Stealers December 2024 Threat Intel
Tags
cmtmf-attack-pattern: Application Layer Protocol Automated Exfiltration Command And Scripting Interpreter
maec-delivery-vectors: Watering Hole
attack-pattern: Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Credentials From Password Stores - T1555 Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Exfiltration Over C2 Channel - T1646 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Screen Capture - T1513 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Standard Application Layer Protocol - T1071 Automated Collection - T1119 Automated Exfiltration - T1020 Command-Line Interface - T1059 Data From Local System - T1005 Exfiltration Over Command And Control Channel - T1041 Powershell - T1086 Screen Capture - T1113 User Execution - T1204 Automated Collection Screen Capture User Execution
Show in Graph
Common Information
Type Value
UUID aada8c6f-905f-424a-bbb0-fc8d90c0c9a9
Fingerprint ac201851affb86d9
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 10, 2024, 10:01 a.m.
Added to db Dec. 10, 2024, 11:30 a.m.
Last updated Dec. 26, 2024, 9:59 a.m.
Headline Stealers December 2024 Threat Intel
Title Stealers December 2024 Threat Intel
Detected Hints/Tags/Attributes 81/3/181
Source URLs
Redirection Url
Details Redirection https://medium.com/@sdsec12/stealers-december-2024-threat-intel-644604e56bd2?source=rss------malware-5
Details Redirection https://sdsec12.com/stealers-december-2024-threat-intel-644604e56bd2?source=rss------cybersecurity-5
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fsdsec12.com%2Fstealers-december-2024-threat-intel-644604e56bd2%3Fsource%3Drss------cybersecurity-5
Details Source https://sdsec12.com/stealers-december-2024-threat-intel-644604e56bd2?gi=b342f4a977b9&source=rss------cybersecurity-5
Details Redirection https://medium.com/@sdsec12/stealers-december-2024-threat-intel-644604e56bd2?source=rss------cybersecurity-5
Details Redirection https://sdsec12.com/stealers-december-2024-threat-intel-644604e56bd2?source=rss------malware-5
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fsdsec12.com%2Fstealers-december-2024-threat-intel-644604e56bd2%3Fsource%3Drss------malware-5
Details Source https://sdsec12.com/stealers-december-2024-threat-intel-644604e56bd2?gi=40dcdf606b32&source=rss------malware-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Details sdsec12.com sdsec12.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1179 
any.run
Details Domain 1 
recipesbookhere.com
Details Domain 1 
meduzasol.xyz
Details Domain 1 
meduza-react.pages.dev
Details Domain 1 
151.plesk.page
Details Domain 8 
xoomep2.com
Details Domain 1 
privacypolicymobileappsclo.fun
Details Domain 7 
shetrn1.com
Details Domain 8 
shetrn2.com
Details Domain 7 
labudanka2.com
Details Domain 7 
gribidi2.com
Details Domain 1 
fast.dimagnific.ru
Details Domain 1 
42.102.43.sslip.io
Details Domain 1 
ng1.portableonline.online
Details Domain 1 
ng.portableonline.online
Details Domain 1 
173.plesk.page
Details Domain 1 
77.105.146.152.sslip.io
Details Domain 1 
79.137.194.188.sslip.io
Details Domain 1 
traffik-filtrados.info
Details Domain 1 
vosn.at
Details Domain 1 
www.stipamana.com
Details Domain 2 
crogtrt.com
Details Domain 1 
naourl.com
Details Domain 1 
blesblochem.com
Details Domain 1 
stipamana.com
Details Domain 1 
ghcopz.shop
Details Domain 1 
dvlref.online
Details Domain 1 
touxzw.ir
Details Domain 1 
ddrtot.shop
Details Domain 1 
dddotx.shop
Details Domain 1 
upknittsoappz.shop
Details Domain 1 
