ioc[.]one - OSINT Cyber Threat Intelligence Database

Silent Push tracks new Google malvertising and brand spoofing campaigns. — Silent Push Threat Intelligence

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Datasets Model Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Impersonation - T1656 Malicious File - T1204.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Software - T1592.002 Tool - T1588.002 Browser Extensions - T1176 Regsvr32 - T1117 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	ba3cd7bc-a2ac-49a1-84ab-55d5c0f66549
Fingerprint	1df11dd9c0bb8385
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 17, 2024, midnight
Added to db	Nov. 19, 2023, 5:42 a.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	"Ad-versaries": Tracking new Google malvertising and brand spoofing campaigns. New MaaS DarkGate loader, DanaBot, IcedID and more.
Title	Silent Push tracks new Google malvertising and brand spoofing campaigns. — Silent Push Threat Intelligence
Detected Hints/Tags/Attributes	57/3/27

Source URLs

	Redirection	Url
Details	Source	https://www.silentpush.com/blog/google-malvertising

URL Provider

Details	Provider	Source level domain
Details	silentpush.com	www.silentpush.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	374	✔	—	https://www.silentpush.com/blog?format=rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	advanced-ip-scanner.top
Details	Domain	6	advanced-ip-scanner.com
Details	Domain	1	shouman-acc.com
Details	Domain	707	google.com
Details	Domain	1	advancde-ip-scanner.com
Details	Domain	1	jam-software.net
Details	Domain	4	winscp.net
Details	Domain	1	winscphub.com
Details	Domain	1	advancede-ip-scanner.com
Details	Domain	3	aptekoagraliy.com
Details	File	37	icacls.exe
Details	File	6	c:\windows\system32\icacls.exe
Details	File	10	'regsvr32.exe
Details	md5	1	183276d2ea0740a8e92b3cff7abef725
Details	md5	1	2b6830970820af8d43ab710507ee19ca
Details	sha256	1	86bcd250b70e261d29a20538ffaf9ea3b27b510f02721cc6853bda227deeb118
Details	sha256	1	123b285236757f7ac0c4f2107756a0ed661c9190aad81914c54debdd3bfa00f4
Details	IPv4	1	172.86.121.218
Details	IPv4	1	45.61.160.115
Details	IPv4	1	172.86.97.119
Details	IPv4	1	91.212.166.96
Details	IPv4	1	185.225.69.33
Details	IPv4	1	5.189.253.176
Details	IPv4	1	5.189.253.131
Details	IPv4	1	185.225.69.230
Details	Windows Registry Key	1	HKLM\SOFTWARE\WOW6432Node\Martin
Details	Windows Registry Key	1	HKCU\SOFTWARE\Martin