Remcos, DarkGate и BrockenDoor - SEC-1275-1
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Mshta - T1218.005 Mshta - T1170 |
Common Information
| Type | Value |
|---|---|
| UUID | b5499c72-2c78-4bdf-b2e0-38c49831b542 |
| Fingerprint | ff0e4beadd8bf57b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 4, 2024, midnight |
| Added to db | Dec. 4, 2024, 7:04 a.m. |
| Last updated | Dec. 17, 2024, 7:36 p.m. |
| Headline | Remcos, DarkGate и BrockenDoor |
| Title | Remcos, DarkGate и BrockenDoor - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 9/1/51 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/8346/remcos-darkgate-i-brockendoor/?mtm_campaign=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | remote.hipool.shop |
|
| Details | Domain | 3 | snastiisani.xyz |
|
| Details | Domain | 3 | tnecharise.biz |
|
| Details | Domain | 3 | tnecharise.me |
|
| Details | Domain | 3 | webkruzjevo.site |
|
| Details | Domain | 3 | weventlog.store |
|
| Details | Domain | 3 | winmetrica.info |
|
| Details | Domain | 3 | wmpssvc.online |
|
| Details | Domain | 3 | wuauserv.site |
|
| Details | Domain | 3 | wscsvc.online |
|
| Details | Domain | 3 | wmiadap.cfd |
|
| Details | Domain | 3 | wmiadap.sbs |
|
| Details | File | 496 | mshta.exe |
|
| Details | File | 5 | dvdplay.exe |
|
| Details | File | 1 | winmetrica.inf |
|
| Details | md5 | 2 | 081662478a85a8d5dc4c6191667b57c7 |
|
| Details | md5 | 2 | 0a7f371622896d6fe98ca4cecf384a77 |
|
| Details | md5 | 2 | 0cd75552f9f1750322e2660f5f4b12a0 |
|
| Details | md5 | 2 | 1bc0523bf62b072d7cb35fa5ba29bf67 |
|
| Details | md5 | 2 | 2faff746b3fa3fc39cee068c2f4b8225 |
|
| Details | md5 | 2 | 353302ef3297119ad7e15d131b85c04d |
|
| Details | md5 | 2 | 35bd6ff114bbaeaa1b8f959e00042a33 |
|
| Details | md5 | 2 | 3645826d1f2bf59e6fa71e22559676c7 |
|
| Details | md5 | 3 | 3dcdbae24c81bef32d5062d5210da238 |
|
| Details | md5 | 2 | 3e5cd6018e40bfb258087139f7922df9 |
|
| Details | md5 | 2 | 415a4f8f6f5a8fca2cd1d8a2db9cd299 |
|
| Details | md5 | 3 | 514d54cb28d40a67a47cdadfea5aadfb |
|
| Details | md5 | 2 | 582a296032901a28e2da9f024f90d4a0 |
|
| Details | md5 | 2 | 5b8f3cdc9f406d057e48ff5e33398719 |
|
| Details | md5 | 2 | 5f4b879537af29b224198d4e18399fe7 |
|
| Details | md5 | 2 | 6343560113d4fb9efe740f03b3d847f6 |
|
| Details | md5 | 2 | 6e1642ff15e966b4aabd8a7e7a62afb5 |
|
| Details | md5 | 2 | 8a6fb5adda210ed5df68755d4316e27b |
|
| Details | md5 | 2 | 943f0607da181651ef79fc5472fbb8e2 |
|
| Details | md5 | 2 | 9546ed5d05d71230c263cc04b5928a70 |
|
| Details | md5 | 2 | 96d09190247304c54a4b2235acd549bd |
|
| Details | md5 | 3 | a8e35c05fd6324119b719aca8ab85f57 |
|
| Details | md5 | 3 | bbd49c98771b26f571d19f852eb50032 |
|
| Details | md5 | 2 | c3d5c48e7e8cd11ab662dcb832088341 |
|
| Details | md5 | 2 | cab999df17597905d9fba571f4820e5c |
|
| Details | md5 | 2 | d947ebd975257261fc8e8f5dc9729a81 |
|
| Details | md5 | 2 | de7dcce6672e86154cab335e59885834 |
|
| Details | md5 | 2 | e48ca8c77bd1aade0267b31e5e5c4b16 |
|
| Details | md5 | 2 | ead0ad5a55ef4c64f1be4eba7b2793b9 |
|
| Details | md5 | 2 | eed9223ff9bc5a20f5fa6114aa9cc6be |
|
| Details | md5 | 2 | f3b658e97d4602729e2a4e4e5493ce29 |
|
| Details | IPv4 | 3 | 194.87.252.40 |
|
| Details | IPv4 | 3 | 194.87.252.74 |
|
| Details | IPv4 | 3 | 45.151.62.66 |
|
| Details | Url | 3 | http://wmiadap.cfd:6180/x |
|
| Details | Url | 3 | http://wmiadap.sbs:6180/x |