DangerousPassword attacks targeting developers’ Windows, macOS, and Linux environments - JPCERT/CC Eyes
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | ac43e331-07a9-49a7-b437-e99cd9cf260f |
| Fingerprint | 84b42bd9ed97b08e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 19, 2023, midnight |
| Added to db | July 19, 2023, 9:01 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | JPCERT/CC Eyes |
| Title | DangerousPassword attacks targeting developers’ Windows, macOS, and Linux environments - JPCERT/CC Eyes |
| Detected Hints/Tags/Attributes | 50/2/48 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 62 | ✔ | JPCERT/CCブログ 英語版 | https://blogs.jpcert.or.jp/en/atom.xml | 2024-08-30 22:08 |
| Details | 99 | ✔ | Cyware News - Latest Cyber News | https://cyware.com/allnews/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | builder.py |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 2 | tmp.py |
|
| Details | Domain | 1 | expressjs.com |
|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 1 | app.developcore.org |
|
| Details | Domain | 1 | pkginstall.net |
|
| Details | Domain | 3 | www.git-hub.me |
|
| Details | Domain | 1 | checkdevinc.com |
|
| Details | File | 674 | node.js |
|
| Details | File | 5 | builder.py |
|
| Details | File | 7 | devobj.dll |
|
| Details | File | 30 | rdpclip.exe |
|
| Details | File | 13 | log.tmp |
|
| Details | File | 2 | tmp.py |
|
| Details | File | 1 | route.js |
|
| Details | File | 7 | request.js |
|
| Details | File | 25 | server.js |
|
| Details | File | 3 | spear-phishing-against-cryptocurrency-businesses.html |
|
| Details | File | 3 | dangerouspassword.html |
|
| Details | Github username | 1 | mnooner256 |
|
| Details | sha256 | 1 | 118c1187c5b37ab9c4f9f39500d777c0a914c379d853439608157379dcb71772 |
|
| Details | sha256 | 1 | 35b4550050748c54faad1e5883c281f29c08e817cc193432e7b9b43124a7962a |
|
| Details | sha256 | 1 | 575e852a1f24e84dacec9892042f2d2c1668bd836f9f5b03ed447f68caa7b612 |
|
| Details | sha256 | 1 | e0891a1bfa5980171599dc5fe31d15be0a6c79cc08ab8dc9f09ceec7a029cbdf |
|
| Details | sha256 | 1 | 2eea41eefdc11f9fb7607fc4ef90f76ef03b119eda8ee35ebff37b345f559e0e |
|
| Details | sha256 | 1 | 474c8a5ba3614cca1c48f34df73bfad753a95a67998485696391499d9bdba430 |
|
| Details | sha256 | 1 | 1599f7365db421e4fe07a169309624e7e25d4f28cd1b101d340d54d66b6eb921 |
|
| Details | sha256 | 1 | 528ac7bdd56a6e7ff515c6e0936db66c987e731482845dcd64a96af0f42fc95a |
|
| Details | sha256 | 1 | 56c6ab0083cf7edae7491e9c49b0cd9b4bb6b1fb61b5facf9ddb034ea69125f7 |
|
| Details | sha256 | 1 | a7b0fa9c724e7837da97dc9c48ba76b22759e514afc305d43e87a69fa9089d4c |
|
| Details | sha256 | 2 | 39bbc16028fd46bf4ddad49c21439504d3f6f42cccbd30945a2d2fdb4ce393a4 |
|
| Details | sha256 | 2 | 5fe1790667ee5085e73b054566d548eb4473c20cf962368dd53ba776e9642272 |
|
| Details | sha256 | 1 | 84bfc8c5bdba5b4eaa885af5e698382dd6baa0bf8da967c0716a0a6fce3e742a |
|
| Details | sha256 | 1 | 67a0f25a20954a353021bbdfdd531f7cc99c305c25fb03079f7abbc60e8a8081 |
|
| Details | sha256 | 1 | 37850b6a422479e95e9fb856f3541a36cfd753070e2d10c7362f328231af5370 |
|
| Details | sha256 | 3 | aa951c053baf011d08f3a60a10c1d09bbac32f332413db5b38b8737558a08dc1 |
|
| Details | sha256 | 2 | 6d3eff4e029db9d7b8dc076cfed5e2315fd54cb1ff9c6533954569f9e2397d4c |
|
| Details | sha256 | 2 | 951039bf66cdf436c240ef206ef7356b1f6c8fffc6cbe55286ec2792bf7fe16c |
|
| Details | sha256 | 3 | d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8 |
|
| Details | Url | 1 | https://github.com/mnooner256/pyqrcode |
|
| Details | Url | 1 | https://expressjs.com |
|
| Details | Url | 1 | https://blogs.jpcert.or.jp/en/2019/07/spear-phishing-against-cryptocurrency-businesses.html |
|
| Details | Url | 1 | https://blogs.jpcert.or.jp/en/2023/05/dangerouspassword.html |
|
| Details | Url | 2 | https://www.bitdefender.com/blog/labs/fragments-of-cross-platform-backdoor-hint-at-larger-mac-os-attack |
|
| Details | Url | 1 | https://www.elastic.co/jp/security-labs/inital-research-of-jokerspy |
|
| Details | Url | 2 | https://www.sentinelone.com/blog/jokerspy-unknown-adversary-targeting-organizations-with-multi-stage-macos-malware |