ioc[.]one - OSINT Cyber Threat Intelligence Database

Introducing WhiteBear

Tags

country:	Republic Of The Congo South Sudan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Code Signing - T1553.002 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Hidden Window - T1564.003 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Screensaver - T1546.002 Server - T1583.004 Server - T1584.004 Code Signing - T1116 Hidden Window - T1143 Screensaver - T1180

Show in Graph

Common Information

Type	Value
UUID	e0302d99-241e-4074-bd0e-1151f6cc8095
Fingerprint	3e188a7b04b5f0c0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 30, 2017, 2:43 p.m.
Added to db	Feb. 17, 2023, 9:21 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Introducing WhiteBear
Title	Introducing WhiteBear
Detected Hints/Tags/Attributes	86/3/31

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/introducing-whitebear/81638/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	21	update.microsoft.com
Details	Domain	369	microsoft.com
Details	Domain	18	windowsupdate.microsoft.com
Details	Domain	287	yahoo.com
Details	Domain	707	google.com
Details	Domain	5	soligro.com
Details	Domain	1	mydreamhoroscope.com
Details	File	1260	explorer.exe
Details	File	1	%homepath%ntuser.dat.log
Details	File	263	iexplore.exe
Details	File	199	firefox.exe
Details	File	271	chrome.exe
Details	File	173	outlook.exe
Details	File	23	safari.exe
Details	File	73	opera.exe
Details	File	1	%temp%kb943729.log
Details	File	1	%temp%cvrg72b5.tmp
Details	File	1	%temp%cvrg1a6b.tmp
Details	File	1	%temp%cvrg38d9.tmp
Details	File	1	df1e05.tmp
Details	File	2126	cmd.exe
Details	md5	1	b099b82acb860d9a9a571515024b35f0
Details	md5	1	06bd89448a10aa5c2f4ca46b4709a879
Details	md5	1	19ce5c912768958aa3ee7bc19b2b032c
Details	IPv4	2	169.255.137.203
Details	IPv4	2	217.171.86.137
Details	IPv4	1	66.178.107.140
Details	Windows Registry Key	1	HKCUSOFTWAREMicrosoftWindowsNTCurrentVersionExplorerScreen
Details	Windows Registry Key	1	HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerScreenSaver
Details	Windows Registry Key	3	HKCUSOFTWAREMicrosoftWindows
Details	Windows Registry Key	2	HKCUSoftwareMicrosoftWindows