ioc[.]one - OSINT Cyber Threat Intelligence Database

DoNot Go! Do not respawn! | WeLiveSecurity

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Masquerading Obtain Capabilities Scheduled Task/Job
country:	Bangladesh Sri Lanka Nepal Pakistan Laos
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 Internal Spearphishing - T1534 Local Data Staging - T1074.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Process Discovery - T1424 Obtain Capabilities - T1588 Phishing - T1660 Phishing - T1566 Python - T1059.006 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Web Protocols - T1071.001 Template Injection - T1221 Web Protocols - T1437.001 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Data From Local System - T1005 Data From Removable Media - T1025 Data Staged - T1074 Exfiltration Over Alternative Protocol - T1048 Exploitation For Client Execution - T1203 Masquerading - T1036 Process Discovery - T1057 Rundll32 - T1085 Scheduled Task - T1053 Screen Capture - T1113 Spearphishing Attachment - T1193 User Execution - T1204 Masquerading Screen Capture Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	b19ef18a-fe77-4791-81c7-3ddef5f97b11
Fingerprint	f50c196b053bcfcb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 18, 2022, 11:30 a.m.
Added to db	June 1, 2023, 11:08 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	DoNot Go! Do not respawn!
Title	DoNot Go! Do not respawn! \| WeLiveSecurity
Detected Hints/Tags/Attributes	133/4/158

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/
Details	Source	https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/?test

