Threat Round Up for Aug 25 - Sep 1
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Software - T1592.002 Visual Basic - T1059.005 Windows Service - T1543.003 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | d50364e1-c61f-47a3-ac8b-99850fd1a0f5 |
| Fingerprint | 32ecc20350e6debf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 1, 2017, 1:12 p.m. |
| Added to db | Oct. 9, 2022, 4:06 p.m. |
| Last updated | Nov. 17, 2024, 6:30 p.m. |
| Headline | Vulnerability Information |
| Title | Threat Round Up for Aug 25 - Sep 1 |
| Detected Hints/Tags/Attributes | 47/2/257 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.talosintelligence.com/2017/09/threat-round-up-0825-0901.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 904 | snort.org |
|
| Details | Domain | 224 | clamav.net |
|
| Details | Domain | 1 | evaluator-expert.ro |
|
| Details | Domain | 1 | oceanclubsreloaded.us |
|
| Details | Domain | 1 | oceanfreightclubs.ir |
|
| Details | Domain | 1 | fv-st-konrad.de |
|
| Details | Domain | 1 | www.fv-st-konrad.de |
|
| Details | Domain | 129 | api.ipify.org |
|
| Details | Domain | 4 | api.nuget.org |
|
| Details | Domain | 8 | chocolatey.org |
|
| Details | Domain | 12 | dist.torproject.org |
|
| Details | Domain | 9 | cached-microdescs.new |
|
| Details | Domain | 180 | readme.md |
|
| Details | Domain | 1 | keybeautysystemswest.com |
|
| Details | Domain | 62 | icanhazip.com |
|
| Details | Domain | 1 | www.flemingz.com |
|
| Details | Domain | 1 | flemingz.com |
|
| Details | Domain | 1 | klcwba.com |
|
| Details | Domain | 1 | ajiyoh.com |
|
| Details | Domain | 1 | dpwrjl.com |
|
| Details | Domain | 1 | uatcte.com |
|
| Details | Domain | 1 | imtxxh.com |
|
| Details | Domain | 1 | lobsyb.com |
|
| Details | Domain | 1 | xcckyn.com |
|
| Details | Domain | 1 | uvebwz.com |
|
| Details | Domain | 1 | iazfmh.com |
|
| Details | Domain | 1 | zisbon.com |
|
| Details | Domain | 1 | wyspqd.com |
|
| Details | Domain | 1 | oeuuvh.com |
|
| Details | Domain | 1 | udvjli.com |
|
| Details | Domain | 1 | abvjlx.com |
|
| Details | Domain | 1 | aoogeq.com |
|
| Details | Domain | 5 | ilo.brenz.pl |
|
| Details | Domain | 1 | lxoalw.com |
|
| Details | Domain | 1 | wvnyqa.com |
|
| Details | Domain | 1 | gnapgq.com |
|
| Details | Domain | 1 | cxniir.com |
|
| Details | Domain | 1 | gzoiji.com |
|
| Details | Domain | 1 | rrbuas.com |
|
| Details | Domain | 1 | tdsuye.com |
|
| Details | Domain | 1 | kfgsia.com |
|
| Details | Domain | 1 | vdbqhy.com |
|
| Details | Domain | 1 | ygmyqt.com |
|
| Details | Domain | 1 | upeuoz.com |
|
| Details | Domain | 1 | eqyaud.com |
