ioc[.]one - OSINT Cyber Threat Intelligence Database

Новая кампания злоумышленников Tusk использует стилеры и клипперы для кражи денег и данных

Tags

attack-pattern:

Data Dns - T1071.004 Dns - T1590.002 Javascript - T1059.007 Msiexec - T1218.007 Rundll32 - T1218.011 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	d2ed0ac9-f349-4f0b-ac72-904505480ecc
Fingerprint	761cf5bb5a056d72
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 5, 2024, 1 p.m.
Added to db	Sept. 5, 2024, 12:54 p.m.
Last updated	Nov. 17, 2024, 8:43 p.m.
Headline	Tusk: разбор сложной кампании с использованием стилеров
Title	Новая кампания злоумышленников Tusk использует стилеры и клипперы для кражи денег и данных
Detected Hints/Tags/Attributes	25/1/91

Source URLs

	Redirection	Url
Details	Source	https://securelist.ru/tusk-infostealers-campaign/110460/

URL Provider

Details	Provider	Source level domain
Details	securelist.ru	securelist.ru

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	224	✔	Securelist	https://securelist.ru/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	peerme.io
Details	Domain	5	tidyme.io
Details	Domain	2	tidymeapp.io
Details	Domain	2	tidyme.app
Details	Domain	5	testload.pythonanywhere.com
Details	Domain	2	tydime.io
Details	Domain	2	mx.bf442731a463.tidyme.io
Details	Domain	5	runeonlineworld.io
Details	Domain	5	voico.io
Details	Domain	2	astrosounsports.shop
Details	Domain	2	batverssaports.shop
Details	Domain	2	dintrinnssports.shop
Details	Domain	4	dustfightergame.com
Details	Domain	2	edvhukkkmvgcct.shop
Details	Domain	2	gurunsmilrsports.shop
Details	Domain	2	izxxd.top
Details	Domain	2	partyroyale.fun
Details	Domain	2	partyroyale.games
Details	Domain	2	partyroyaleplay.com
Details	Domain	2	partyroyaleplay.io
Details	Domain	2	refvhnhkkolmjbg.shop
Details	Domain	2	sinergijiasport.shop
Details	Domain	2	supme.io
Details	Domain	2	vinrevildsports.shop
Details	Domain	2	wuwelej.top
Details	Domain	2	riseonlineworld.com
Details	Domain	5	yous.ai
Details	Domain	2	1h343lkxf4pikjd.dad
Details	File	2	tidyme.exe
Details	File	2	captcha.js
Details	File	153	config.json
Details	File	2	updateload.rar
Details	File	4	testload.py
Details	File	7	preload.js
Details	File	62	script.js
Details	File	47	api.php
Details	File	72	response.json
Details	File	2	updateload.exe
Details	File	2	bytes.exe
Details	File	2125	cmd.exe
Details	File	1260	explorer.exe
Details	File	4	runeonlineworld.exe
Details	File	269	msiexec.exe
Details	File	1018	rundll32.exe
Details	File	6	openwith.exe
Details	File	2	madhcctrl.exe
Details	File	2	madhcnet32.dll
Details	File	2	mvrsettings32.dll
Details	File	4	unrar.dll
Details	File	2	wickerwork.indd
Details	File	4	yous.ai
Details	File	2	voico.exe
Details	File	364	console.log
Details	File	4	update.rar
Details	File	1	mediafile.rar
Details	File	1	mediafile2.rar
Details	md5	2	B42F971AC5AAA48CC2DA13B55436C277
Details	sha1	2	5bf729c6a67603e8340f31bac2083f2a4359c24b
Details	sha256	2	c990a578a32d545645b51c2d527d7a189a7e09ff7dc02cefc079225900f296ac
Details	sha256	2	f586b421f10b042b77f021463934cfeda13c00705987f4f4c20b91b5d76d476c
Details	sha256	2	69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699
Details	sha256	2	523d4eb71af86090d2d8a6766315a027fdec842041d668971bfbbbd1fe826722
Details	sha256	2	b7d3bc460a17e1b43c9ff09786e44ea4033710538bdb539400b55e5b80d0b338
Details	sha256	2	0891edb0cc1c0208af2e4bc65d6b5a7160642f89fd4b4dc321f79d2b5dfc2dcc
Details	sha256	2	db4328dfbf5180273f144858b90cb71c6d4706478cac65408a9d9df372a08fc3
Details	sha256	2	9d8547266c90cae7e2f5f5a81af27fb6bc6ade56a798b429cdb6588a89cec874
Details	sha256	2	7d42e121560bc79a2375a15168ac536872399bf80de08e5cc8b3f0240cdc693a
Details	sha256	2	ce0905a140d0f72775ea5895c01910e4a492f39c2e35edce9e9b8886a9821fb1
Details	sha256	2	4c33d4179fff5d7aa7e046e878cd80c0146b0b134ae0092ce7547607abc76a49
Details	sha256	2	ea748caf0ed2aac4008ccb9fd9761993f9583e3bc35783cfa42593e6ba3eb393
Details	sha256	2	934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c
Details	sha256	2	ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5
Details	IPv4	2	79.133.180.213
Details	IPv4	2	46.8.238.240
Details	IPv4	2	77.91.77.200
Details	IPv4	2	23.94.225.177
Details	IPv4	2	89.169.52.59
Details	IPv4	2	81.19.137.7
Details	IPv4	5	194.116.217.148
Details	IPv4	2	85.28.47.139
Details	Url	2	https://www.dropbox.com/scl/fi/cw6jsbp981xy88tzk3obm/updateload.rar?rlkey=87g969em599vnoslcglyo97fa&st=1p7dopsl&dl=1
Details	Url	3	http://testload.pythonanywhere.com/getbytes/f
Details	Url	2	https://tidyme.io/api.php
Details	Url	2	https://tydime.io/api.php
Details	Url	2	http://testload.pythonanywhere.com/getbytes/m.
Details	Url	2	http://testload.pythonanywhere.com/getbytes/s
Details	Url	2	http://testload.pythonanywhere.com/getbytes/h
Details	Url	1	http://testload.pythonanywhere.com/getbytes/m
Details	Url	1	https://www.dropbox.com/scl/fi/gvlceblluk9thfijhywu2/update.rar?rlkey=ch37ht5fdklng66t04r8h8kaa&st=sddqqvhz&dl=1
Details	Url	1	https://www.dropbox.com/scl/fi/dcmq2ucpdcsz3zvpeg85i/mediafile.rar?rlkey=ck5oz8qzz6qtz2i6tl273gbf7&st=4t9ecvfd&dl=1
Details	Url	1	https://www.dropbox.com/scl/fi/qcrl58lus5dmfqo203ly5/mediafile2.rar?rlkey=1hx6glacae5nwcq71nat8oww0&st=ox6nxk7m&dl=1