ioc[.]one - OSINT Cyber Threat Intelligence Database

Trojanized Application Preying on TeamViewer Users

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Input Capture - T1056 Masquerading - T1036 Standard Non-Application Layer Protocol - T1095 Process Discovery - T1057 Query Registry - T1012 System Information Discovery - T1082 User Execution - T1204 Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	c1cb8a5c-99a7-4028-96b0-75760887473b
Fingerprint	f5f57b0b28b38a84
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 13, 2023, midnight
Added to db	Oct. 24, 2023, 1:17 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Trojanized Application Preying on TeamViewer Users
Title	Trojanized Application Preying on TeamViewer Users
Detected Hints/Tags/Attributes	78/3/25

Source URLs

	Redirection	Url
Details	Redirection	https://blog.cyble.com/2023/07/13/trojanized-application-preying-on-teamviewer-users/
Details	Source	https://cyble.com/blog/trojanized-application-preying-on-teamviewer-users/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com
Details	cyble.com	blog.cyble.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	30	✔	—	https://blog.cyble.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	kkk.no-ip.biz
Details	File	3	starting.exe
Details	File	25	teamviewer.exe
Details	File	46	system.exe
Details	File	1	301b5fcf8ce2fab8868e80b6c1f912fe.exe
Details	md5	2	301b5fcf8ce2fab8868e80b6c1f912fe
Details	md5	2	11aacb03c7e370d2b78b99efe9a131eb
Details	md5	2	8ccbb51dbee1d8866924610adb262990
Details	sha1	2	9b9539fec7d0227672717e126a9b46cda3315895
Details	sha1	2	b2f847dce91be5f5ea884d068f5d5a6d9140665c
Details	sha256	2	224ae485b6e4c1f925fff5d9de1684415670f133f3f8faa5f23914c78148fc31
Details	sha256	2	9bcb093f911234d702a80a238cea14121c17f0b27d51bb023768e84c27f1262a
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	159	T1095
Details	Url	2	http://kkk.no-ip.biz
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	38	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run