ioc[.]one - OSINT Cyber Threat Intelligence Database

Understanding and threat hunting for RMM software misuse

Tags

country:	Brazil Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	c4e8f62b-b6b1-4e19-b48d-0ab23a597d1a
Fingerprint	802a1c59e31793a1
Analysis status	DONE
Considered CTI value	1
Text language
Published	April 15, 2025, midnight
Added to db	April 15, 2025, 9:22 a.m.
Last updated	April 16, 2025, 12:53 p.m.
Headline	Understanding and threat hunting for RMM software misuse
Title	Understanding and threat hunting for RMM software misuse
Detected Hints/Tags/Attributes	98/3/25

Source URLs

	Redirection	Url
Details	Source	https://intel471.com/blog/understanding-and-threat-hunting-for-rmm-software-misuse

URL Provider

Details	Provider	Source level domain
Details	intel471.com	intel471.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	138	✔	Intel471	https://intel471.com/blog/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	83	cve-2023-48788
Details	Domain	16	anydesk.com
Details	Domain	1	boot.net.anydesk.com
Details	Domain	1	relay-8bd65c3e.net.anydesk.com
Details	Domain	3	agent-api.atera.com
Details	Domain	3	ps.atera.com
Details	Domain	3	atera.com
Details	Domain	4	hunter.cyborgsecurity.io
Details	File	1	%userprofile%\appdata\local\temp\gcapi.dll
Details	File	9	ateraagent.exe
Details	File	7	crypto.dll
Details	File	4	sharpziplib.dll
Details	File	107	log.txt
Details	File	33	newtonsoft.json
Details	File	2	pubnub.dll
Details	File	3	valuetuple.dll
Details	File	5	meshagent.exe
Details	IPv4	2	1.8.7.2
Details	Url	1	https://hunter.cyborgsecurity.io/research/hunt-package/749f7e2c-5eeb-407d-a5ef-cfcecbe5d810
Details	Url	1	https://hunter.cyborgsecurity.io/research/hunt-package/4103b086-f093-4084-9125-15b9a6c872b8
Details	Url	1	https://hunter.cyborgsecurity.io/research/hunt-package/93f71607-f35d-4aa6-aec9-c2f8a62cbd8a
Details	Url	1	https://hunter.cyborgsecurity.io/research/hunt-package/bb771c73-e7ab-4705-92a2-ce322b33621d
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mesh
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mesh
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Open