ScreenConnect Campaign IOCs - SEC-1275-1
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Vnc - T1021.005 |
Common Information
| Type | Value |
|---|---|
| UUID | d9a5c3b5-523c-4883-8d9b-50504c3b21b6 |
| Fingerprint | 7a08d7ab58df7d49 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 20, 2023, midnight |
| Added to db | Oct. 23, 2023, 1:20 a.m. |
| Last updated | Nov. 17, 2024, 2:49 p.m. |
| Headline | ScreenConnect Campaign IOCs |
| Title | ScreenConnect Campaign IOCs - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 17/1/65 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/2703/screenconnect-campaign-iocs-2/?from=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | cryptoapex-invests.com |
|
| Details | Domain | 2 | spm23.casacam.net |
|
| Details | Domain | 2 | studioaziende.click |
|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 1 | instance-ln8lsc-relay.screenconnect.com |
|
| Details | Domain | 30 | www.mediafire.com |
|
| Details | File | 2 | any.exe |
|
| Details | File | 4 | exploit.ps1 |
|
| Details | File | 51 | install.bat |
|
| Details | File | 2 | madona.mp3 |
|
| Details | File | 2 | pink.mp3 |
|
| Details | File | 2 | ricevuta-di-pagamento-attivita-sportive-2-copia-autor-9x17-pezzi-2.jpg |
|
| Details | File | 1 | 23.vbs |
|
| Details | md5 | 1 | 193a7c86091ca535bfd8cecefd66db92 |
|
| Details | md5 | 1 | 1d3c8727b94269c98777185bc5a5e140 |
|
| Details | md5 | 1 | 28bffb01262b653b5948dd837bc9ded4 |
|
| Details | md5 | 1 | 45d773e41548d4d615944db5d19445f4 |
|
| Details | md5 | 1 | 6a120d996e457a9de75298d341d6d1a5 |
|
| Details | md5 | 1 | 81d8cd93c1c042209fb194fdfc67f3dc |
|
| Details | md5 | 1 | a6244a2ccb3cb10f19f66a74b7e9ae19 |
|
| Details | md5 | 1 | b9b8c2ad3f16dd1ee7518b5b4ed165b1 |
|
| Details | md5 | 1 | cb6983e1dbaaf2391c9b4ea582e2b8c1 |
|
| Details | md5 | 1 | cc9e080d1766d43008cfe5e5deba584f |
|
| Details | md5 | 1 | da08e8d5ec04d00523750aba37ddbf26 |
|
| Details | md5 | 1 | dd4589f4f685e5cad105ec0a3aa3f96b |
|
| Details | md5 | 2 | f24f62eeb789199b9b2e467df3b1876b |
|
| Details | md5 | 1 | fd877ae342e4e8b246d11700eb90b23d |
|
| Details | sha1 | 1 | 0adfc8ca4273d6e027d47dbf7de2d978ccaf036e |
|
| Details | sha1 | 1 | 2ddf1b3eebef8458cc023cc9faa9c98eebf36171 |
|
| Details | sha1 | 1 | 4d07b1d06c531c52bd3f2fb38b6fa338d3b4ba6b |
|
| Details | sha1 | 1 | 836bd1d60c643f2e98096218a093dd404c8d66c4 |
|
| Details | sha1 | 1 | 8e7a46f0bd61516f23a2ebb217fa8e81f18e1a7d |
|
| Details | sha1 | 1 | 9c1790db6b9cbd9c5bf2b12b8fbcf6a342a6fd3a |
|
| Details | sha1 | 1 | b48c5c09d0c62fb3db625ec6c9b3b3667a075e02 |
|
| Details | sha1 | 1 | b5eb3a6a35f645432e0bf18acd2ef10824b48d8c |
|
| Details | sha1 | 1 | bcd13b47bc9f5ab3d1d4c0a0b34c112c5920a273 |
|
| Details | sha1 | 1 | c7cff685f59287f36134a6e14c915491ff9fd9fa |
|
| Details | sha1 | 1 | c8d06d1269bc10dd8a0b696c5fd90fa84a3425af |
|
| Details | sha1 | 1 | d3368caccf096fe27b5c2b77e867e465f7d248d2 |
|
| Details | sha1 | 1 | de3ac21778e51de199438300e1a9f816c618d33a |
|
| Details | sha1 | 1 | fc8d881bf7b13df8e7bf31b6f811f53c44f8336d |
|
| Details | sha256 | 1 | 1ce4768f825372d55c1d30ce3ac41afb913de6299a64ae5b0ac1b3b752421d64 |
|
| Details | sha256 | 1 | 210011d881a2d92ab622dbfab0c75d9ed05f2bee2d3cafb1b4ebdcefbc161e21 |
|
| Details | sha256 | 1 | 4528489ea4bc2cf115c05db55cd1077a4f4854293ecd240821c8c4c64b16c3b1 |
|
| Details | sha256 | 1 | 4da74a42d11588679227d5c6573d693939638a796f0775a38055fea997597153 |
|
| Details | sha256 | 1 | 5dda5b868b0c3af3ae72aceeb80c159789cbf6260de5d3db26ea41f5c90e6f04 |
|
| Details | sha256 | 1 | 78aff05aa2ad11f42353bfbded5b8539b95c3fcbfbc35053641e8d902eecd8b5 |
|
| Details | sha256 | 1 | 852edfa00a80b02cd48ff063f9c62a2ba0e9a90acb289b96f29b4d5faeda63b7 |
|
| Details | sha256 | 1 | 85bdf691ddbeebf9a11faa642fc7767507014483a7d43ede19406bfe46b8969f |
|
| Details | sha256 | 1 | a1914ce3c6554fc7df5ca914ae25d1b2e5566418341c7dbc7d867d312041c6e3 |
|
| Details | sha256 | 1 | c2ab7b8701bdc36198a8f01791c8a3479ef3e8bcc6ccd3bd8c2f60dd9672e8e1 |
|
| Details | sha256 | 1 | c573aceb69a23904d9b8989997d573819332ca56ab015615248b732ff7666675 |
|
| Details | sha256 | 1 | cb513781bcbf9fa820bdc3061089722795adf1d48a8788416b8e38dc9d287027 |
|
| Details | sha256 | 1 | d658f722760324a9e866c6aff9b739ee59976c60a96b1ed3bc3d4048f8491b24 |
|
| Details | sha256 | 1 | e596899f114b5162402325dfb31fdaa792fabed718628336cc7a35a24f38eaa9 |
|
| Details | Url | 1 | https://bit.ly/fattura181023 |
|
| Details | Url | 1 | https://cryptoapex-invests.com/js/any.exe |
|
| Details | Url | 1 | https://cryptoapex-invests.com/js/exploit.ps1 |
|
| Details | Url | 1 | https://cryptoapex-invests.com/js/install.bat |
|
| Details | Url | 1 | https://instance-ln8lsc-relay.screenconnect.com |
|
| Details | Url | 1 | https://studioaziende.click |
|
| Details | Url | 1 | https://studioaziende.click/madona.mp3 |
|
| Details | Url | 1 | https://studioaziende.click/pink.mp3 |
|
| Details | Url | 1 | https://www.agendepoint.it/6628-thickbox_default/ricevuta-di-pagamento-attivita-sportive-2-copia-autor-9x17-pezzi-2.jpg |
|
| Details | Url | 1 | https://www.mediafire.com/file/xc4aj1auw1l8zhr/fattura10.18.23.vbs |