|
| Details | Domain | 1 | wouaoc.com |
|
| Details | Domain | 1 | omkbel.com |
|
| Details | Domain | 1 | ioiufb.com |
|
| Details | Domain | 1 | eyakmj.com |
|
| Details | Domain | 1 | ukjqcx.com |
|
| Details | Domain | 1 | twngee.com |
|
| Details | Domain | 1 | bkegyi.com |
|
| Details | Domain | 1 | dgyolj.com |
|
| Details | Domain | 1 | ycztdl.com |
|
| Details | Domain | 1 | dtptuw.com |
|
| Details | Domain | 1 | aqqvuo.com |
|
| Details | Domain | 1 | ioafts.com |
|
| Details | Domain | 1 | caqiny.com |
|
| Details | Domain | 1 | zqkqzt.com |
|
| Details | Domain | 1 | dezims.com |
|
| Details | Domain | 1 | ukngdn.com |
|
| Details | Domain | 1 | ousvfo.com |
|
| Details | Domain | 1 | bdgxqr.com |
|
| Details | Domain | 1 | axqeuo.com |
|
| Details | Domain | 1 | bidnxy.com |
|
| Details | Domain | 1 | heuaot.com |
|
| Details | Domain | 1 | gqugaq.com |
|
| Details | Domain | 1 | aikuul.com |
|
| Details | Domain | 1 | eiijba.com |
|
| Details | Domain | 1 | qsjite.com |
|
| Details | Domain | 1 | btaeqx.com |
|
| Details | Domain | 1 | teioez.com |
|
| Details | Domain | 1 | obwijg.com |
|
| Details | Domain | 1 | 273142363.exe-3748baa7.pf |
|
| Details | File | 20 | trojan.vbs |
|
| Details | File | 1 | %systemdrive%\documents and settings\administrator\local settings\temp\bicprcv.exe |
|
| Details | File | 1 | %temp%\cdqfm.bat |
|
| Details | File | 1 | %systemdrive%\documents and settings\administrator\local settings\temp\cdqfm.bat |
|
| Details | File | 1 | %temp%\bicprcv.exe |
|
| Details | File | 1 | %appdata%\winapp\aganpat.exe |
|
| Details | File | 1 | %appdata%\winapp\ahboqbu.exe |
|
| Details | File | 8 | order.xls |
|
| Details | File | 1 | %appdata%\microsoft\office\recent\272622119.xls |
|
| Details | File | 1 | %temp%\wbfg.exe |
|
| Details | File | 10 | cert8.db |
|
| Details | File | 7 | resources.dll |
|
| Details | File | 1 | %appdata%\ms\s\socat.exe |
|
| Details | File | 1 | %appdata%\ms\tor\tor.exe |
|
| Details | File | 1 | %appdata%\ms\tor\libgcc_s_sjlj-1.dll |
|
| Details | File | 10 | information.doc |
|
| Details | File | 1 | annotations.xml |
|
| Details | File | 1 | %appdata%\ms\tor\libevent_core-2-0-5.dll |
|
| Details | File | 2 | annotations.dll |
|
| Details | File | 1 | %appdata%\ms\s\cygreadline7.dll |
|
| Details | File | 32 | prefs.js |
|
| Details | File | 1 | taskscheduler.xml |
|
| Details | File | 1 | %appdata%\ms\tor\zlib1.dll |
|
| Details | File | 1 | 20170822125043.txt |
|
| Details | File | 8 | taskscheduler.dll |
|
| Details | File | 1 | %appdata%\ms\tor\libevent-2-0-5.dll |
|
| Details | File | 1 | %appdata%\ms\tor\tor-gencert.exe |
|
| Details | File | 28 | 0.dll |
|
| Details | File | 1 | appcrash_mshta.exe |
|
| Details | File | 1 | %appdata%\ms\s\cygwrap-0.dll |
|
| Details | File | 1 | %appdata%\ms\s\cygncursesw-10.dll |
|
| Details | File | 1 | 20170822125100.txt |
|
| Details | File | 1 | %appdata%\ms\tor\libssp-0.dll |
|
| Details | File | 1 | %appdata%\ms\tor\libevent_extra-2-0-5.dll |
|
| Details | File | 1 | 20170822125056.txt |
|
| Details | File | 7 | 0.reg |
|
| Details | File | 1 | %temp%\ts\package\services\metadata\core-properties\b413d53c92364baa9958fdda02cd8e9a.ps |
|
| Details | File | 1 | %appdata%\ms\tor\libeay32.dll |
|
| Details | File | 1 | %appdata%\ms\tor\ssleay32.dll |
|
| Details | File | 1 | 20170822125034.txt |
|
| Details | File | 1 | %temp%\7238.exe |
|
| Details | File | 1 | %temp%\cvrd4fc.tmp |
|
| Details | File | 1 | %appdata%\winapp\nkahvx.exe |
|
| Details | File | 1 | %systemdrive%\documents and settings\administrator\local settings\temp\olaiwy.exe |
|
| Details | File | 1 | %systemdrive%\documents and settings\administrator\local settings\temp\lubuj.bat |
|
| Details | File | 1 | %temp%\reaiquydcg.exe |
|
| Details | File | 1 | %systemdrive%\jr8g6w6.exe |
|
| Details | File | 1 | %systemdrive%\3t9bd.exe |
|
| Details | File | 1 | %systemdrive%\dvdvv.exe |
|
| Details | File | 1 | %systemdrive%\69w460.exe |
|
| Details | File | 1 | c:\windows\friendl.dll |
|
| Details | File | 27 | msctf.asm |
|
| Details | File | 2 | wbemess.log |
|
| Details | File | 1 | %windir%\prefetch\273142363.exe |
|
| Details | File | 3 | d.tmp |
|
| Details | File | 2 | runme.docx |
|
| Details | File | 1 | %systemdrive%\runme.exe |
|
| Details | File | 66 | normal.dot |
|
| Details | File | 1 | %systemdrive%\runme.docx |
|
| Details | md5 | 1 | b413d53c92364baa9958fdda02cd8e9a |
|
| Details | sha1 | 1 | 3488d8938caa8400f802c2439f4b8fcdce406396 |
|
| Details | sha256 | 1 | 14ab690a2f5d4fd74f280804a1b59f5c5442c1280e79ee861e68a421cac80ce3 |
|
| Details | sha256 | 1 | 2419210bdd20b352b357573e72eb82bafa801b078f25517546bd348e2e93a505 |
|
| Details | sha256 | 1 | 56ef4bb6608968653af98649fddf204933134038b6b27b118ebedcdc5ec5af0e |
|
| Details | sha256 | 1 | 946def9e50a762ef29de5b56086d976f26446f0bcb5f2590c0354eae1318e0fb |
|
| Details | sha256 | 1 | 220128b685d4e96e793756636e32257b8fd22e038890d8f194d1681343bea923 |
|
| Details | sha256 | 1 | a4ad5629d490b466e4e62bf9048968ff45466c73849609b64d6617bf32e5cc5f |
|
| Details | sha256 | 1 | d6ece69e9f8035de573411d57ea11e0bb22d243e0d47b620b9cb99793218b121 |
|
| Details | sha256 | 1 | aecf2b9c77b76f08c6a240cd5b0782f3abba0a872caea783f5105b3b3f42851a |
