DEV-0139 launches targeted attacks against the cryptocurrency industry | Microsoft Security Blog
Tags
Common Information
| Type | Value |
|---|---|
| UUID | dc81466a-e3f9-4114-97dd-69668416083b |
| Fingerprint | 2445be19abbed528 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 6, 2022, 9 a.m. |
| Added to db | Oct. 24, 2023, 1:34 p.m. |
| Last updated | Nov. 15, 2024, 10:43 a.m. |
| Headline | DEV-0139 launches targeted attacks against the cryptocurrency industry |
| Title | DEV-0139 launches targeted attacks against the cryptocurrency industry | Microsoft Security Blog |
| Detected Hints/Tags/Attributes | 94/2/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 53 | cve-2023-42793 |
|
| Details | Domain | 19 | vnd.ms |
|
| Details | Domain | 14 | od.lk |
|
| Details | Domain | 5 | strainservice.com |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | File | 7 | comparision.xls |
|
| Details | File | 2 | c:\programdata\microsoft media\ with the name vsdb688.tmp |
|
| Details | File | 2 | vsdb688.tmp |
|
| Details | File | 6 | logagent.exe |
|
| Details | File | 31 | wsock32.dll |
|
| Details | File | 2 | c:\programdata\microsoft media as vsdb688.tmp |
|
| Details | File | 15 | background.png |
|
| Details | File | 2 | tplink.exe |
|
| Details | File | 33 | duser.dll |
|
| Details | File | 2 | c:\users\user\appdata\roaming\dashboard_v2\tplink.exe |
|
| Details | File | 4 | hijackinglib.dll |
|
| Details | sha256 | 2 | abca3253c003af67113f83df2242a7078d5224870b619489015e4fde060acad0 |
|
| Details | sha256 | 3 | a2d3c41e6812044573a939a51a22d659ec32aea00c26c1a2fdf7466f5c7e1ee9 |
|
| Details | sha256 | 2 | d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73 |
|
| Details | sha256 | 2 | 8400f2674892cdfff27b0dfe98a2a77673ce5e76b06438ac6110f0d768459942 |
|
| Details | sha256 | 3 | e5980e18319027f0c28cd2f581e75e755a0dace72f10748852ba5f63a0c99487 |
|
| Details | IPv4 | 2 | 198.54.115.248 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 24 | DEV-0139 |
|
| Details | Url | 2 | https://od.lk/d/d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73/background.png |
|
| Details | Url | 6 | https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy |