Scammers Use ScreenConnect To Defraud SSA Beneficiaries - Cyble
Tags
cmtmf-attack-pattern: Obfuscated Files Or Information
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malicious File - T1204.002 Obfuscated Files Or Information - T1406 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Remote Access Software - T1663 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Obfuscated Files Or Information - T1027 Remote Access Tools - T1219 User Execution - T1204 User Execution
Show in Graph
Common Information
Type Value
UUID e2c8b390-6348-478f-831e-7331ec792689
Fingerprint e8cd1d108907afdd
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 28, 2024, 4:26 a.m.
Added to db Aug. 30, 2024, 11:46 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Scammers Use ScreenConnect to Defraud SSA Beneficiaries
Title Scammers Use ScreenConnect To Defraud SSA Beneficiaries - Cyble
Detected Hints/Tags/Attributes 66/3/14
Source URLs
Redirection Url
Details Source https://cyble.com/blog/scammers-use-screenconnect-to-defraud-ssa-beneficiaries/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 98 Cyble https://cyble.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 4 
poyttwq.zapto.org
Details Domain 4 
railindiaticket.in
Details Domain 7 
www.ssa.gov
Details Domain 3 
zoominvite.live
Details Email 1 
support@railindiaticket.in
Details File 2 
clientsetup.exe
Details File 269 
msiexec.exe
Details File 13 
zoom.exe
Details sha256 3 
4e81851729d58f321bb83bdb03200f62bc5ee56e0703b2d609a3923a033d5b53
Details IPv4 3 
79.110.49.157
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 627 
T1027