ioc[.]one - OSINT Cyber Threat Intelligence Database

Sednit: What’s going on with Zebrocy? | WeLiveSecurity

Tags

country:	Germany United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Credentials - T1589.001 Email Addresses - T1589.002 Mail Protocols - T1071.003 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Logon Scripts - T1037 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	b5b68c40-8bf1-4d7b-a8db-d6a9cf4b27d2
Fingerprint	ae05189b2db58edb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 20, 2018, 5:34 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Sednit: What’s going on with Zebrocy?
Title	Sednit: What’s going on with Zebrocy? \| WeLiveSecurity
Detected Hints/Tags/Attributes	88/3/68

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	14	application.run
Details	Domain	2	this.run
Details	Domain	1	lenor.id
Details	Domain	10	post.cz
Details	Domain	285	microsoft.net
Details	Domain	2	ambcomission.com
Details	Domain	27	seznam.cz
Details	Domain	1	sednit.ch
Details	Email	2	sym777.g@post.cz
Details	Email	2	kae.mezhnosh@post.cz
Details	Email	2	kevin30@ambcomission.com
Details	Email	2	rishit333@ambcomission.com
Details	Email	1	salah444@ambcomission.com
Details	Email	1	karakos3232@seznam.cz
Details	Email	1	antony.miloshevich128@seznam.cz
Details	Email	2	tomasso25@ambcomission.com
Details	Email	1	carl.dolzhek17@post.cz
Details	Email	1	shinina.lezh@post.cz
Details	Email	1	p0tr4h4s7a@post.cz
Details	File	1	scanpass_qxwegrfgcvt_323803488900x_jpeg.exe
Details	File	1	c:\users\public\pictures\scanpassport.jpg
Details	File	1	c:\users\public\documents\acrobatreader.txt
Details	File	1	c:\users\public\documents\acrobatreader.exe
Details	File	4	this.inf
Details	File	7	this.txt
Details	File	1	audev.txt
Details	File	1	c:\users\public\videos\si.ini
Details	File	1	si.ini
Details	File	4	set.txt
Details	File	1	scx.bin
Details	File	4	l.txt
Details	File	1	audev.exe
Details	File	35	libeay32.dll
Details	File	26	ssleay32.dll
Details	File	1	registration.bat
Details	File	1	c:\users\public\videos\audev.exe
Details	File	1	c:\users\public\videos\registr.bat
Details	File	13	0.txt
Details	File	1	57.txt
Details	File	1	08.txt
Details	File	119	smss.exe
Details	File	165	csrss.exe
Details	File	89	wininit.exe
Details	File	212	winlogon.exe
Details	File	306	services.exe
Details	File	478	lsass.exe
Details	File	3	i.txt
Details	File	1	c:\users\public\videos\audev.txt
Details	File	1	c:\program files\common files c:\program files\desktop.ini
Details	File	1	-image_001.jpg
Details	File	2	sa.bin
Details	File	10	4.txt
Details	File	1	antony.mil
Details	File	1	58.txt
Details	File	1	082.txt
Details	File	1	i2.txt
Details	File	1	42.txt
Details	File	1	indy0037c632.tmp
Details	File	1	indy01863a21.tmp
Details	sha1	1	98c348cab0f835d6cf17c3a31cd5811f86c0388b
Details	sha1	1	6d981d71895581dfb103170486b8614f7f203bdc
Details	sha1	1	7768fd2812ceff05db8f969a7bed1de5615bfc5a
Details	sha1	1	da70c54a8b9fd236793bb2ab3f8a50e6cd37e2df
Details	sha1	1	a225d457c3396e647ffc710cd1edd4c74dc57152
Details	sha1	1	a659a765536d2099ecbde988d6763028ff92752e
Details	sha1	1	20954fe36388ae8b1174424c8e4996ea2689f747
Details	sha1	1	e0d8829d2e76e9bb02e3b375981181ae02462c43
Details	Windows Registry Key	11	HKCU\Environment