ioc[.]one - OSINT Cyber Threat Intelligence Database

Resurgence of a Fake Captcha Malware Campaign

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Masquerading Scheduled Task/Job
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Software Discovery - T1418 Application Layer Protocol - T1437 Bypass User Account Control - T1548.002 Command And Scripting Interpreter - T1623 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Credentials In Files - T1552.001 Disable Windows Event Logging - T1562.002 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Impair Defenses - T1562 Impair Defenses - T1629 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 System Information Discovery - T1426 Mshta - T1218.005 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Regsvr32 - T1218.010 Rename System Utilities - T1036.003 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Software - T1592.002 Software Discovery - T1518 System Location Discovery - T1614 Windows Command Shell - T1059.003 Web Service - T1481 Unsecured Credentials - T1552 Standard Application Layer Protocol - T1071 Bypass User Account Control - T1088 Command-Line Interface - T1059 Credentials In Files - T1081 Hidden Window - T1143 Masquerading - T1036 Mshta - T1170 Powershell - T1086 Query Registry - T1012 Regsvr32 - T1117 Scheduled Task - T1053 Signed Binary Proxy Execution - T1218 System Information Discovery - T1082 System Owner/User Discovery - T1033 Web Service - T1102 User Execution - T1204 Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	af3c8d81-5273-42b4-b218-aa29c1fac78b
Fingerprint	ec4588f2e13fab68
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 12, 2025, 5:03 p.m.
Added to db	March 12, 2025, 6:54 p.m.
Last updated	March 20, 2025, 10:43 a.m.
Headline	Resurgence of a Fake Captcha Malware Campaign
Title	Resurgence of a Fake Captcha Malware Campaign
Detected Hints/Tags/Attributes	89/3/47

Source URLs

	Redirection	Url
Details	Source	https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/resurgence-of-a-fake-captcha-malware-campaign/

URL Provider

Details	Provider	Source level domain
Details	trustwave.com	www.trustwave.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	387	✔	SpiderLabs Blog	https://www.trustwave.com/en-us/rss/spiderlabs-blog/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	60d427489.kliplubuziy.shop
Details	Domain	64	file.read
Details	Domain	2	wirybringero.shop
Details	Domain	3	farmagrupodw.com
Details	Domain	2	www.suarakutim.com
Details	Domain	66	steamcommunity.com
Details	Domain	2	cryptocurrencytrends.click
Details	Domain	3	guardeduppe.com
Details	Domain	4	toppyneedus.biz
Details	File	2	ruke.mp4
Details	File	79	data.txt
Details	md5	2	e290ec7eeb84ea465f4d2e1441fec32d
Details	md5	2	322579b54e4c6fecabeee9cdb75233d8
Details	md5	2	d67ee7ae28a09bf7f6d33118a9d07527
Details	md5	2	17190c7e5163b5c115e3d470f568ee5f
Details	md5	2	218261DAA1AEBD5484B29BF7F959B57A
Details	IPv4	13	188.114.97.3
Details	IPv4	3	185.195.97.57
Details	IPv4	2	191.101.230.18
Details	IPv4	2	172.67.149.66
Details	MITRE ATT&CK Techniques	336	T1053.005
Details	MITRE ATT&CK Techniques	586	T1059.001
Details	MITRE ATT&CK Techniques	410	T1059.003
Details	MITRE ATT&CK Techniques	451	T1204.002
Details	MITRE ATT&CK Techniques	110	T1548.002
Details	MITRE ATT&CK Techniques	44	T1036.003
Details	MITRE ATT&CK Techniques	53	T1218.010
Details	MITRE ATT&CK Techniques	28	T1562.002
Details	MITRE ATT&CK Techniques	89	T1564.003
Details	MITRE ATT&CK Techniques	107	T1552.001
Details	MITRE ATT&CK Techniques	154	T1555.003
Details	MITRE ATT&CK Techniques	537	T1012
Details	MITRE ATT&CK Techniques	276	T1033
Details	MITRE ATT&CK Techniques	1117	T1082
Details	MITRE ATT&CK Techniques	204	T1518
Details	MITRE ATT&CK Techniques	62	T1614
Details	MITRE ATT&CK Techniques	515	T1071
Details	MITRE ATT&CK Techniques	135	T1571
Details	MITRE ATT&CK Techniques	167	T1102
Details	Url	2	https://60d427489.kliplubuziy.shop/e290ec7eeb84ea465f4d2e1441fec32d.stage
Details	Url	2	https://t.me/m08mbk
Details	Url	2	https://wirybringero.shop/api
Details	Url	2	https://farmagrupodw.com/temp/elated.exe
Details	Url	2	https://www.suarakutim.com/temp/wspconfig.rpm
Details	Url	2	https://www.suarakutim.com/temp/hosebird.rpm
Details	Url	15	https://steamcommunity.com/profiles/76561199724331900
Details	Url	2	https://steamcommunity.com/profiles/76561199820567237