handyxczos.shop
Details Domain 1 
unseaffarignsk.shop
Details Domain 1 
liernessfornicsa.shop
Details Domain 6 
gstatic-node.io
Details Domain 1 
aloowforest.xyz
Details Domain 1 
speedtestip.xyz
Details Domain 1 
stoppublick.xyz
Details Domain 1 
many-verses.xyz
Details Domain 1 
worldofpoetry.xyz
Details Domain 1 
crazypictures.xyz
Details Domain 1 
skicloud-my.xyz
Details Domain 3 
solopodvip-my.xyz
Details Domain 1 
clonecloud-my.xyz
Details Domain 2 
2flowers-my.xyz
Details Domain 1 
vipcloud-my.xyz
Details Domain 1 
agustfreeday-my.xyz
Details Domain 2 
gservice-node.io
Details Domain 1 
flowers-my.xyz
Details Domain 1 
indicator.name
Details File 437 
c:\windows\system32\cmd.exe
Details File 4 
c:\users\admin\appdata\local\temp\file.exe
Details File 2340 
cmd.exe
Details File 1350 
explorer.exe
Details File 1357 
powershell.exe
Details sha256 1 
c9c30d0cc68bff295257d298e3cdcf2e24f13d1bbcd363efe8c7e18a23aa54d6
Details sha256 1 
34bf15220b0259eb2ed1d024f6e5e2ada2bd0a0501d0c1931e4097a787bb634b
Details sha256 1 
e5d7e8537578b6c2f2ad9d842c51fcda0535c82b4e84c52537afe852687aa5f2
Details sha256 1 
c611fe9b5ae81cc5cce3c7f428d98e082898ee4e76c8566100ac41527e4c9a18
Details sha256 1 
84aa07448596dc7dca2a967c27ca977b81de61164cadba5329992e4b8b35c5b1
Details sha256 1 
a2c102c31e5d952419c7f16428deda0a0165ef50954878d51e294eb575963165
Details sha256 1 
6e6656ae6250e35281bc76ad996849ad047f2013b633c00d49e2ff07e590a1c1
Details sha256 1 
39e4e2d97af7b2be0aa8806afbc4d4766bc057264f556733b392ffb766174dce
Details sha256 1 
3398ed7cffcc75371d831fda315805c714268c321c863f60c806ae73cfaae4cd
Details sha256 1 
27ba6d686db735916061498a56b3a43e4791ee455fabf4caed05db1929f28e6b
Details sha256 1 
85b1ce3f619ebeb3799acff17ee1356a7f3911e0b95f29b24111ae03fa2a03a0
Details sha256 1 
2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
Details sha256 1 
c330322b774eb263b008178ff707e13b843fd7df62445cca3c52356509c26f78
Details sha256 1 
c046027428e0fb93ae035e318138a2f8d6b5830bc81d825e2f0e8d72e827660c
Details sha256 1 
195a93f95cb67c7a9dec944517dadba693262322afef87c9db7ae1ce5dd13f45
Details sha256 1 
83f31c20b1e1819627874ca9eeb2a8b703e28656a581289821415963dcf596b8
Details sha256 1 
3439eaffe1dfd634b46a29ee7f0e938b5b05f9c784123a70b94f9f46aa370381
Details sha256 1 
0da91175e7d72a7ff2bcb3fd93f2ba7bbe4045f9c4dee5c9685c7fdf6da622a6
Details sha256 1 
863c6f56213c8ad53545da138711d3a558f73d2740909a31d10421b591985dbd
Details sha256 1 
111bfc19429a70bca535d79e63336e4c59c76adec83341a92ececd1e84982adb
Details sha256 1 
aa0ec85c50dd1c4db3a82290f988bf368afed99764c176c36b2db2e4c1eb6f4f
Details sha256 1 
7800195f1a9a7e6c04d66b85215f58ca240b9d6bb3f369d1ba8e150b95ae583c
Details sha256 1 
c0d568aea1efc72bd6fb3079466a466bb944c2da03d4f9aa4872ac6c0faab148
Details sha256 1 
b0b56a92786831c7512288ff06c7691b61290eb97959dbe7fcab9daeda0cf442
Details sha256 1 
e5d81f8b678103832260b0ad22972a6c28ae74d2d9ea26acb62f170497a5a96a
Details IPv4 1 
5.42.102.43
Details IPv4 1 
77.105.146.152
Details IPv4 1 
79.137.194.188
Details IPv4 3 
185.215.113.16
Details IPv4 1 
94.156.177.41
Details IPv4 2 
185.99.133.246
Details IPv4 6 
195.123.226.91
Details IPv4 4 
82.117.255.80
Details IPv4 2 
195.123.227.138
Details IPv4 1 
178.236.247.3
Details IPv4 1 
193.124.203.119
Details IPv4 9 
188.114.97.3
Details IPv4 1 
93.123.85.46
Details IPv4 1 
172.67.152.71
Details IPv4 1 
135.181.175.147
Details IPv4 1 
109.107.181.162
Details IPv4 1 
62.60.245.252
Details IPv4 1 
5.42.73.251
Details IPv4 1 
62.60.244.198
Details IPv4 1 
