ioc[.]one - OSINT Cyber Threat Intelligence Database

The Thin Line: Educational Tools vs. Malicious Threats - A Focus on The-Murk-Stealer - CYFIRMA

Tags

cmtmf-attack-pattern:	Masquerading
country:	Germany
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Bypass User Account Control - T1548.002 Clipboard Data - T1414 Credentials - T1589.001 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Credentials In Files - T1552.001 Domains - T1583.001 Domains - T1584.001 Execution Guardrails - T1480 Execution Guardrails - T1627 Exfiltration Over Alternative Protocol - T1639 File And Directory Discovery - T1420 Hardware - T1592.001 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 System Information Discovery - T1426 Network Denial Of Service - T1498 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Automated Collection - T1119 Bypass User Account Control - T1088 Clipboard Data - T1115 Credentials In Files - T1081 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Masquerading - T1036 Powershell - T1086 Screen Capture - T1113 System Information Discovery - T1082 Automated Collection Masquerading Screen Capture

Show in Graph

Common Information

Type	Value
UUID	a1fb787e-b6b7-49a9-bebf-bf55c637d8da
Fingerprint	b514389103f3af41
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 29, 2023, midnight
Added to db	Oct. 24, 2023, 1:07 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	The Thin Line: Educational Tools vs. Malicious Threats – A Focus on The-Murk-Stealer
Title	The Thin Line: Educational Tools vs. Malicious Threats - A Focus on The-Murk-Stealer - CYFIRMA
Detected Hints/Tags/Attributes	137/4/25

Source URLs

	Redirection	Url
Details	Source	https://www.cyfirma.com/outofband/the-thin-line-educational-tools-vs-malicious-threats-a-focus-on-the-murk-stealer/

URL Provider

Details	Provider	Source level domain
Details	cyfirma.com	www.cyfirma.com

Attributes

Details	Type	#Events	Value
Details	Domain	26	gofile.io
Details	File	1	themarkbuilder.exe
Details	File	1	pc_info.txt
Details	File	11	sitemanager.xml
Details	File	1	themurk.exe
Details	File	1	themurkbuilder.exe
Details	md5	1	de107229b7dcce9c8ff292a76b4d459f
Details	sha1	1	665b449dd635d939e96cf67be61d8bab02c17717
Details	sha256	1	ac11a21b82f999380b9a84cabd0f4c0c4b5ffc3278b127bfcdd4ae1b027dfba3
Details	IPv4	1	9.1.5.0
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	58	T1498
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	189	T1081
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	82	T1115
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	92	T1048