|
| Details | sha256 | 1 | bce01bde972b5d97e6bc163cd632fa7c2a1e9f1913abe69f8eb25d22a06063c8 |
|
| Details | sha256 | 1 | 029923c7508a27907e2c88baf9cc2effa2f78e81f4728eae2c185935f2a51fbd |
|
| Details | sha256 | 1 | 07b63a132b60b293532787b50c7765c6af9cebcc0449592ad31dec1198fc8b5a |
|
| Details | sha256 | 1 | 12c9ae29a83bf6ecf5766d9f51a2927d586bed20c3d37e4e150ffecadf8cd010 |
|
| Details | sha256 | 1 | 2d1cbae9da80482fffdbbcc4f761e5b12ffbfeb2446026862d381ac80fa0f335 |
|
| Details | sha256 | 1 | 4c5c70e7c517e35f93fd65aa493a9bbad63561ad7dc8b5235e23ca843c9c274e |
|
| Details | sha256 | 1 | 5d683f41aa10da94c4737aa8901fc92b93d4f5484f4728bcbd802b9336275d59 |
|
| Details | sha256 | 1 | 8b3c33104719d76829977a595901992bb7183ded8f5d1ef379281c7c158ef803 |
|
| Details | sha256 | 1 | 900df27eff06c022c5fc9f6ebdb6f5f1a1e9d65c2de1d5f6300c899937bb95e7 |
|
| Details | sha256 | 1 | 9ef470811ceaab0d47bb4b8e0abdf7d783902c208fedda35f8292b60af7f6870 |
|
| Details | sha256 | 1 | d3bc718d0cb24a9ffb25ae75d413f29fdb173e9174fd07d06ee8bb49ebec2330 |
|
| Details | sha256 | 1 | e433044ade8b09c97cd4b2008bccb9f12d45e32f84a94efbc800754c58ed3eb2 |
|
| Details | sha256 | 1 | efe8092be61ec8c11d6152fbf569517299f3a17322a14d5e1c13350ceaeac223 |
|
| Details | sha256 | 1 | ff428dd61e1f50b36e6fc6707054840c0912455bea073edc5806467ca8cb7046 |
|
| Details | sha256 | 1 | 0009657099e7e3f555a68ae39827099905339f5dafe648585175de089a75ba6b |
|
| Details | sha256 | 1 | 3724ecf98a0a71f54c227e00417bf0ea603ca480ac6db2a2708cc275f6227104 |
|
| Details | sha256 | 1 | 44cd48611f0044d98082ba3dd816b61fe80ee91812fc05ee1f3f37690f51bacc |
|
| Details | sha256 | 1 | 488f6347913c580600ca24527ab8a0f3d2129c597a6398cc857eec4f1b0348c1 |
|
| Details | sha256 | 1 | 4b9f88762b2eb226b86c5bb4ce04b4ffcd07d0e332bbc92ed6dd2d7d451c8269 |
|
| Details | sha256 | 1 | 57c8d5b413e5ddc4bbf416ef8ac9b902eb1058e18b79e76ef5340c835c9cfa73 |
|
| Details | sha256 | 1 | 6fe1e272df58349481d71357488f08fda7bf4709cd72be00ce5e42c244783649 |
|
| Details | sha256 | 1 | 6fef1c02e5d06c9cd2b29fee73e796791b7b84a1875ff19296140d49823621ae |
|
| Details | sha256 | 1 | 6ff2121b359d8a2776c25293aa96b823759b0796e559e70bc6d2e8adaf208fd7 |
|
| Details | sha256 | 1 | 8b0d3d287580a5095e92aaf357bb39e1ab754dd3eaa4ca9c2f7ee4727f5649dd |
|
| Details | sha256 | 1 | 8e03b31baaa847ffef1df04336d7629bd8c8ca169406768479114b91b96c9092 |
|
| Details | sha256 | 1 | 9557c5337e1ebcc8dfe36e284be35c32ce22d2a4fbac56602d326598594899a8 |
|
| Details | sha256 | 2 | b20fac264fb5724f17caafc34df08fc57879c0b30d360352a8e2b1ae3f9c2022 |
|
