
Details	Domain	1	itaddnet.com
Details	Domain	2	tpddata.com
Details	Domain	1	wifispeedcheck.net
Details	Domain	1	sfacor.com
Details	Domain	1	www.marmarademo.com
Details	Domain	1	www.33cow.com
Details	Domain	1	www.97nb.net
Details	Domain	1	www.anlway.com
Details	Domain	1	arc.search
Details	Domain	1	www.apshenyihl.com
Details	Domain	1	www.ap8898.com
Details	Domain	1	www.aloe-china.com
Details	Domain	1	www.92myhw.com
Details	Domain	1	www.aisou123.com
Details	Domain	1	markcoprintandcopy.com
Details	Domain	1	aedlifepower.com
Details	Domain	1	919xy.com
Details	Domain	2	www.pakteb.com
Details	Domain	2	www.nuokejs.com
Details	Domain	2	www.qdbazaar.com
Details	Domain	145	www.us-cert.gov
Details	File	1260	explorer.exe
Details	File	2127	cmd.exe
Details	File	1	prof3.db
Details	File	1	prof6.db
Details	File	1	conf3.dat
Details	File	1	conf6.dat
Details	File	1	profile_2.dmg
Details	File	1	profile_4.dmg
Details	File	2	gcoin2.swf
Details	File	1	gcoin4.swf
Details	File	1	extend.php
Details	File	6	control.php
Details	File	1	sglistview.php
Details	File	26	class.php
Details	File	5	bottom.php
Details	File	1	inc_common.php
Details	File	11	common.php
Details	File	3	helper.php
Details	File	31	image.php
Details	File	23	about.php
Details	File	5	left.php
Details	File	9	footer.php
Details	md5	1	631f1c63ff87399e5e73c7d94d62532f
Details	md5	1	87e252e3da6c02bf531a6cfb788f122a
Details	md5	1	2898a8bb7cc7639b7bd1080f9ad00e79
Details	md5	1	2228fea495bee51dc88c1a0ed953450a
Details	md5	1	06cfc6cda57fb5b67ee3eb0400dd5b97
Details	md5	1	69ad5bd4b881d6d1fdb7b19939903e0b
Details	md5	1	cf09201f02f2edb9c555942a2d6b01d4
Details	md5	1	e8bf331858b173eac8bd2b2227821022
Details	md5	1	71c78b84f0153ba64d30ea986c3e682b
Details	md5	1	298a17c20a517dc02bc5388bc645837d
Details	md5	1	a43dfbfad77b5aa974cd475744ab8182
Details	md5	1	23f8a0c5efb2ca33e389e0a3d98c254e
Details	md5	1	912f87392a889070dbb1097a82ccd93f
Details	md5	1	778a7ed1aa3ce2d8eb719765cac3c166
Details	md5	1	eb6275a24d047e3be05c2b4e5f50703d
Details	md5	1	a6d1424e1c33ac7a95eb5b92b923c511
Details	md5	1	aa7f506b0c30d76557c82dba45116ccc
Details	md5	1	786124b0d0845785c0d156e400ff3e8d
Details	md5	1	667cf9e8ec1dac7812f92bd77af702a1
Details	md5	1	361c2c5be75439dda958daa6032cab49
Details	md5	1	a7c804b62ae93d708478949f498342f9
Details	md5	1	86685ec8c3c717aa2a9702e2c9dec379
Details	Url	1	https://itaddnet.com/res/prof3.db
Details	Url	1	https://itaddnet.com/res/prof6.db
Details	Url	1	https://tpddata.com/skins/skin-8.thm
Details	Url	1	https://tpddata.com/skins/skin-6.thm
Details	Url	1	https://wifispeedcheck.net/upload/conf3.dat
Details	Url	1	https://wifispeedcheck.net/upload/conf6.dat
Details	Url	1	https://sfacor.com/upload/profile_2.dmg
Details	Url	1	https://sfacor.com/upload/profile_4.dmg
Details	Url	2	https://tpddata.com/flash/gcoin2.swf
Details	Url	2	https://tpddata.com/flash/gcoin4.swf
Details	Url	1	https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant
Details	Url	3	https://www.us-cert.gov/hidden-cobra-north-korean-malicious-cyber-activity