Open-source repository malware sows Havoc
Common Information
Type Value
UUID bae81ed3-4ffc-4d85-8baf-db08b7f4a300
Fingerprint 8c611219891b1d53
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 9, 2023, midnight
Added to db Feb. 14, 2023, 10:34 a.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline Open-source repository malware sows Havoc
Title Open-source repository malware sows Havoc
Detected Hints/Tags/Attributes 54/2/28
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 51 ReversingLabs Blog https://blog.reversinglabs.com/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2
github.elemecdn.com
Details Domain 2
zh.googlecdnb.tk
Details Domain 4
install.zip
Details File 41
jquery.js
Details File 3
install_flash_player_ppapi.exe
Details File 15
wsc_proxy.exe
Details File 18
wsc.dll
Details File 6
demon.bin
Details File 4
install.zip
Details File 1212
powershell.exe
Details sha1 2
aa96e359daf6f90c2170c99a383f4f6b87e2154a
Details sha1 2
1f1aadda137e5f6d1d914f1c69160eed4dda8517
Details sha1 2
36cce0d19253d08252d0d3ade1755d6b064786ae
Details sha1 2
09a47a484c8e83f0d36772a445b4e6bc12dc247b
Details sha1 2
745f47e5349a99ee867fc1f5358462d176f97c6f
Details sha1 2
62036fd054bac1375fe1205dc595a246e9d94a83
Details sha1 2
4789cf9141da47fe265e3d646609d864e0074711
Details sha1 2
0dd0784b875183c5c8701ae4f46ed371a16fd6b3
Details sha1 2
4ae6fec8052a9648abaaa7b41625c911f355eaa7
Details sha1 2
a3dc96b5553606a039a68783989eba4cc0732b3a
Details sha1 2
4b0c13a054cadbfddf82686f4b4ff082e9cae428
Details IPv4 2
3.136.16.137
Details IPv4 198
1.1.1.1
Details Url 2
https://github.elemecdn.com
Details Url 2
http://3.136.16.137/vendor/htmlawed/htmlawed/demon.bin
Details Url 2
http://1.1.1.1/install.zip
Details Url 2
http://zh.googlecdnb.tk
Details Url 2
http://3.136.16.137