176.124.205.86
Details IPv4 1 
95.181.173.98
Details IPv4 3 
111.90.148.191
Details IPv4 1 
195.133.18.88
Details IPv4 1 
150.241.98.41
Details IPv4 1 
150.241.92.160
Details IPv4 1 
109.120.140.242
Details IPv4 1 
5.252.155.28
Details IPv4 1 
107.189.17.171
Details IPv4 1 
172.86.88.132
Details IPv4 2 
123.129.217.85
Details IPv4 2 
135.181.98.45
Details IPv4 1 
8.219.110.16
Details IPv4 1 
45.155.171.134
Details IPv4 2 
192.99.44.107
Details IPv4 2 
106.15.66.6
Details IPv4 1 
8.216.92.21
Details IPv4 1 
46.235.26.83
Details IPv4 1 
147.28.185.29
Details IPv4 1 
206.166.251.4
Details IPv4 1 
51.159.4.50
Details IPv4 1 
45.147.99.158
Details IPv4 1 
178.159.39.36
Details IPv4 8 
94.158.244.69
Details IPv4 8 
144.76.173.247
Details IPv4 2 
195.123.226.167
Details IPv4 7 
77.73.134.68
Details IPv4 1 
217.12.206.230
Details IPv4 5 
82.118.23.50
Details IPv4 5 
45.9.74.78
Details IPv4 219 
1.1.1.1
Details MITRE ATT&CK Techniques 460 
T1041
Details MITRE ATT&CK Techniques 480 
T1071
Details MITRE ATT&CK Techniques 188 
T1555
Details MITRE ATT&CK Techniques 562 
T1005
Details MITRE ATT&CK Techniques 743 
T1059
Details MITRE ATT&CK Techniques 241 
T1113
Details MITRE ATT&CK Techniques 118 
T1119
Details MITRE ATT&CK Techniques 112 
T1020
Details MITRE ATT&CK Techniques 469 
T1566
Details MITRE ATT&CK Techniques 435 
T1204
Details Url 1 
http://185.215.113.16/inc/final.exe
Details Url 1 
http://94.156.177.41/simple/five/fre.php
Details Url 1 
http://www.stipamana.com/dftjedrshyyj/panel/five/fre.php
Details Url 1 
http://crogtrt.com/rozay/pin.php
Details Url 1 
http://naourl.com/data/five/fre.php
Details Url 1 
http://blesblochem.com/two/gates1/fre.php
Details Url 1 
http://www.stipamana.com/hyjdftoimrs/panel/five/fre.php
Details Url 1 
https://www.stipamana.com/hyjdftoimrs/panel/five/fre.php
Details Url 1 
http://www.stipamana.com/vimrshyjdft/panel/five/fre.php
Details Url 1 
https://www.stipamana.com/vimrshyjdft/panel/five/fre.php
Details Url 1 
http://stipamana.com/redrshyjdft/panel/five/fre.php
Details Url 1 
http://ghcopz.shop/bish/pws/fre.php
Details Url 1 
https://ghcopz.shop/bish/pws/fre.php
Details Url 1 
http://www.stipamana.com/jedrshyyjdft/panel/five/fre.php
Details Url 1 
https://www.stipamana.com/jedrshyyjdft/panel/five/fre.php
Details Url 1 
http://94.156.177.41/kings/five/fre.php
Details Url 1 
https://dvlref.online/bish/pws/fre.php
Details Url 1 
http://touxzw.ir/sirr/five/fre.php
Details Url 1 
https://www.stipamana.com/dftjedrshyyj/panel/five/fre.php
Details Url 1 
http://94.156.177.41/soja/five/fre.php
Details Url 1 
http://ddrtot.shop/mv3/pws/fre.php
Details Url 1 
http://185.99.133.246/c2sock
Details Url 3 
http://195.123.226.91/c2sock
Details Url 1 
http://gstatic-node.io/c2sock
Details Url 1 
http://winhxxp.dll/c2sock
Details Url 1 
http://82.117.255.80/c2sock
Details Url 1 
http://aloowforest.xyz/c2sock
Details Url 1 
http://speedtestip.xyz/c2sock
Details Url 1 
http://stoppublick.xyz/c2sock
Details Url 1 
http://many-verses.xyz/c2sock
Details Url 1 
http://worldofpoetry.xyz/c2sock
Details Url 1 
http://crazypictures.xyz/c2sock
Details Url 1 
http://skicloud-my.xyz/c2sock
Details Url 1 
http://solopodvip-my.xyz/c2sock
Details Url 1 
http://clonecloud-my.xyz/c2sock
Details Url 1 
http://2flowers-my.xyz/c2sock
Details Url 1 
http://vipcloud-my.xyz/c2sock
Details Url 1 
http://agustfreeday-my.xyz/c2sock
Details Url 1 
http://gservice-node.io/c2sock
Details Url 1 
http://195.123.227.138/c2sock
Details Url 1 
http://flowers-my.xyz/c2sock