| Details | sha256 | 1 | e77b85c8d93c7d1093eeea80621ad45ab3f091d537837a425b4e8829a2041aa4 |
|
| Details | sha256 | 1 | fef300c8fad4477c75fd83aaa5a0033ee79c46e948148b4a7ed372943c306f5d |
|
| Details | sha256 | 1 | 940723f511b9ecaf14478330baa01d4384f168de4b9c25a42e2865fde11067e4 |
|
| Details | sha256 | 1 | 5bf717cf8794bc159f95b59fb73e46d8e46fcca03d5dca9b47d0b398fb9db17a |
|
| Details | sha256 | 1 | a9832474a614d15382a50954c3adf5ab7774698dcf57417c80f2abc640399639 |
|
| Details | sha256 | 1 | 002eb4fddf6e8f9165e28694da6f368626282bd7e99c11f1eaeb365339c2331a |
|
| Details | sha256 | 1 | 01b538e451a390f7cfcdc263355dca070ea1a578d083fa94762912cff36b226b |
|
| Details | sha256 | 1 | 026a7284b6420e06f20e683054e0ed01a0afa14321fe4094c14bdb63a46ee17f |
|
| Details | sha256 | 1 | 04d8c0fd0f85b534c8a225be38e7bda9dc7edc248b1f6419fb64a99fde5b4b11 |
|
| Details | sha256 | 1 | 050e9daae7c0778e00b17a71d70f34a9ec60c7ac1d309d53ffd23e7a74f81b2e |
|
| Details | sha256 | 1 | 06ebf78a7f2f3cbc7a8961051f3bfe9211b8dc8fd255be6f9df7b96f261a46ad |
|
| Details | sha256 | 1 | 07509506034c49b52314ee53984af6556396da7070c9d0069324f555f722db6d |
|
| Details | sha256 | 1 | 076e08eb3eae357b4ee75f9bc1e9fe8a9ea3b3e3ddafe244e0583e320a0bfd26 |
|
| Details | sha256 | 1 | 07ab8a56baed7f7014781b275e8324e8bb7974360ac05d017c65d40ed05e1869 |
|
| Details | sha256 | 1 | 07b5361cde1a670a587bd7d58160c97282415a025b4b9d1efa806a121e577027 |
|
| Details | sha256 | 1 | a0fc82de8afd8ac9d2a9df4c5f94ea0d44abdad70af70624f168c3c34036d35b |
|
| Details | sha256 | 1 | 5e0fcf513867bb834af4ebb405a328d66838e528e32e420a89eab7b8619f1830 |
|
| Details | sha256 | 1 | 64091a671d00602e4f81f987207ac2b16f5c3e86f98add903bf369b528db2d38 |
|
| Details | sha256 | 1 | 9727223d176381c88f6f5f17a2e7f99981eaba31282a41c1ceb3158bccbe08f4 |
|
| Details | sha256 | 1 | f095ae655db18fb27667ece1c168b97d42b1b164991cda154022d6f8e270cd49 |
|
| Details | sha256 | 1 | 73c4f4e0dbe8bb08fa68c7aa73e44651a322d5a04e462e546d6cf0c9e4897235 |
|
| Details | sha256 | 1 | 6d20ac8668c1876117cfb7686d1dd71a82a88bc69595a9d698591a5ea41878b6 |
|
| Details | sha256 | 1 | c8810c54be65f65747458e905afaaf534202d2c6bd5dc681309a1872042946b3 |
|
| Details | sha256 | 1 | f3b527e625e6f198b5d44150bd4b5408935e57b7f7b395deba33f1662e2a2737 |
|
| Details | sha256 | 1 | c95ad921fa61c90a84ce29748ee334827fab456bb5807ad2f3e5c688bc539903 |
|
| Details | sha256 | 1 | 5f312c0ec89ad31cb819663059c97505cc72032f429cff33c61995ca651d52c0 |
|
| Details | sha256 | 1 | afc27b6c6deace69313e1e164257ca0b5e5ce003c34c79ca1dc43dd67129f081 |
|
| Details | sha256 | 1 | 55a8224f9b571776935e0340c9093b35b90b9138ef87e8484429b27c9ea61681 |
|
