ioc[.]one - OSINT Cyber Threat Intelligence Database

Underminer Exploit Kit: The More You Check The More Evasive You Become

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	9fb74fcc-2c4f-41c7-b889-c9ca34d25945
Fingerprint	af3455438b3f460b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 8, 2022, 6:48 a.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Underminer Exploit Kit: The More You Check The More Evasive You Become
Title	Underminer Exploit Kit: The More You Check The More Evasive You Become
Detected Hints/Tags/Attributes	57/2/30

Source URLs

	Redirection	Url
Details	Source	https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become

URL Provider

Details	Provider	Source level domain
Details	minerva-labs.com	blog.minerva-labs.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	vt.zip
Details	Domain	1	web.jsonpost.xyz
Details	Domain	1	web.xmlpost.xyz
Details	Domain	42	socprime.com
Details	Domain	10	www.aldeid.com
Details	Domain	604	www.trendmicro.com
Details	Domain	47	intel471.com
Details	File	4	aswhook.dll
Details	File	533	ntdll.dll
Details	File	2	licensing.exe
Details	File	172	dllhost.exe
Details	File	1	vt.zip
Details	File	3	ic.exe
Details	File	1	licencing.exe
Details	File	1	web.json
Details	File	40	web.xml
Details	File	1206	index.php
Details	sha256	1	7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe
Details	sha256	1	0fa23ba39a85ad3a28d71e1d50edc2c39046d2ffe36fb257e8953acee7726924
Details	sha256	1	eb0c56870fb482ff798dab0048ff1b8a7010f6ce6b769e9ffffc569070898624
Details	IPv4	1	169.197.142.162
Details	IPv4	1	194.124.213.221
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	Url	1	http://169.197.142.162/vt.zip
Details	Url	1	https://socprime.com/news/underminer-exploit-kit-delivers-hidden-mellifera-malware
Details	Url	1	https://www.aldeid.com/wiki/x86-assembly/instructions/rdtsc
Details	Url	1	https://www.trendmicro.com/vinfo/us/security/definition/exploit-kit
Details	Url	1	https://intel471.com/blog/information-stealer-ransomware-account-takeover
Details	Windows Registry Key	7	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run