ioc[.]one - OSINT Cyber Threat Intelligence Database

COMpfun authors spoof visa application with HTTP status-based Trojan

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Indirect Hardware - T1592.001 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	a5eb8fc3-6a22-4d00-8d5f-68d50744c28f
Fingerprint	be15bb182db300c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 14, 2020, 10 a.m.
Added to db	Sept. 11, 2022, 12:45 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	COMpfun authors spoof visa application with HTTP status-based Trojan
Title	COMpfun authors spoof visa application with HTTP status-based Trojan
Detected Hints/Tags/Attributes	62/2/19

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/compfun-http-status-based-trojan/96874/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	12		geoplugin.net
Details	Domain	7		json.gp
Details	Domain	95		ip-api.com
Details	Domain	1		telize.com
Details	File	11		ieframe.dll
Details	File	4		explorerframe.dll
Details	File	2126		cmd.exe
Details	File	119		smss.exe
Details	File	4		nis.exe
Details	File	8		spideragent.exe
Details	File	1		iea94e3.tmp
Details	md5	1		1BB03CBAD293CA9EE3DDCE6F054FC325
Details	md5	1		A6AFA05CBD04E9AF256D278E5B5AD050
Details	md5	1		a6afa05cbd04e9af256d278e5b5ad050
Details	md5	1		C8E9CEAD2E084F58A94AEDC14D423E1A
Details	sha256	1		710b0fafe5fd7b3d817cf5c22002e46e2a22470cf3894eb619f805d43759b5a3
Details	IPv4	1		95.183.49.10
Details	IPv4	1		95.183.49.29
Details	IPv4	1		200.63.45.35