ioc[.]one - OSINT Cyber Threat Intelligence Database

Snip3 Crypter Reveals New TTPs Over Time

Tags

cmtmf-attack-pattern:	Process Injection
country:	France
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Hidden Window - T1564.003 Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Hollowing - T1055.012 Process Injection - T1631 Reflective Code Loading - T1620 Server - T1583.004 Server - T1584.004 Hidden Window - T1143 Installutil - T1118 Powershell - T1086 Process Hollowing - T1093 Process Injection - T1055

Show in Graph

Common Information

Type	Value
UUID	bd93fd00-c0c8-4007-bd2b-d65025bb160a
Fingerprint	ac412d13293a03e9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 18, 2023, midnight
Added to db	Nov. 9, 2023, 1:04 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Zscaler Blog
Title	Snip3 Crypter Reveals New TTPs Over Time
Detected Hints/Tags/Attributes	65/4/40

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/snip3-crypter-reveals-new-ttps-over-time

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	sql8001.site4now.net
Details	Domain	372	wscript.shell
Details	Domain	5	pastetext.net
Details	Domain	3	xmlhttprequest.open
Details	Domain	61	system.windows
Details	Domain	228	system.io
Details	Domain	1	crazydns.linkpc.net
Details	Domain	1	sql8003.site4now.net
Details	Domain	1	sql8004.site4now.net
Details	Domain	2	toptal.com
Details	File	4	info.pdf
Details	File	1	id102332541.csv
Details	File	1	fiscal-6.vbs
Details	File	1208	powershell.exe
Details	File	1	c:\users\public\lcscgt0mss.ps1
Details	File	1	lcscgt0mss.ps1
Details	File	1	googlechromeupdatehandlerx64.vbs
Details	File	1	googlechromeupdatehandler.vbs
Details	File	1	0d0c2fb5b767451788a2751ca5ebea2a.ps1
Details	File	1	winlogonupdate.vbs
Details	File	36	compression.gzip
Details	File	59	csc.exe
Details	File	48	applaunch.exe
Details	File	72	regsvcs.exe
Details	File	83	installutil.exe
Details	File	103	regasm.exe
Details	md5	1	0d0c2fb5b767451788a2751ca5ebea2a
Details	md5	1	bd23ae38590d87243af890505d6fbeec
Details	md5	1	a41de1ef870e970e265cc35b766a5ec8
Details	md5	1	a5b76ca780ddff061db6f86f03d3b120
Details	md5	1	b78c9bb6070340bb4d352c712a0a28b7
Details	md5	1	923f46f8a9adfd7a48536de6f851d0f7
Details	md5	1	dda2ba195c9ebc9f169770290cd9f68a
Details	md5	1	ef2236c85f915cae6380c64cc0b3472a
Details	md5	1	0bbc89719ff3c4a90331288482c95eac
Details	IPv4	1	185.81.157.59
Details	IPv4	1	185.81.157.172
Details	IPv4	1	185.81.157.203
Details	IPv4	1	185.81.157.136
Details	IPv4	1	185.81.157.117