From Zero To 50k Infections - PseudoManuscrypt Sinkholing - Part 1 | Bitsight
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Firmware - T1592.003 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID b652b435-69a0-468d-9177-2a342921c827
Fingerprint bc019d52cdb06a89
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 5, 2022, midnight
Added to db Oct. 5, 2022, 11:30 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline From Zero To 50k Infections - PseudoManuscrypt Sinkholing - Part 1
Title From Zero To 50k Infections - PseudoManuscrypt Sinkholing - Part 1 | Bitsight
Detected Hints/Tags/Attributes 51/2/21
Source URLs
Redirection Url
Details Source https://www.bitsight.com/blog/zero-50k-infections-pseudomanuscrypt-sinkholing-part-1
URL Provider
Details Provider Source level domain
Details bitsight.com www.bitsight.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 163 https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
toa.mygametoa.com
Details Domain 2 
gogamec.com
Details Domain 1 
dxyzgame.com
Details Domain 2 
tob.mygametob.com
Details Domain 1 
56.jpgamehome.com
Details Domain 2 
gp.gamebuy768.com
Details Domain 2 
xyzgamev.com
Details Domain 1 
xyzgamec.com
Details Domain 1 
xv.yxzgamen.com
Details Domain 1 
agametog.com
Details File 1018 
rundll32.exe
Details File 10 
sqlite.dll
Details File 1 
sqlite.dat
Details File 6 
x.html
Details File 42 
login.html
Details File 1 
%appdata%\local\temp with the names sqlite.dll
Details File 1 
c:\users\x\appdata\local\temp\sqlite.dll
Details File 1 
56.jpg
Details sha256 1 
dd19804b5823cf2cab3afe4a386b427d9016e2673e82e0f030e4cff74ef73ce1
Details sha256 1 
ecdfa028928da8df647ece7e7037bc4d492b82ff1870cc05cf982449f2c41786
Details IPv4 1441 
127.0.0.1