Targeted Malware Attacks on Crypto Enterprises
Tags
attack-pattern: Data Dll Side-Loading - T1574.002 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Dll Side-Loading - T1073
Show in Graph
Common Information
Type Value
UUID b0dbcc1e-c627-4c8f-a4f4-8a5479b8fb2a
Fingerprint 84c599110937170d
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 14, 2023, 8:22 p.m.
Added to db Feb. 14, 2023, 10:22 p.m.
Last updated Oct. 15, 2024, 9:39 p.m.
Headline Targeted Malware Attacks on Crypto Enterprises
Title Targeted Malware Attacks on Crypto Enterprises
Detected Hints/Tags/Attributes 70/1/23
Source URLs
Redirection Url
Details Source https://medium.com/@cryptoarmor/targeted-malware-attacks-on-crypto-enterprises-448d25ec5914?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 14 
od.lk
Details Domain 5 
strainservice.com
Details Domain 3 
cryptoarmor.net
Details Email 3 
info@cryptoarmor.net
Details File 1 
comparison.xls
Details File 2 
c:\programdata\microsoft media\ with the name vsdb688.tmp
Details File 2 
vsdb688.tmp
Details File 6 
logagent.exe
Details File 31 
wsock32.dll
Details File 2 
c:\programdata\microsoft media as vsdb688.tmp
Details File 15 
background.png
Details File 2 
tplink.exe
Details File 33 
duser.dll
Details File 2 
c:\users\user\appdata\roaming\dashboard_v2\tplink.exe
Details File 4 
hijackinglib.dll
Details File 1 
maliciouswsock32.dll
Details sha256 3 
a2d3c41e6812044573a939a51a22d659ec32aea00c26c1a2fdf7466f5c7e1ee9
Details sha256 2 
d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73
Details sha256 2 
8400f2674892cdfff27b0dfe98a2a77673ce5e76b06438ac6110f0d768459942
Details sha256 3 
e5980e18319027f0c28cd2f581e75e755a0dace72f10748852ba5f63a0c99487
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 24 
DEV-0139
Details Url 2 
https://od.lk/d/d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73/background.png
Details Url 3 
https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry