Malicious email campaign mimicking Swiss Financial Institutions: Retefe again (II)
Tags
| attack-pattern: | Direct Javascript - T1059.007 Mshta - T1218.005 Powershell - T1059.001 Connection Proxy - T1090 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | af54b991-32e8-49de-9b96-4eb4f64150dc |
| Fingerprint | 9413e4922ff92629 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 17, 2016, midnight |
| Added to db | Jan. 18, 2023, 7:32 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Some stuff about security.. |
| Title | Malicious email campaign mimicking Swiss Financial Institutions: Retefe again (II) |
| Detected Hints/Tags/Attributes | 37/1/42 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.angelalonso.es/2016/10/malicious-email-campaign-mimicking.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | bvq64y3wwg3zzguk.onion |
|
| Details | Domain | 1 | v7yxqrahkza3ewuv.onion |
|
| Details | Domain | 1 | cvxbceskbuvsic3i.onion |
|
| Details | Domain | 1 | a7j7f3rqdvoe5bav.onion |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 8 | chocolatey.org |
|
| Details | Domain | 5 | task.run |
|
| Details | Domain | 1 | ts.zip |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | p1.zip |
|
| Details | Domain | 1 | proxifier.com |
|
| Details | Domain | 1 | proxifierpe.zip |
|
| Details | Domain | 12 | dist.torproject.org |
|
| Details | Domain | 129 | api.ipify.org |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 2 | '7za.exe |
|
| Details | File | 42 | 7za.exe |
|
| Details | File | 1 | td.reg |
|
| Details | File | 1 | td.settings |
|
| Details | File | 1 | taskscheduler.log |
|
| Details | File | 51 | system.dat |
|
| Details | File | 1 | taskscheduler.exe |
|
| Details | File | 4 | rootfolder.reg |
|
| Details | File | 1 | ts.zip |
|
| Details | File | 8 | taskscheduler.dll |
|
| Details | File | 9 | t.zip |
|
| Details | File | 9 | 6.zip |
|
| Details | File | 33 | tor.exe |
|
| Details | File | 9 | 'mshta.exe |
|
| Details | File | 1 | p1.zip |
|
| Details | File | 1 | proxifierpe.zip |
|
| Details | File | 4 | proxifier.exe |
|
| Details | File | 1 | p_fold+'settings.ini |
|
| Details | File | 18 | settings.ini |
|
| Details | IPv4 | 1 | 0.2.8.6 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | Url | 1 | https://chocolatey.org/7za.exe |
|
| Details | Url | 1 | http://download-codeplex.sec.s-msft.com/download/release?projectname=taskscheduler&downloadid=1505290&filetime=131142250937900000&build=21031 |
|
| Details | Url | 1 | https://dist.torproject.org/torbrowser/6.0.4/tor-win32-0.2.8.6.zip |
|
| Details | Url | 1 | http://proxifier.com/distr/proxifierpe.zip |