Snake Keylogger IOCs - III - SEC-1275-1
Tags
| attack-pattern: | Javascript - T1059.007 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | e7c5e309-3ba5-44ed-991c-6303d566bf20 |
| Fingerprint | ae24afb31de5f35b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 28, 2024, midnight |
| Added to db | Aug. 30, 2024, 11:15 p.m. |
| Last updated | Nov. 15, 2024, 1:37 p.m. |
| Headline | Snake Keylogger IOCs - III |
| Title | Snake Keylogger IOCs - III - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 9/1/12 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/3887/snake-keylogger-iocs-iii/?mtm_campaign=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 269 | cve-2017-0199 |
|
| Details | Domain | 5 | script.shell |
|
| Details | Domain | 3 | urlty.co |
|
| Details | File | 4 | sahost.exe |
|
| Details | sha256 | 3 | 207dd751868995754f8c1223c08f28633b47629f78faaf70a3b931459ee60714 |
|
| Details | sha256 | 3 | 484e5a871ad69d6b214a31a3b7f8cfced71ba7a07e62205a90515f350cc0f723 |
|
| Details | sha256 | 3 | 6f6a660ce89f6ea5bbe532921ddc4aa17bcd3f2524aa2461d4be265c9e7328b9 |
|
| Details | sha256 | 3 | 8406a1d7a33b3549dd44f551e5a68392f85b5ef9cf8f9f3db68bd7e02d1eaba7 |
|
| Details | IPv4 | 3 | 192.3.176.138 |
|
| Details | Url | 3 | http://192.3.176.138/107/sahost.exe |
|
| Details | Url | 3 | http://192.3.176.138/xampp/zoom/107.hta |
|
| Details | Url | 3 | http://urlty.co/bypco |