ioc[.]one - OSINT Cyber Threat Intelligence Database

A pirated program downloaded from a torrent site infected hundreds of thousands of users

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Masquerading Obfuscated Files Or Information Scheduled Task/Job
country:	Belarus Brazil Germany India Philippines Poland Uzbekistan Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Boot Or Logon Autostart Execution - T1547 Credentials - T1589.001 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Drive-By Compromise - T1456 Exfiltration Over Web Service - T1567 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Impair Defenses - T1562 Impair Defenses - T1629 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerade Task Or Service - T1036.004 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Remote Access Software - T1663 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 System Checks - T1633.001 System Checks - T1497.001 Web Protocols - T1071.001 Windows File And Directory Permissions Modification - T1222.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Drive-By Compromise - T1189 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Registry Run Keys / Start Folder - T1060 Remote Access Tools - T1219 Scheduled Task - T1053 Software Packing - T1045 System Owner/User Discovery - T1033 User Execution - T1204 Drive-By Compromise Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	e29fe811-20d6-4b69-9343-3a3c481c8454
Fingerprint	ada429536da32687
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 25, 2023, midnight
Added to db	Nov. 20, 2023, 12:05 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	A pirated program downloaded from a torrent site infected hundreds of thousands of users
Title	A pirated program downloaded from a torrent site infected hundreds of thousands of users
Detected Hints/Tags/Attributes	159/4/94

Source URLs

	Redirection	Url
Details	Source	https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/a-pirated-program-downloaded-from-a-torrent-site-infected-hundreds-of-thousands-of-users/

URL Provider

Details	Provider	Source level domain
Details	ptsecurity.com	www.ptsecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	355	✔	ESC Threat Intelligence	https://www.ptsecurity.com/ww-en/rss/esc-threat/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	topsoft.space
Details	Domain	2	unsecapp.xyz
Details	Domain	2	taskmgr.xyz
Details	Domain	2	rundll.xyz
Details	Domain	4	autoit-script.ru
Details	Domain	2	idserver.xyz
Details	Domain	2	wmiprvse.xyz
Details	Domain	2	winhost.xyz
Details	Domain	2	ftpsystem.xyz
Details	Domain	2	gototopweb.xyz
Details	Domain	1	write.thread.info
Details	Domain	1	read.window.name
Details	Domain	1	read.thread.info
Details	Domain	1	read.process.info
Details	Domain	1	create.process.servicecontrol.services
Details	File	38	secret.txt
Details	File	3	report.odt
Details	File	4	report.rtf
Details	File	3	incidents.pptx
Details	File	1	c:\programdata\reaitekhd\taskhost.exe
Details	File	1	c:\programdata\reaitekhd\taskhostw.exe
Details	File	1	c:\windows\syswow64\unsecapp.exe
Details	File	1208	powershell.exe
Details	File	1	c:\programdata\windowstask\new.xml
Details	File	1	c:\programdata\windows tasks service\winserv.exe
Details	File	1	c:\program files\common files\system\iediagcmd.exe
Details	File	1	c:\programdata\rdpwinst.exe
Details	File	1	c:\programdata\windowstask\microsofthost.exe
Details	File	1	c:\programdata\windowstask\appmodule.exe
Details	File	1	c:\programdata\windowstask\audiodg.exe
Details	File	1	c:\programdata\windowstask\amd.exe
Details	File	1	c:\programdata\install\delete.bat
Details	File	40	7z.exe
Details	File	2	scaner.dat
Details	File	1	c:\programdata\rundll\sc.exe
Details	File	108	0.exe
Details	File	156	1.exe
Details	File	1	c:\programdata\rundll\scupdate.exe
Details	File	42	login.html
Details	File	2	password.html
Details	File	2	server.html
Details	File	4	status.html
Details	File	1	ltc.html
Details	File	1	btc.html
Details	File	1	btc2.html
Details	File	1	btc3.html
Details	File	1	eth.html
Details	File	1	zec.html
Details	File	1	doge.html
Details	File	1	trx.html
Details	File	1	bch.html
Details	File	37	icacls.exe
Details	File	1	write.reg
Details	File	1	istry.key
Details	File	1	thread.inf
Details	File	1	read.reg
Details	File	1	process.inf
Details	md5	1	bc216a5ae848fab1d2dbd8e7b5a91142
Details	IPv4	1	193.32.188.10
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	20	T1222.001
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	57	T1036.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	126	T1567
Details	Url	1	http://unsecapp.xyz/blue/login.html
Details	Url	1	http://unsecapp.xyz/blue/password.html
Details	Url	1	http://unsecapp.xyz/blue/server.html
Details	Url	1	http://taskmgr.xyz/clipdata/status.html
Details	Url	1	http://rundll.xyz/clipdata/status.html
Details	Url	1	http://taskmgr.xyz/ltc.html
Details	Url	1	http://taskmgr.xyz/btc.html
Details	Url	1	http://taskmgr.xyz/btc2.html
Details	Url	1	http://taskmgr.xyz/btc3.html
Details	Url	1	http://taskmgr.xyz/eth.html
Details	Url	1	http://taskmgr.xyz/zec.html
Details	Url	1	http://taskmgr.xyz/doge.html
Details	Url	1	http://taskmgr.xyz/trx.html
Details	Url	1	http://taskmgr.xyz/bch.html
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden