AlienFox Toolkit Targets Cloud Web Hosting Frameworks to Steal Credentials
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a2ac5b8a-7c5e-471c-863d-378d8d33f699 |
| Fingerprint | 3c9f9c53afb487c5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 31, 2023, 9:59 a.m. |
| Added to db | March 31, 2023, 12:29 p.m. |
| Last updated | Nov. 12, 2024, 6:58 a.m. |
| Headline | AlienFox Toolkit Targets Cloud Web Hosting Frameworks to Steal Credentials |
| Title | AlienFox Toolkit Targets Cloud Web Hosting Frameworks to Steal Credentials |
| Detected Hints/Tags/Attributes | 30/1/71 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 238 | ✔ | SOCRadar® Cyber Intelligence Inc. | https://socradar.io/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 4 | cve-2022-31279 |
|
| Details | Domain | 2 | s3lr.py |
|
| Details | Domain | 3 | awses.py |
|
| Details | Domain | 1 | ssh-smtp.py |
|
| Details | Domain | 2 | lar.py |
|
| Details | Domain | 2 | alienfoxv4.py |
|
| Details | Domain | 1 | cms.py |
|
| Details | Domain | 1 | 9fd73c.ingress-daribow.easywp.com |
|
| Details | Domain | 11 | rentry.co |
|
| Details | Domain | 9 | s1.ai |
|
| Details | File | 2 | s3lr.py |
|
| Details | File | 3 | awses.py |
|
| Details | File | 1 | ssh-smtp.py |
|
| Details | File | 2 | lar.py |
|
| Details | File | 2 | alienfoxv4.py |
|
| Details | File | 1 | cms.py |
|
| Details | File | 37 | 1.php |
|
| Details | File | 9 | s1.ai |
|
| Details | sha1 | 2 | c0184407dcbec911a325d41e9a9ef1dbed524fe5 |
|
| Details | sha1 | 2 | 41a2cab42a08adf93b5ada1eafb75d5b4f496853 |
|
| Details | sha1 | 2 | 3cb5b4182ef6e8174f87c8ed3551f91b72c47370 |
|
| Details | sha1 | 2 | 17592a2fdb8dae9c4c88f1fbf7e9c632129f98df |
|
| Details | sha1 | 2 | ab8d480c090ab8be0cdb0ff5bc0f59972845b125 |
|
| Details | sha1 | 2 | 15ade0df5b4e6a82ceec429a2673fd1ed011eb93 |
|
| Details | sha1 | 2 | aa8be80db30c4f5a49c3e75254ef6d0101c37987 |
|
| Details | sha1 | 2 | 064734bc43ee2d83e8a275293d17fc925620bba1 |
|
| Details | sha1 | 2 | 9381c30e29089639249e67b62f61c6df4869c6c1 |
|
| Details | sha1 | 2 | fd5228889cd12f343236f7d51c98fab4db6c4763 |
|
| Details | sha1 | 2 | fd3375553dda2347c0b383d8e800bfe4f93d3af0 |
|
| Details | sha1 | 2 | f4ef68d3d2b58a58a82e00ebeaaed556e03328af |
|
| Details | sha1 | 2 | 23abd146befe761337e5155a116138acf81331d9 |
|
| Details | sha1 | 2 | f5af939480fc86a086bc589047444b1c448ebb09 |
|
| Details | sha1 | 2 | ac265c12a4f08378e2519e290b0c45a1adc7156f |
|
| Details | sha1 | 2 | 74c4cfa0edae5e87001c901214789cb0f0087031 |
|
| Details | sha1 | 2 | ec5b2efe8eadfac7ceca545e25f06240bbf16960 |
|
| Details | sha1 | 2 | 9eb13d9a678cd2e78da41563b7461887ce5997b6 |
|
| Details | sha1 | 2 | 25bbda606c72e81fac9abe76e0f00f9cd12770e4 |
|
| Details | sha1 | 2 | e786fc1fdfcb7be28650383eb33cdf6c90f1d033 |
|
| Details | sha1 | 2 | 8e6e18ba7e251d31b46d17535010a8c583345b23 |
|
