ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Thursday: SquirrelWaffle Takes a Bite Out of Victim's Bank Accounts

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	b7304e1e-1216-436f-b101-83e8fa4828ce
Fingerprint	2c4019b829b387ce
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 11, 2021, 1:01 a.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Threat Thursday: SquirrelWaffle Takes a Bite Out of Victim's Bank Accounts
Title	Threat Thursday: SquirrelWaffle Takes a Bite Out of Victim's Bank Accounts
Detected Hints/Tags/Attributes	54/2/52

Source URLs

	Redirection	Url
Details	Source	https://blogs.blackberry.com/en/2021/11/threat-thursday-squirrelwaffle-loader

URL Provider

Details	Provider	Source level domain
Details	blackberry.com	blogs.blackberry.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	malware-traffic-analysis.com
Details	Domain	33	www.apache.org
Details	Domain	4	priyacareers.com
Details	Domain	4	perfectdemos.com
Details	Domain	4	bussiness-z.ml
Details	Domain	4	cablingpoint.com
Details	Domain	4	bonus.corporatebusinessmachines.co.in
Details	Domain	2	bonusvulkanvegas.srdm.in
Details	Domain	2	dashboard.adlytic.ai
Details	Domain	2	celulasmadreenmexico.com.mx
Details	Domain	2	ebrouteindia.com
Details	Domain	2	afrizam.360cyberlink.com
Details	Domain	2	test.dirigu.ro
Details	Domain	2	assurant.360cyberlink.com
Details	Domain	2	sig.institutoacqua.org.br
Details	Domain	2	ifiengineers.com
Details	Domain	2	giasuphire.tddvn.com
Details	Domain	2	gerencial.institutoacqua.org.br
Details	Domain	37	www.blackberry.com
Details	File	2	pin.vbs
Details	File	4	c:\programdata\pin.vbs
Details	File	155	cscript.exe
Details	File	1018	rundll32.exe
Details	File	1	c:\programdata\ww1.dll
Details	File	2	rvogdko8fnp.txt
Details	File	218	min.js
Details	File	1	true.dll
Details	File	2	dhcpsapi.dll
Details	File	12	pe.dll
Details	File	3	pt.html
Details	File	2	diagram-721.doc
Details	File	2	www1.dll
Details	File	3	www2.dll
Details	File	2	www3.dll
Details	File	2	www4.dll
Details	File	2	www5.dll
Details	md5	1	1b8854882478e8ab7439d9dedeec9966
Details	sha256	3	00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c
Details	sha256	1	263c3c63e2355a8b784660bf0a25ec349b1270c68f53617bd73b65dfc10eecc8
Details	sha256	1	449fc42c5403c4f26fd123065a0fc2b834161514086a274f477d3c18d88f4238
Details	sha256	1	a71fe2bcbb17e7cccca5a4a7016189421147fa87646ae8c1d9599c31d9b10e79
Details	sha256	3	3c280f4b81ca4773f89dc4882c1c1e50ab1255e1975372109b37cf782974e96f
Details	IPv4	1	213.227.154.92
Details	Pdb	1	c:\\equal\\true\\bird_select\\780\\true.pdb
Details	Url	20	https://www.apache.org/licenses/license-2.0
Details	Url	2	https://priyacareers.com/u9hdqn9yy7g/pt.html
Details	Url	2	https://perfectdemos.com/gv1inaumkz/pt.html
Details	Url	2	https://bussiness-z.ml/ze8pcntikris/pt.html
Details	Url	2	https://cablingpoint.com/byh5ndoe3kqa/pt.html
Details	Url	1	https://bonus.corporatebusinessmachines.co.in]/1y0qvnce/pt.html
Details	Url	17	https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment
Details	Url	1	https://www.itpro.co.uk/security/ransomware/361417/microsoft-exchange-servers-distribute-squirrelwaffle-malware