ioc[.]one - OSINT Cyber Threat Intelligence Database

DNS Early Detection - Malicious Trojan Installers for WINSCP and PUTTY - Breaking the Kill Chain | Infoblox

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Command And Scripting Interpreter Obfuscated Files Or Information Process Injection Scheduled Task/Job
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Direct Acquire Infrastructure - T1583 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Dll Search Order Hijacking - T1574.001 Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Drive-By Compromise - T1456 Dynamic-Link Library Injection - T1055.001 Encrypted/Encoded File - T1027.013 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 File And Directory Permissions Modification - T1222 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Lateral Tool Transfer - T1570 Malicious File - T1204.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Native Api - T1575 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Python - T1059.006 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Search Engines - T1593.002 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Ssh - T1021.004 Windows File And Directory Permissions Modification - T1222.001 Windows Service - T1543.003 Whois - T1596.002 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Dll Search Order Hijacking - T1038 Dll Side-Loading - T1073 Drive-By Compromise - T1189 Execution Through Api - T1106 Obfuscated Files Or Information - T1027 Process Injection - T1055 Scheduled Task - T1053 Software Packing - T1045 User Execution - T1204 Drive-By Compromise User Execution

Show in Graph

Common Information

Type	Value
UUID	a7e5b03d-c9f1-4ca6-8db1-f6b55d632bed
Fingerprint	a08c2d4d0d8c8fa8
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 29, 2024, 2:26 p.m.
Added to db	Aug. 31, 2024, 1:52 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	DNS Early Detection – Malicious Trojan Installers for WINSCP and PUTTY – Breaking the Kill Chain
Title	DNS Early Detection - Malicious Trojan Installers for WINSCP and PUTTY - Breaking the Kill Chain \| Infoblox
Detected Hints/Tags/Attributes	108/3/34

Source URLs

	Redirection	Url
Details	Source	https://blogs.infoblox.com/threat-intelligence/dns-early-detection-malicious-trojan-installers-for-winscp-and-putty-breaking-the-kill-chain/

URL Provider

Details	Provider	Source level domain
Details	infoblox.com	blogs.infoblox.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	61	✔	Infoblox Blog	https://blogs.infoblox.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	puttyy.org
Details	Domain	1	puutty.org
Details	Domain	1	putyy.org
Details	Domain	1	vvinscp.net
Details	Domain	1	winnscp.net
Details	Domain	1	puttty.org
Details	Domain	14	www.infoblox.com
Details	Domain	36	media.defense.gov
Details	File	533	ntdll.dll
Details	File	208	setup.exe
Details	File	27	pythonw.exe
Details	File	6	python311.dll
Details	File	384	www.inf
Details	File	4	dns_uoo117652-21.pdf
Details	MITRE ATT&CK Techniques	22	T1583.008
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	59	T1059.006
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	20	T1222.001
Details	MITRE ATT&CK Techniques	70	T1574.001
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	13	T1027.013
Details	MITRE ATT&CK Techniques	59	T1055.001
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	472	T1486
Details	Url	4	https://www.infoblox.com/threat-intel
Details	Url	3	https://www.infoblox.com/products/bloxone-threat-defense
Details	Url	4	https://media.defense.gov/2021/mar/03/2002593055/-1/-1/0/csi_protective