| Details | sha1 | 2 | b3559eeac9a9caa840cc96980fe0bbd1c7da37d3 |
|
| Details | sha1 | 2 | 40df29a738fd5cab0face169d8a8426dff7d2d10 |
|
| Details | sha1 | 2 | e663e24fc6aadbaae5bbf722a84097a6127f4066 |
|
| Details | sha1 | 2 | c2f51b44e26e4aca40beb887ac4d36f3e091e26a |
|
| Details | sha1 | 2 | 4266bdb139ae6d22ddf98501cc3af280aa488b42 |
|
| Details | sha1 | 2 | 329328dc57acece8c47ab5c73f7b9c7e4e09981a |
|
| Details | sha1 | 2 | fc08c15dfd6074d80e1f8d777fb49f8c14b4af20 |
|
| Details | sha1 | 2 | aa4672621f81f601882ad13f26d37dc8218bb06a |
|
| Details | sha1 | 2 | 07289c56e65a98a85bc794374949aae98b819823 |
|
| Details | sha1 | 2 | 4ab401d4c490460fd457151f643b5ec7e594cd41 |
|
| Details | sha1 | 2 | 7848e53133f4470c29e33ee6dd87f8f326c5fa38 |
|
| Details | sha1 | 2 | 7d7bad6282531521b9103817a38bff3a34b89428 |
|
| Details | sha1 | 2 | 15129436f5bab6c3eea9b2dfc4d0f0043438e013 |
|
| Details | sha1 | 2 | 15aec55e56225700766d79b6fb9d212cced21951 |
|
| Details | sha1 | 2 | ebdc60f33d22c4256ca6ab4058059db1d618ec11 |
|
| Details | sha1 | 2 | 894fd799168f9ff11e74ee37d5bec35387feef24 |
|
| Details | sha1 | 2 | 28de7d7fcd18471f53737fd8a3df3a23a34cf758 |
|
| Details | sha1 | 2 | 3ddb8dc53b6151ea036db3d2a5f34e5f5b39e044 |
|
| Details | sha1 | 2 | ceda47dd1aacc515d8bdda04299ab1ebf1ba0d73 |
|
| Details | sha1 | 2 | b8dc12cc600aced9d34c463c5bf5edb53db605fb |
|
| Details | sha1 | 2 | 45a0675088afdcf2ec059510fc2a4905957c2a69 |
|
| Details | sha1 | 2 | c3464926cf2075595c77dc5b3fbcf1f014c8046b |
|
| Details | sha1 | 2 | fc0479a3d1188384613f437f28e28614a6118e94 |
|
| Details | sha1 | 2 | 5c9993e5d7468551c60e6dab488eccea7f4ef007 |
|
| Details | sha1 | 2 | ece7e6727d2daa254e4d4a6be62744d6f3a2a2ef |
|
| Details | sha1 | 2 | afb7b010bafb9f7faf2b528f128ff24da94e0190 |
|
| Details | sha1 | 2 | 959e377131762ccb879c36c53e3b71473d3b72fd |
|
| Details | sha1 | 2 | 48afb7ac8fdf6a8da47601806a8028c61dad2eb7 |
|
| Details | Url | 2 | https://rentry.co/3cii9/raw |
|
| Details | Url | 1 | https://s1.ai/alienfox |
|
| Details | Yara rule | 1 | rule cw_androxgh0st_strings {
meta:
author = "Alex Delamotte @ SentinelLabs"
description = "Rule based on Androxgh0st file contents."
reference = "https://s1.ai/AlienFox"
strings:
$a = "asu = androxgh0st().get_aws_region(text)" ascii wide
$b = "nam = input(\x1b[1;37;40mInput Your List : )" ascii wide
$c = "def jembotngw2(sites):" ascii wide
$d = "def nowayngntd():" ascii wide
$e = "def makethread(jumlah):" ascii wide
condition:
any of them
} |
|
| Details | Yara rule | 1 | rule cw_boto_broad_persistence {
meta:
author = "Alex Delamotte @ SentinelLabs"
description = "Detect (Boto3 OR samples referencing Telegram channels) AND AWS persistence login
profile."
reference = "https://s1.ai/AlienFox"
strings:
$a = "boto3.client(ses"
$a1 = "https://t.me"
$b = "arn:aws:iam::aws:policy/AdministratorAccess"
$c = "iam.create_login_profile(UserName="
condition:
($a or $a1) and ($b or $c)
} |