ioc[.]one - OSINT Cyber Threat Intelligence Database

Ongoing Social Engineering Campaign Refreshes Payloads | Rapid7 Blog

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Develop Capabilities Network Denial Of Service Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Code Signing - T1553.002 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Develop Capabilities - T1587 Domains - T1583.001 Domains - T1584.001 Exploitation For Privilege Escalation - T1404 Input Capture - T1417 Network Denial Of Service - T1464 Kerberoasting - T1558.003 Keylogging - T1056.001 Keylogging - T1417.001 Lateral Tool Transfer - T1570 Malware - T1587.001 Malware - T1588.001 Native Api - T1575 Network Denial Of Service - T1498 Ntds - T1003.003 Phishing - T1660 Phishing - T1566 Portable Executable Injection - T1055.002 Powershell - T1059.001 Process Injection - T1631 Protocol Tunneling - T1572 Reflective Code Loading - T1620 Remote Access Software - T1663 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Voice - T1566.004 Spearphishing Voice - T1598.004 Ssh - T1021.004 Steal Or Forge Kerberos Tickets - T1558 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Tool - T1588.002 Vulnerabilities - T1588.006 Code Signing - T1116 Command-Line Interface - T1059 Connection Proxy - T1090 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Exploitation For Privilege Escalation - T1068 Input Capture - T1056 Kerberoasting - T1208 Powershell - T1086 Process Injection - T1055 Remote Access Tools - T1219 System Owner/User Discovery - T1033

Show in Graph

Common Information

Type	Value
UUID	e1fe7187-45f8-4e7e-9485-aa6524024d6a
Fingerprint	ac950c95afbd8685
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 12, 2024, 1 p.m.
Added to db	Aug. 31, 2024, 1:18 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Ongoing Social Engineering Campaign Refreshes Payloads
Title	Ongoing Social Engineering Campaign Refreshes Payloads \| Rapid7 Blog
Detected Hints/Tags/Attributes	134/3/87

Source URLs

	Redirection	Url
Details	Redirection	https://blog.rapid7.com/2024/08/12/ongoing-social-engineering-campaign-refreshes-payloads/
Details	Source	https://www.rapid7.com/blog/post/2024/08/12/ongoing-social-engineering-campaign-refreshes-payloads/

