ioc[.]one - OSINT Cyber Threat Intelligence Database

Common Malware Loaders - ReliaQuest

Tags

cmtmf-attack-pattern:	Code Injection Masquerading
country:	Canada Germany France South Korea Spain Laos Russia United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Models Artificial Intelligence - T1588.007 Code Injection - T1540 Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Impersonation - T1656 Ip Addresses - T1590.005 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Msbuild - T1127.001 Msiexec - T1218.007 Odbcconf - T1218.008 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Doppelgänging - T1055.013 Process Hollowing - T1055.012 Python - T1059.006 Rundll32 - T1218.011 Scheduled Task - T1053.005 Search Engines - T1593.002 Seo Poisoning - T1608.006 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Visual Basic - T1059.005 Template Injection - T1221 Tool - T1588.002 Vulnerabilities - T1588.006 Dll Side-Loading - T1073 Masquerading - T1036 Powershell - T1086 Process Doppelgänging - T1186 Process Hollowing - T1093 Rundll32 - T1085 Scheduled Task - T1053 Scripting - T1064 Masquerading Scripting

Show in Graph

Common Information

Type	Value
UUID	a94374a4-cb54-450c-95c8-5efa4f7564f1
Fingerprint	95a48979ad3f97f3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 13, 2024, 8 a.m.
Added to db	Aug. 31, 2024, 10:01 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Common Malware Loaders
Title	Common Malware Loaders - ReliaQuest
Detected Hints/Tags/Attributes	189/4/21

Source URLs

	Redirection	Url
Details	Source	https://www.reliaquest.com/blog/common-malware-loaders/

URL Provider

Details	Provider	Source level domain
Details	reliaquest.com	www.reliaquest.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	362	✔	Blog – ReliaQuest	https://www.reliaquest.com/blog/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	17	cve-2024-30051
Details	Domain	17	python.org
Details	File	269	msiexec.exe
Details	File	1018	rundll32.exe
Details	File	22	odbcconf.exe
Details	File	5	paexec.exe
Details	File	122	psexec.exe
Details	File	22	update.js
Details	File	376	wscript.exe
Details	File	1	931725d0.js
Details	File	2125	cmd.exe
Details	File	1	radefec4.tmp
Details	File	27	pythonw.exe
Details	File	1	rad1a736.tmp
Details	File	7	g.py
Details	IBM X-Force - Unattributed Threat Actor	11	Hive0127
Details	IPv4	2	128.254.207.82
Details	IPv4	1	92.118.112.208
Details	IPv4	1	194.36.209.227
Details	Mandiant Uncategorized Groups	15	UNC2565
Details	Url	1	https://dpb.catching.fishingrealinvestments