Threat Actor behind Astaroth is now using Cloudflare Workers to bypass your Security Solutions.
Tags
country: Brazil
attack-pattern: Data Dll Side-Loading - T1574.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Dll Side-Loading - T1073
Show in Graph
Common Information
Type Value
UUID df21d206-0cc9-4183-b1d2-d2f535b2a94b
Fingerprint a422390709b59acb
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 6, 2019, 8:47 p.m.
Added to db Feb. 18, 2023, 1:15 a.m.
Last updated Nov. 19, 2024, 3:59 p.m.
Headline Threat Actor behind Astaroth is using Cloudflare Workers to bypass your Security Solutions.
Title Threat Actor behind Astaroth is now using Cloudflare Workers to bypass your Security Solutions.
Detected Hints/Tags/Attributes 63/2/18
Source URLs
Redirection Url
Details Redirection http://blog.heyday.xyz/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
Details Redirection https://blog.heyday.xyz/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
Details Source https://blog.heyday.xyz/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c?gi=19d1fa47a6ad
Details Redirection https://blog.heyday.xyz/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c?gi=2dc337599a91
Details Source https://blog.heyday.xyz/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c?gi=50a2f27d7ffd
Details Source https://blog.heyday.xyz/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c?gi=9bc683d536f2
Details Source https://blog.heyday.xyz/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c?gi=b60bbb1adc0a
Details Source https://blog.usejournal.com/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
Details Source https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.heyday.xyz%2Fthreat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
URL Provider
Details Provider Source level domain
Details heyday.xyz blog.heyday.xyz
Details medium.com medium.com
Details usejournal.com blog.usejournal.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
jsfiddle.net
Details Domain 1 
84efc29573641d2f04337907900ab249.cloudflareworkers.com
Details Domain 1 
327559932d6dbe26a9d576034fd615d2.cloudflareworkers.com
Details Domain 917 
any.run
Details File 1 
duplicata_leaobravo_04132583.htm
Details File 1 
vbvvjjh.js
Details File 379 
wscript.exe
Details File 2134 
cmd.exe
Details File 13 
extexport.exe
Details md5 1 
84efc29573641d2f04337907900ab249
Details md5 1 
327559932d6dbe26a9d576034fd615d2
Details Url 1 
http://eaep3xmsaaen.promotoradenegocios.com.de/5m0bfvgs02w/34284/duplicata_leaobravo_04132583.htm
Details Url 1 
https://xsw%random%nnccccmd95c22.cloudflareworkers.com/.edgeworker-fiddle-init-preview/6a8db783ccc67c314de2767f33605caec2262527cbed408b4315c2e2d54cf0371proud-glade-92ec.ativadormasterplus.workers.dev/?09
Details Url 1 
https://84efc29573641d2f04337907900ab249.cloudflareworkers.com/.edgeworker-fiddle-init-preview/ae634c73683563b82196ddb468eede951636ba7051b2f5171ba2ae69ae94b17b1muddy-surf-5e18.marcel.workers.dev
Details Url 1 
https://84efc29573641d2f04337907900ab249.cloudflareworkers.com
Details Url 1 
https://327559932d6dbe26a9d576034fd615d2.cloudflareworkers.com/.edgeworker-fiddle-init-preview/ae634c73683563b82196ddb468eede951636ba7051b2f5171ba2ae69ae94b17b1muddy-surf-5e18.marcel.workers.dev
Details Url 1 
https://327559932d6dbe26a9d576034fd615d2.cloudflareworkers.com
Details Url 1 
https://xsw12345nnccccmd95c22.cloudflareworkers.com/.edgeworker-fiddle-init-preview/6a8db783ccc67c314de2767f33605caec2262527cbed408b4315c2e2d54cf0371proud-glade-92ec.ativadormasterplus.workers.dev