InfoSec Handlers Diary Blog - SANS Internet Storm Center
Tags
Common Information
| Type | Value |
|---|---|
| UUID | b5fb80d5-3f4f-4e62-87ad-ed7199ec65fa |
| Fingerprint | 3497b93e317dddc2 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 10, 2020, midnight |
| Added to db | Sept. 11, 2022, 12:36 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Internet Storm Center |
| Title | InfoSec Handlers Diary Blog - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 28/1/41 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | teworhfoundation.com |
|
| Details | Domain | 1 | 4jvmow.zip |
|
| Details | Domain | 1 | thecandidtales.com |
|
| Details | Domain | 1 | doakai.zip |
|
| Details | Domain | 1 | safaktasarim.com |
|
| Details | Domain | 1 | livedthtsthw.flights |
|
| Details | Domain | 2 | bath7epran.toshiba |
|
| Details | Domain | 272 | outlook.com |
|
| Details | Domain | 88 | malware-traffic-analysis.net |
|
| Details | File | 1 | info-3948683568.doc |
|
| Details | File | 1 | inform-34674869.doc |
|
| Details | File | 1 | rep-sept2020.doc |
|
| Details | File | 1 | 4jvmow.zip |
|
| Details | File | 1 | zd0pcc.rar |
|
| Details | File | 1 | doakai.zip |
|
| Details | File | 1 | 7zcsfo.txt |
|
| Details | File | 1 | wuom4a.rar |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 127 | c:\windows\system32\rundll32.exe |
|
| Details | File | 1 | qzpic6r.dll |
|
| Details | File | 6 | dwwin.exe |
|
| Details | File | 89 | version.dll |
|
| Details | File | 3 | dmnotificationbroker.exe |
|
| Details | File | 24 | dui70.dll |
|
| Details | File | 8 | msinfo32.exe |
|
| Details | File | 6 | mfc42u.dll |
|
| Details | sha256 | 1 | fee5bb973112d58445d9e267e0ceea137d9cc1fb8a7140cf9a67472c9499a30f |
|
| Details | sha256 | 1 | 9b747e89874c0b080cf78ed61a1ccbd9c86045dc61b433116461e3e81eee1348 |
|
| Details | sha256 | 1 | 27379612c139d3c4a0c6614ea51d49f2495213c867574354d7851a86fdec2428 |
|
| Details | sha256 | 1 | 790b0d9e2b17f637c3e03e410aa22d16eccfefd28d74b226a293c9696edb60ad |
|
| Details | sha256 | 1 | fd8049d573c056b92960ba7b0949d9f3a97416d333fa602ce683ef822986ad58 |
|
| Details | sha256 | 1 | 719a8634a16beb77e6d5c6bb7f82a96c6a49d5cfa64463754fd5f0e5eb0581be |
|
| Details | sha256 | 1 | 4d7d8d1790d494a1a29dae42810a3a10864f7c38148c3600c76491931c767c5c |
|
| Details | IPv4 | 2 | 67.213.75.205 |
|
| Details | IPv4 | 2 | 54.39.34.26 |
|
| Details | Url | 1 | https://teworhfoundation.com/4jvmow.zip |
|
| Details | Url | 1 | https://teworhfoundation.com/zd0pcc.rar |
|
| Details | Url | 1 | https://thecandidtales.com/doakai.zip |
|
| Details | Url | 1 | https://safaktasarim.com/7zcsfo.txt |
|
| Details | Url | 1 | https://thecandidtales.com/wuom4a.rar |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |