ioc[.]one - OSINT Cyber Threat Intelligence Database

AutoHotKey Leveraged by Metamorfo/Mekotio Banking Trojans

Tags

country:	France Spain Laos Portugal
maec-delivery-vectors:	Watering Hole
attack-pattern:	Credentials - T1589.001 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	e0b92b7e-51f7-4c82-a7f7-1fdcacec4c56
Fingerprint	ec158dda8136aaed
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 11, 2021, 10 a.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 5, 2024, 5:39 p.m.
Headline	AutoHotKey Leveraged by Metamorfo/Mekotio Banking Trojan
Title	AutoHotKey Leveraged by Metamorfo/Mekotio Banking Trojans
Detected Hints/Tags/Attributes	44/3/33

Source URLs

	Redirection	Url
Details	Source	https://cofense.com/blog/autohotkey-banking-trojan/

URL Provider

Details	Provider	Source level domain
Details	cofense.com	cofense.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	priyadarsiniculturalsociety.com
Details	Domain	1	hothiphopbeats.com
Details	Domain	1	www3.santoandre.sp.gov.br
Details	Domain	1	critichotshot.com
Details	Domain	1	thaipoliticstoday.com
Details	Domain	1	web.groupe-convergence.com
Details	Domain	1	www.aralimp.com.br
Details	Domain	1	umc24.club
Details	Domain	1	leopard-hunt.com
Details	Domain	1	20avw5rsjkv8948.zip
Details	Domain	1	es.sslhermanos.com
Details	File	11	finger.exe
Details	File	1	gur.exe
Details	IPv4	1	89.44.9.254
Details	IPv4	1	51.81.75.131
Details	IPv4	1	209.40.193.208
Details	IPv4	1	189.1.163.21
Details	IPv4	1	162.255.118.194
Details	IPv4	1	172.67.181.248
Details	IPv4	1	213.186.33.69
Details	IPv4	1	177.12.164.108
Details	IPv4	1	217.160.0.235
Details	IPv4	1	104.21.63.133
Details	IPv4	1	172.67.145.198
Details	IPv4	1	104.214.107.176
Details	IPv4	3	45.147.229.128
Details	IPv4	1	45.147.231.119
Details	IPv4	1	40.112.173.53
Details	Url	1	http://priyadarsiniculturalsociety.com//images/?hash=%email%
Details	Url	1	http://hothiphopbeats.com//images/?hash=%email%
Details	Url	1	http://critichotshot.com/loc
Details	Url	1	https://thaipoliticstoday.com/saudi-news-tq1vh
Details	Url	1	http://40.112.173.53/again/?oriudfjdfij88