ioc[.]one - OSINT Cyber Threat Intelligence Database

Злоумышленники используют MacroPack для развертывания полезных нагрузок Brute Ratel, Havoc и PhantomCore - SEC-1275-1

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	a2a4a2c0-a29c-4082-9653-3dd923246b4d
Fingerprint	6e588ff940a2da78
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 16, 2024, midnight
Added to db	Sept. 16, 2024, 3:21 p.m.
Last updated	Nov. 17, 2024, 4:49 p.m.
Headline	Злоумышленники используют MacroPack для развертывания полезных нагрузок Brute Ratel, Havoc и PhantomCore
Title	Злоумышленники используют MacroPack для развертывания полезных нагрузок Brute Ratel, Havoc и PhantomCore - SEC-1275-1
Detected Hints/Tags/Attributes	14/1/42

Source URLs

	Redirection	Url
Details	Source	https://1275.ru/ioc/3917/zloumyshlenniki-ispolzuyut-macropack-dlya-razvertyvaniya-poleznyh-nagruzok-brute-ratel-havoc-i-phantomcore/?mtm_campaign=rss

URL Provider

Details	Provider	Source level domain
Details	1275.ru	1275.ru

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	8	✔	Архивы IOC - SEC-1275-1	https://1275.ru/ioc/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	api.wilbderreis.ru
Details	Domain	3	dns1.s-logistics.net
Details	Domain	3	dns2.s-logistics.net
Details	Domain	3	td.tula-steel.ru
Details	Domain	99	qq.com
Details	Domain	3	d1209brpqetpa4.cloudfront.net
Details	Domain	3	d2v6ycjbdzo6ui.cloudfront.net
Details	Domain	3	d2wpc9lcvgj680.cloudfront.net
Details	Domain	3	d2z6sfzo660xrm.cloudfront.net
Details	Domain	3	d3qrqtfazjdt5i.cloudfront.net
Details	Domain	3	share.dedesignanddev.com
Details	File	32	image.jpg
Details	File	2	id.php
Details	File	1	c8d984.php
Details	md5	3	ab735a258a90e8e1f3e3dcf231bf53a9
Details	sha256	3	0cf1e59bae9dba7fbbf6ee6a36ca6bdb8fa0ac002b8cf824bd0888789a981c57
Details	sha256	3	2131de0cb705afa52f88ef70a87ee6c8662d38db0138efc4940218ee62d8a296
Details	sha256	3	2c0a66c6370b4aa88ab3805d520e868cbc513b43119958257a72c9ff58ef241c
Details	sha256	3	80731db97c33b50cd3d8727decec7e6a12bbf5f671527648c4cbb559fabc3074
Details	sha256	3	93df1d60edd6b656b08e0fc0d31b330fd275f5e1a9069dfbb769e7ba217fcb6e
Details	sha256	3	b5608e73eb460944d9b523a940d94c95d3eb66d6a8efe82462e2589ccfaadb82
Details	sha256	3	cbafcf65b40d95e4699859a523ef4d300c57f93de6fbc6e194d1b922e9f3aba6
Details	sha256	3	e1ee389b2af2d3a0eff4aa14f2ac3de6cdd4a73de80b5d450a44ec69cd332dbf
Details	IPv4	3	122.114.10.239
Details	IPv4	3	122.114.166.92
Details	IPv4	3	122.114.141.214
Details	Url	3	http://122.114.10.239/edcvfr
Details	Url	3	http://122.114.10.239/qazxsw
Details	Url	3	http://122.114.166.92/collectors/3.0/settings/mail
Details	Url	3	http://td.tula-steel.ru/en/image.jpg
Details	Url	3	https://122.114.141.214/qq.com/ab735a258a90e8e1f3e3dcf231bf53a9/mail
Details	Url	3	https://d1209brpqetpa4.cloudfront.net/hubsextension/browse/resourcetype/id.php
Details	Url	3	https://d1209brpqetpa4.cloudfront.net/hubsextension/resource/type/c8d984.php
Details	Url	3	https://d2v6ycjbdzo6ui.cloudfront.net/hubsextension/browse/resourcetype/id.php
Details	Url	3	https://d2v6ycjbdzo6ui.cloudfront.net/hubsextension/resource/type/c8d984.php
Details	Url	3	https://d2wpc9lcvgj680.cloudfront.net//hubsextension/resource/type/c8d984.php
Details	Url	3	https://d2wpc9lcvgj680.cloudfront.net/hubsextension/browse/resourcetype/id.php
Details	Url	3	https://d2z6sfzo660xrm.cloudfront.net/hubsextension/browse/resourcetype/id.php
Details	Url	3	https://d2z6sfzo660xrm.cloudfront.net/hubsextension/resource/type/c8d984.php
Details	Url	3	https://d3qrqtfazjdt5i.cloudfront.net/hubsextension/browse/resourcetype/id.php
Details	Url	3	https://d3qrqtfazjdt5i.cloudfront.net/hubsextension/resource/type/c8d984.php
Details	Url	1	https://share.dedesignanddev.com/datadoc