ioc[.]one - OSINT Cyber Threat Intelligence Database

Rewterz Threat Alert – Malvertising Campaign: BlackCat Ransomware Operators Spreads Ransomware Disguised As WinSCP – Active IOCs

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Chat Messages - T1552.008 Domains - T1583.001 Domains - T1584.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Network Devices - T1584.008 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	d35da64c-5ad8-44bd-b2c4-08cb681df9a3
Fingerprint	a52b1931b915774c
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 3, 2023, 9:15 a.m.
Added to db	July 10, 2023, 11:32 a.m.
Last updated	Nov. 13, 2024, 12:37 a.m.
Headline	Rewterz Threat Alert – Malvertising Campaign: BlackCat Ransomware Operators Spreads Ransomware Disguised As WinSCP – Active IOCs
Title	Rewterz Threat Alert – Malvertising Campaign: BlackCat Ransomware Operators Spreads Ransomware Disguised As WinSCP – Active IOCs
Detected Hints/Tags/Attributes	78/2/80

Source URLs

	Redirection	Url
Details	Source	https://www.rewterz.com/rewterz-news/rewterz-threat-alert-malvertising-campaign-blackcat-ransomware-operators-spreads-ransomware-disguised-as-winscp-active-iocs/

URL Provider

Details	Provider	Source level domain
Details	rewterz.com	www.rewterz.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	365	✔	—	https://www.rewterz.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	5	cve-2023-36539
Details	Domain	4	winscp.net
Details	Domain	4	winsccp.com
Details	Domain	1	aleagroupdevelopment.com
Details	Domain	1	azurecloudup.online
Details	Domain	1	cloudupdateservice.online
Details	Domain	1	devnetapp.com
Details	Domain	1	situotech.com
Details	Domain	3	python.zip
Details	Domain	1	closeyoueyes.com
Details	Domain	1	firstclassbale.com
Details	File	208	setup.exe
Details	File	40	msi.dll
Details	File	5	python310.dll
Details	File	3	c:\users\public\music\python\pythonw.exe
Details	File	27	pythonw.exe
Details	File	2	python.zip
Details	md5	1	1e49cdfc621240c2e1ce1c7c735dcf27
Details	md5	1	6c69cceb7541e7bab1986ac54ab396ef
Details	md5	1	e80ed5e6c78f16690b8cae9c5bd0f631
Details	md5	1	514a72b9628574eac1dfb7d5061769f6
Details	md5	1	b17435075407f7aa9e48e74a426035f7
Details	md5	1	689a0c77af5442657b703e44365bbeb7
Details	md5	1	cc83d2123769e0615c4d35fdb24346b6
Details	md5	1	0f9f8018891559f0c48055a74f27425a
Details	md5	1	6f5e7beb8fba48143c95692af66f89d8
Details	md5	1	f21106d2f63112f8db10169d503c635a
Details	md5	1	d82eaea0554bcc516d43ae3e1615a88a
Details	md5	2	0f7b6bb3a239cf7a668a8625e6332639
Details	md5	1	af107f3ce32d6c018cb701aa54a46279
Details	md5	1	70f9bf7caf38a0b864fc190fe238b066
Details	sha1	1	94e2eb70f2873cdcf967ee526a7e68ae629e3107
Details	sha1	1	e6e7f30f06b16b8a946a757ff5c19336c12bb41d
Details	sha1	1	7254fc0e84357c95a33b100d34bf84c22d1b9f88
Details	sha1	1	cf9fa97058a4645df43b0d6dcfcdcf663bdef32d
Details	sha1	1	6ea353f143f21a339628bfa9422abb06200c06a3
Details	sha1	1	52d415ca1ab75236f9fff784e6b83e57f8280506
Details	sha1	1	3f6a5bd2e4ff1bf58f85e5a365386ef3a5687a1d
Details	sha1	1	1674ba9037321494b08f0a31eda5d1104550b6c6
Details	sha1	1	aae1b17891ec215a0e238f881be862b4f598e46c
Details	sha1	1	c82b28daeb33d94ae3cafbc52dbb801c4a5b8cfa
Details	sha1	1	5cbb6978c9d01c8a6ea65caccb451bf052ed2acd
Details	sha1	2	5263a135f09185aa44f6b73d2f8160f56779706d
Details	sha1	1	337ca5eefe18025c6028d617ee76263279650484
Details	sha1	1	e862f106ed8e737549ed2daa95e5b8d53ed50f87
Details	sha256	1	25467df66778077cc387f4004f25aa20b1f9caec2e73b9928ec4fe57b6a2f63c
Details	sha256	1	4a4d20d107ee8e23ce1ebe387854a4bfe766fc99f359ed18b71d3e01cb158f4a
Details	sha256	1	13090722ba985bafcccfb83795ee19fd4ab9490af1368f0e7ea5565315c067fe
Details	sha256	1	8859a09fdc94d7048289d2481ede4c98dc342c0a0629cbcef2b91af32d52acb5
Details	sha256	1	bacbe893b668a63490d2ad045a69b66c96dcacb500803c68a9de6cca944affef
Details	sha256	1	c7a5a4fb4f680974f3334f14e0349522502b9d5018ec9be42beec5fa8c1597fe
Details	sha256	1	3ce4ed3c7bd97b84045bdcfc84d3772b4c3a29392a9a2eee9cc17d8a5e5403ce
Details	sha256	1	21e7bcc03c607e69740a99d0e9ae8223486c73af50f4c399c8d30cce4d41e839
Details	sha256	1	9e5205865a23c4b8a60935a3fdf1f203286b3e240940bfbeaf0101b00cfc68d6
Details	sha256	1	d53f1143d5910f025e48389f8ebb5c983007b84f2c485eba7658aa34b74e846e
Details	sha256	1	4b8be22b23cd9098218a6f744baeb45c51b6fad6a559b01fe92dbb53c6e2c128
Details	sha256	2	18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88
Details	sha256	1	7eade755a832eeaaa1323c8a2126bc9a77195959b49d1899bfd823466175ef70
Details	sha256	1	8dfac6521ef877efede0a82bf46d94f590127e2607b78d08321953796fddbba9
Details	IPv4	1	104.234.11.236
Details	IPv4	1	157.254.195.108
Details	IPv4	1	157.254.195.83
Details	IPv4	1	104.234.11.226
Details	IPv4	1	141.98.6.56
Details	IPv4	1	166.0.95.43
Details	IPv4	1	167.88.164.91
Details	IPv4	1	193.42.32.143
Details	IPv4	9	45.12.253.51
Details	IPv4	1	45.12.253.50
Details	IPv4	1	45.66.230.215
Details	IPv4	1	104.234.147.134
Details	IPv4	2	167.88.164.40
Details	IPv4	2	172.86.123.226
Details	IPv4	1	45.66.230.240
Details	Url	1	http://104.234.147.134/python/python.zip
Details	Url	1	https://167.88.164.40/python/python.zip
Details	Url	1	http://172.86.123.226/python/python.zip
Details	Url	1	https://45.66.230.240/python/python.zip
Details	Url	1	https://closeyoueyes.com/python/python.zip
Details	Url	1	https://firstclassbale.com/python/python.zip