URL Provider

Details	Provider	Source level domain
Details	rapid7.com	www.rapid7.com
Details	rapid7.com	blog.rapid7.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	50	✔	Rapid7 Cybersecurity Blog	https://blog.rapid7.com/rss/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	6	AS48282
Details	Autonomous System Number	1	AS216071
Details	CVE	17	cve-2022-26923
Details	Domain	1	halagifts.com
Details	Domain	1	spamicrosoft.com
Details	Domain	1	preservedmoment.com
Details	Domain	2	falseaudiencekd.shop
Details	Domain	2	feighminoritsjda.shop
Details	Domain	2	justifycanddidatewd.shop
Details	Domain	2	marathonbeedksow.shop
Details	Domain	2	pleasurenarrowsdla.shop
Details	Domain	2	raiseboltskdlwpow.shop
Details	Domain	2	richardflorespoew.shop
Details	Domain	2	strwawrunnygjwu.shop
Details	Domain	14	ssl.com
Details	File	4	antispam.exe
Details	File	1	update1.exe
Details	File	1	update4.exe
Details	File	1	update6.exe
Details	File	1	update7.exe
Details	File	1	update8.exe
Details	File	1	update2.dll
Details	File	1	update5.dll
Details	File	1	update7.ps1
Details	File	2	update3.exe
Details	File	2125	cmd.exe
Details	File	1	%temp%\qwertyuio.txt
Details	File	1	updatex.exe
Details	File	1	lu2.exe
Details	File	130	ws2_32.dll
Details	File	748	kernel32.dll
Details	File	3	kldw.exe
Details	File	1	yandexdisksetup.exe
Details	File	5	quickassist.exe
Details	File	1	apexscan.exe
Details	File	2	atiumdag.dll
Details	File	25	log.dll
Details	File	1	swi_config.exe
Details	sha1	1	b55dad8da97fa6af0272102ed0e55e76e753fd04
Details	sha1	1	dcb42ef087633803cd17c0cd6c491d522b8a2a2a
Details	sha256	1	ed062c189419bca7d8c816bcdb1a150c7ca7dd1ad6e30e1f46fae0c10ab062ef
Details	sha256	1	d512bf205fb9d1c429a7f11f3b720c74680ea88b62dda83372be8f0de1073a08
Details	sha256	1	dc5c9310a2e6297caa4304002cdfb6fbf7d6384ddbd58574f77a411f936fab0b
Details	sha256	1	24b6ddd3028c28d0a13da0354333d19cbc8fd12d4351f083c8cb3a93ec3ae793
Details	sha256	1	9c1e0c8c5b9b9fe9d0aa533fb7d9d1b57db98fd70c4f66a26a3ed9e06ac132a7
Details	sha256	1	ac22ab152ed2e4e7b4cd1fc3025b58cbcd8d3d3ae3dbc447223dd4eabb17c45c
Details	sha256	1	ab1f101f6cd7c0cffc65df720b92bc8272f82a1e13f207dff21caaff7675029f
Details	sha256	1	9ed2b4d88b263f5078003ef35654ed5c205ac2f2c0e9225d4cdb4c24a5ea9af2
Details	sha256	1	ab3daec39332ddeeba64a2f1916e6336a36ffcc751554954511121bd699b0caa
Details	sha256	1	7d96ec8b72015515c4e0b5a1ae6c799801cf7b86861ade0298a372c7ced5fd93
Details	sha256	1	9dc809b2e5fbf38fa01530609ca7b608e2e61bd713145f84cf22c68809aec372
Details	sha256	1	fb4fa180a0eee68c06c85e1e755f423a64aa92a3ec6cf76912606ac253973506
Details	sha256	1	fcf59559731574c845e42cd414359067e73fca108878af3ace99df779d48cbc3
Details	sha256	1	949faad2c2401eb854b9c32a6bb6e514ad075e5cbe96154c172f5f6628af43ed
Details	sha256	1	b92cf617a952f0dd2c011d30d8532d895c0cfbfd9556f7595f5b220e99d14d64
Details	sha256	1	cff5c6694d8925a12ce13a85e969bd468e28313af2fb46797bdcf77092012732
Details	sha256	1	cb03b206d63be966ddffa7a2115ea99f9fec50d351dce03dff1240bb073b5b50
Details	sha256	1	ccaa8c8b39cb4a4de4944200936bcd4796367c16421a89e6a7d5476ae2da78cd
Details	sha256	1	1ade6a15ebcbe8cb9bda1e232d7e4111b808fd4128e0d5db15bfafafc3ec7b8e
Details	sha256	1	ce1f44a677d9b7d1d62373175f5583d9e8c04e16ebd94656e21aa296e00e93d7
Details	IPv4	1	91.196.70.160
Details	IPv4	1	217.15.175.191
Details	IPv4	1	37.221.126.202
Details	IPv4	1	45.155.249.97
Details	IPv4	1	77.238.224.56
Details	IPv4	1	77.238.229.63
Details	IPv4	1	77.238.250.123
Details	IPv4	1	77.238.245.233
Details	IPv4	1	91.142.74.28
Details	IPv4	1	191.142.74.28
Details	IPv4	1	195.2.70.38
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	58	T1498
Details	MITRE ATT&CK Techniques	3	T1566.004
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	40	T1055.002
Details	MITRE ATT&CK Techniques	91	T1620
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	36	T1558.003
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	141	T1219
Details	Pdb	1	c:\users\lfkmf\source\repos\addmachineaccount\x64\release\addmachineaccount.pdb
Details	Url	1	http://xx.xx.xx.xx