Malware-Traffic-Analysis.net - 2023-01-03 - Google ad --> fake Notepad++ page --> Rhadamanthys Stealer
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 |
Common Information
| Type | Value |
|---|---|
| UUID | a00c0287-069b-4135-97cc-559d1ff48a4c |
| Fingerprint | b5b1717877648887 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 3, 2023, midnight |
| Added to db | Jan. 18, 2023, 11:28 p.m. |
| Last updated | Nov. 18, 2024, 4:35 a.m. |
| Headline | UNKNOWN |
| Title | Malware-Traffic-Analysis.net - 2023-01-03 - Google ad --> fake Notepad++ page --> Rhadamanthys Stealer |
| Detected Hints/Tags/Attributes | 18/1/25 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.malware-traffic-analysis.net/2023/01/03/index.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 2023-01-03-iocs-from-rhadamanthys-stealer-infection.txt.zip |
|
| Details | Domain | 1 | 2023-01-03-rhadamanthys-stealer-traffic.pcap.zip |
|
| Details | Domain | 1 | 2023-01-03-rhadamanthys-stealer-malware-and-artifacts.zip |
|
| Details | Domain | 2 | hasankahrimanoglu.com.tr |
|
| Details | Domain | 3 | noteepad.hasankahrimanoglu.com.tr |
|
| Details | Domain | 88 | app.any.run |
|
| Details | Domain | 75 | tria.ge |
|
| Details | File | 1 | 2023-01-03-iocs-from-rhadamanthys-stealer-infection.txt |
|
| Details | File | 38 | pcap.zip |
|
| Details | File | 1 | 2023-01-03-rhadamanthys-stealer-malware-and-artifacts.zip |
|
| Details | File | 2 | ing.php |
|
| Details | File | 2 | nottepaad_lastnewx32x64.zip |
|
| Details | File | 2 | noteppad_settupx32ix64.exe |
|
| Details | File | 1 | noteppad_settupx32ix64-carved.exe |
|
| Details | sha256 | 1 | 56840aba173e384469ea4505158eead4e7612c41caa59738fcf5efe9b2e10864 |
|
| Details | sha256 | 1 | 8d0e8bafffed28f5c709a99392f7ab42430635839f7aba92a01c956c10702c8f |
|
| Details | sha256 | 1 | af67a6bd0baf78191617c97aad2d21b7d6133e879c92c97b1b1345d629f79661 |
|
| Details | sha256 | 1 | c4b7e2de87630bde08e367c75d9a2b9ae79b1d4f03ee8014531239c9597efc2e |
|
| Details | IPv4 | 1 | 162.33.178.106 |
|
| Details | Url | 1 | https://www.googleadservices.com/pagead/aclk?sa=l&ai=dchcsewidiu-13kv8ahwke9qbha7uadwyabacggjvyq&ae=2&ohost=www.google |
|
| Details | Url | 1 | https://noteepad.hasankahrimanoglu.com.tr |
|
| Details | Url | 2 | https://noteepad.hasankahrimanoglu.com.tr/ing.php |
|
| Details | Url | 1 | https://app.any.run/tasks/96a0206a-5683-47c1-9804-04aff3c55228 |
|
| Details | Url | 1 | https://tria.ge/230103-tr9agsfb8w |
|
| Details | Url | 1 | http://162.33.178.106/gjntrrm/zznb2o.hgfq |