| Details | sha256 | 1 | 9edbd6e5cf7cfa8f6c5ca9a80a487e420996cae0982fbcbfe72206c0b85845db |
|
| Details | sha256 | 1 | e0d385356bc5dc0a7619553d391259b8acd0f226dafb719b505bec4cba58fb46 |
|
| Details | IPv4 | 1 | 210.16.102.251 |
|
| Details | IPv4 | 26 | 216.239.32.21 |
|
| Details | IPv4 | 1 | 93.114.64.118 |
|
| Details | IPv4 | 1 | 5.152.210.179 |
|
| Details | IPv4 | 2 | 146.255.36.1 |
|
| Details | IPv4 | 1 | 185.165.29.27 |
|
| Details | IPv4 | 1 | 185.165.29.129 |
|
| Details | IPv4 | 1 | 82.195.75.101 |
|
| Details | IPv4 | 2 | 91.219.237.229 |
|
| Details | IPv4 | 2 | 109.163.234.8 |
|
| Details | IPv4 | 3 | 38.229.72.16 |
|
| Details | IPv4 | 1 | 23.21.138.252 |
|
| Details | IPv4 | 2 | 31.185.104.20 |
|
| Details | IPv4 | 1 | 78.47.38.226 |
|
| Details | IPv4 | 1 | 104.20.73.28 |
|
| Details | IPv4 | 1 | 184.73.220.206 |
|
| Details | IPv4 | 2 | 46.28.110.244 |
|
| Details | IPv4 | 2 | 81.7.16.182 |
|
| Details | IPv4 | 1 | 198.199.64.217 |
|
| Details | IPv4 | 1 | 174.129.241.106 |
|
| Details | IPv4 | 1 | 50.19.238.1 |
|
| Details | IPv4 | 1 | 154.35.132.70 |
|
| Details | IPv4 | 1 | 62.210.92.11 |
|
| Details | IPv4 | 8 | 72.21.81.200 |
|
| Details | IPv4 | 3 | 151.80.42.103 |
|
| Details | IPv4 | 1 | 5.39.92.199 |
|
| Details | IPv4 | 11 | 86.59.21.38 |
|
| Details | IPv4 | 1 | 192.30.255.120 |
|
| Details | IPv4 | 1 | 192.30.255.121 |
|
| Details | IPv4 | 4 | 185.100.86.128 |
|
| Details | IPv4 | 1 | 144.76.163.93 |
|
| Details | IPv4 | 2 | 178.62.22.36 |
|
| Details | IPv4 | 1 | 104.20.74.28 |
|
| Details | IPv4 | 1 | 51.254.101.242 |
|
| Details | IPv4 | 1 | 46.252.26.2 |
|
| Details | IPv4 | 2 | 89.45.235.21 |
|
| Details | IPv4 | 262 | 192.168.1.1 |
|
| Details | IPv4 | 1 | 178.62.86.96 |
|
| Details | IPv4 | 1 | 178.62.197.82 |
|
| Details | IPv4 | 6 | 52.173.193.166 |
|
| Details | IPv4 | 24 | 192.168.1.255 |
|
| Details | IPv4 | 2 | 120.29.217.46 |
|
| Details | IPv4 | 1 | 138.201.14.197 |
|
| Details | IPv4 | 1 | 86.59.119.88 |
|
| Details | IPv4 | 3 | 192.30.255.113 |
|
| Details | IPv4 | 1 | 192.30.255.112 |
|
| Details | IPv4 | 1 | 85.25.116.81 |
|
| Details | IPv4 | 1 | 107.22.255.198 |
|
| Details | IPv4 | 1 | 23.23.170.235 |
|
| Details | IPv4 | 6 | 192.168.1.127 |
|
| Details | IPv4 | 1 | 216.138.226.110 |
|
| Details | IPv4 | 2 | 64.182.208.181 |
|
| Details | IPv4 | 1 | 5.152.210.176 |
|
| Details | IPv4 | 1 | 138.128.191.146 |
|
| Details | IPv4 | 3 | 148.81.111.121 |
|
| Details | Windows Registry Key | 1 | HKU\Software\Microsoft\Office\12.0\Word |
|
| Details | Windows Registry Key | 1 | HKU\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems |