ioc[.]one - OSINT Cyber Threat Intelligence Database

Like Father Like Son? New Mars Stealer

Tags

country:	Azerbaijan Belarus Kazakhstan Uzbekistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	b37f0b06-47e6-4bb2-a2ae-b50c7878d560
Fingerprint	bcbd8bd806bf9fa9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 22, 2022, 2:06 p.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 15, 2024, 12:36 p.m.
Headline	Like Father Like Son? New Mars Stealer
Title	Like Father Like Son? New Mars Stealer
Detected Hints/Tags/Attributes	72/3/24

Source URLs

	Redirection	Url
Details	Source	https://cyberint.com/blog/research/mars-stealer/

URL Provider

Details	Provider	Source level domain
Details	cyberint.com	cyberint.com

Attributes

Details	Type	#Events	Value
Details	Domain	5	siasky.net
Details	Domain	1	plik.root.gg
Details	Domain	1	anderd2w.beget.tech
Details	Domain	1	a0626884.xsph.ru
Details	Domain	1	panel.computer
Details	Domain	1	f0623459.xsph.rublitzhost.ga
Details	Domain	1	test.akadns9.ne
Details	File	101	gate.php
Details	File	44	freebl3.dll
Details	File	51	mozglue.dll
Details	File	71	nss3.dll
Details	File	41	softokn3.dll
Details	File	51	msvcp140.dll
Details	File	69	vcruntime140.dll
Details	File	104	sqlite3.dll
Details	File	1	boincportable_7_16_22.log
Details	sha256	1	dc52bd40b95294f98db602df36975e9c5a203a2648dd8ddc6748f2e678cc39a6
Details	sha256	1	2cfdba6fcd48a3047b93b72092061bf1fac2511f74f8c747215a7c3aaf2a9102
Details	sha256	1	a4d54f94d70dcb5a029d89dcd3bcda4bb5e3e0b909fbcad04bb5ed4d09459c7d
Details	sha256	1	031ebdaf0189694eec6b83ad26e8252547d843780563f54ec06a170f1c0e40d3
Details	IPv4	1	185.4.65.70
Details	IPv4	1	80.79.114.182
Details	Url	1	https://siasky.net/oac12bva5mdwqnv5jivan4k9aszmy1rmtxxcg7lughuf0a
Details	Url	1	https://plik.root.gg/file/7pi2xabikfrlmvfr/of2vn0eo1z0cgt2y/boincportable_7_16_22.log