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	sha1	1	623767bc142814ab28f8ec6590dc031e7965b9cd
Details	sha1	1	bb0c857908afc878caeec3a0da2cbb0a4fd4ef04
Details	sha1	1	6194e0eca5d494980df5b9ab5cea8379665ed46a
Details	sha1	1	acb4df8708d21a6e269d5e7ee5afb5168d7e4c70
Details	sha1	1	b38f3515e9b5c8f4fb78ad17c42012e379b9e99a
Details	sha1	1	60b2ade3b339de4eca9ec3ac1a04bdefc127b358
Details	sha1	1	468a04b358b780c9cc3174e107a8d898dde4b6de
Details	sha1	1	9dd042fc83119a02aab881edb62c5ea3947be63e
Details	sha1	1	25825268868366a31fa73095b0c5d0b696cd45a2
Details	sha1	1	540e7338725cbaa2f33966d5c1ae2c34552d4988
Details	sha1	1	526e5c25140f7a70ba9f643ada55ae24939d10ae
Details	sha1	1	89ed760d544cefc6082a3649e8079ec87425fe66
Details	sha1	1	9ca5512906d43eb9e5d6319e3c3617182bbf5907
Details	IPv4	2	80.255.3.67
Details	IPv4	2	37.48.122.145
Details	IPv4	2	37.120.198.208
Details	IPv4	2	51.38.85.227
Details	MITRE ATT&CK Techniques	60	T1588.005
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	83	T1534
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	34	T1025
Details	MITRE ATT&CK Techniques	49	T1074.001
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	22	T1048.003
Details	Threat Actor Identifier - APT-C	102	APT-C-35
Details	Threat Actor Identifier by Red Alert	38	SectorE02
Details	Url	1	https://request.soundedge.live/access/nasrzolofuju
Details	Url	1	https://request.soundedge.live/access/birkalirajliruajirjiairuai
Details	Url	1	https://share.printerjobs.xyz/id45sdjscj
Details	Url	1	https://submin.seasonsbackup.xyz/backup
Details	Url	1	https://manage.biteupdates.site
Details	CVE	375	cve-2017-11882
Details	Domain	114	eset.com
Details	Domain	2	request.soundedge.live
Details	Domain	2	share.printerjobs.xyz
Details	Domain	2	submin.seasonsbackup.xyz
Details	Domain	2	request.submitonline.club
Details	Domain	2	oceansurvey.club
Details	Domain	2	firm.tplinkupdates.space
Details	Domain	2	space.lovingallupdates.life
Details	Domain	3	soundvista.club
Details	Domain	2	request.resolverequest.live
Details	Domain	2	digitalresolve.live
Details	Domain	2	printersolutions.live
Details	Domain	2	packetbite.live
Details	Domain	2	biteupdates.live
Details	Domain	2	dataupdates.live
Details	Domain	2	info.printerupdates.online
Details	Domain	2	manage.biteupdates.site
Details	Email	69	threatintel@eset.com
Details	File	2	gedit.exe
Details	File	4	wuaupdt.exe
Details	File	2	lmpss.exe
Details	File	2	disc.exe
Details	File	1018	rundll32.exe
Details	File	2	rihana.exe
Details	File	1	%public%\music\rihana.exe
Details	File	1	%public%\music\acrobat.dll
Details	File	1	%public%\music\sidilieicaliei.bat
Details	File	249	schtasks.exe
Details	File	5	acrobat.dll
Details	File	61	systeminfo.exe
Details	File	1	%public%\music\janifer.bat
Details	File	1	%public%\music\troy\forbidden.exe
Details	File	1	%public%\music\gabriella\remember.exe
Details	File	2	remember.exe
Details	File	2	forbidden.exe
Details	File	2	serviceup.exe
Details	File	2	sdudate.exe
Details	File	2	srcot.exe
Details	File	1	%public%\music\symphony three variants of ndexid.exe
Details	File	2	upsvcsu.exe
Details	File	2	vbtr.dll
Details	File	1	%temp%\bcs01276.tmp
Details	File	1	%userprofile%\documents\msdn022.dll
Details	File	2	msdn022.dll
Details	File	5	winhlp.exe
Details	File	1	%appdata%\test.bat
Details	File	1	%userprofile%\inf\boost\ooo\nprint.exe
Details	File	1	%userprofile%\cursor\size\dates\winhlp.exe
Details	File	2	nprint.exe
Details	File	1	%userprofile%\remote\desk\apps innod.exe
Details	File	2	henos.dll
Details	File	2	javatemp.exe
Details	File	2	pytemp.exe
Details	File	2	plaapas.exe
Details	File	2	cdc.dll
Details	File	2	wbiosr.exe
Details	File	3	vdsc.exe
Details	File	2	wscs.exe
Details	File	2	hxedit.exe
Details	File	6	2020.doc
Details	File	2	bcs01276.tmp
Details	File	2	innod.exe
Details	File	3	prodot.exe
Details	File	3	apic.dll
Details	File	2	njhy65tg.dll
Details	File	2	ndexid.exe
Details	File	2	ertficial.dll
Details	File	2	msofficedll.dll
Details	File	2	sccmo.exe
Details	File	2	pscmo.exe
Details	File	6	21.doc
Details	File	2	ctlm.dll
Details	File	2	jptvbh.exe
Details	sha1	1	78e82f632856f293bda86d77d02df97edbcde918
Details	sha1	1	d9f439e7d9ee9450cd504d5791fc73da7c3f7e2e
Details	sha1	1	cf7a56fd0613f63418b9df3e2d7852fbb687be3f
Details	sha1	1	b2263a6688e512d90629a3a621b2ee003b1b959e
Details	sha1	1	13b785493145c85b005e96d5029c20accffe50f2
Details	sha1	1	e2a11f28f9511753698ba5cdbaa70e8141c9dfc3
Details	sha1	1	f67abc483ee2114d96a90fa0a39496c42ef050b5
Details	sha1	1	a71e70ba6f3cd083d20edbc83c72aa823f31d7bf
Details	sha1	1	e101fb116f05b7b69bd2caafd744149e540ec6e9
Details	sha1	1	89d242e75172c79e2f6fc9b10b83377d940ae649
Details	sha1	1	b42fefe2ab961055ea10d445d9bb0906144647ce
Details	sha1	1	b0704492382186d40069264c0488b65ba8222f1e
Details	sha1	1	1a6fbd2735d3e27ecf7b5dd5fb6a21b153facfdb
Details	sha1	1	cec2a3b121a669435847adacd214bd0be833e3ad
Details	sha1	1	cbc4ec0d89fa7a2ad1b1708c5a36d1e304429203
Details	sha1	1	9371f76527ca924163557c00329bf01f8ad9e8b7
Details	sha1	1	b427744b2781bc344b96907bf7d68719e65e9dcb
Details	sha1	1	a15d011bed98bce65db597ffd2d5fde49d46cfa2
Details	sha1	1	6ae606659f8e0e19b69f0cb61eb9a94e66693f35
Details	sha1	1	0290abf0530a2fd2dfb0de29248ba3cabb58d2ad
Details	sha1	1	66ba21b18b127daa47cb16ab1f2e9fb7de3f73e0
Details	sha1	1	79a5b10c5214b1a3d7ca62a58574346c03d54c58
Details	sha1	1	e423a87b9f2a6db29b3ba03ae7c4c21e5489e069
Details	sha1	1	f43845843d6e9fb4790bf70f1760843f08d43790
Details	sha1	1	4fa31531108cc68ff1865e2eb5654f7b3da8d820
Details	sha1	1	49e58c6de5245796aef992d16a0962541f1dae0c
Details	sha1	1	6f38532ccfb33f921a45e67d84d2796461b5a7d4
Details	sha1	1	fcfee44da272e6eb3fc2c071947df1180f1a8ae1
Details	sha1	1	7ddf48ab1cf99990cb61eeaeb3ed06ed8e70a81b
Details	sha1	1	dbc8fa70dfed7632ea21b9aaca07cc793712bff3
Details	sha1	1	cef05a2dab41287a495b9413d33f14d94a568c83
Details	sha1	1	e7375b4f37ecea77fda2cea1498cfb30a76bacc7
Details	sha1	1	771b4bea921f509fc37016f5fa22890ca3338a65
Details	sha1	1	f74e6c2c0e26997fdb4dd89aa3d8bd5b270637cc
Details	sha1	1	1917316c854af9da9ebdbd4ed4cbadf4fdcfa4ce
Details	sha1	1	6643acd5b07444d1b2c049bde61dd66beb0bd247
Details	sha1	1	9185defc6f024285092b563efa69ea410bd6f85b
Details	sha1	1	954cfec261fef2225acea6d47949d87eff9bab14
Details	sha1	1	7e9a4a13a76ccdec880618bff80c397790f3cff3
Details	sha1	1	bf183a1ec4d88034d2ac825278fb084b4cb21ead
Details	sha1	1	1faa4a52aa84edb6082dea66f89c05e0f8374c4c
Details	sha1	1	2f2ea73b5eaf9f47dcfb7bf454a27a3fbf253a1e
Details	sha1	1	39f92cbec05785bf9ff28b7f33906c702f142b90
Details	sha1	1	1352a8394ccce7491072aaac9d19ed584e607757