ioc[.]one - OSINT Cyber Threat Intelligence Database

Magnitude Exploit Kit: Still Alive and Kicking - Avast Threat Labs

Tags

country:	Malaysia North Korea Hong Kong South Korea Singapore Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Regsvr32 - T1117

Show in Graph

Common Information

Type	Value
UUID	e88adeb1-0cb6-4c67-852c-83dd3af9eb34
Fingerprint	b6391913ac4684c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 29, 2021, 4:30 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Magnitude Exploit Kit: Still Alive and Kicking
Title	Magnitude Exploit Kit: Still Alive and Kicking - Avast Threat Labs
Detected Hints/Tags/Attributes	96/3/62

Source URLs

	Redirection	Url
Details	Source	https://decoded.avast.io/janvojtesek/magnitude-exploit-kit-still-alive-and-kicking/

URL Provider

Details	Provider	Source level domain
Details	avast.io	decoded.avast.io

Attributes

Details	Type	#Events	Value
Details	CVE	48	cve-2021-26411
Details	CVE	14	cve-2020-0986
Details	Domain	1	binlo.info
Details	Domain	1	fab9z1g6f74k.tooharm.xyz
Details	Domain	1	6za16cb90r370m4u1ez.burytie.top
Details	Domain	1	tooharm.xyz
Details	Domain	1	burytie.top
Details	Domain	4127	github.com
Details	File	263	iexplore.exe
Details	File	12	splwow64.exe
Details	File	76	gdi32.dll
Details	File	7	gdi32full.dll
Details	File	19	winspool.drv
Details	File	80	msvcrt.dll
Details	File	380	notepad.exe
Details	File	18	compmgmtlauncher.exe
Details	File	27	computerdefaults.exe
Details	File	459	regsvr32.exe
Details	File	62	scrobj.dll
Details	File	2	%public%\readme.txt
Details	File	367	readme.txt
Details	File	1	cncs.txt
Details	File	1	decoys.txt
Details	Github username	12	avast
Details	sha256	1	2cc3ece1163db8b467915f76b187c07e1eb0ca687c8f1efb9d278b8daadbe590
Details	sha256	1	3da50b3752560932d9d123ef813a3b67f5d840fee38a18cc14d18d5dc369bce4
Details	sha256	1	91dbcaa7833aef48fa67c55c26c9c142cb76c5530c0b2a3823c8f74cf52b73cc
Details	sha256	1	db8cf1f5651a44b443a23bc239b4215dcfd0a935458f9d17cb511b2c33e0c3b9
Details	sha256	1	ef15ee0511c2f9e29ecaf907f3ca0bb603f7ec57d320ba61b718c4078b864824
Details	sha256	1	0306b0b79a85711605bbbfac62ac7d040a556aa7ac9fe58d22ea2e00d51b521a
Details	sha256	1	419da91566a7b1e5720792409301fa772d9abf24dfc3ddde582888112f12937a
Details	sha256	1	6a348a5b13335e453ac34b0ed87e37a153c76a5be528a4ef4b67e988aaf03533
Details	sha256	1	4e80fa124865445719e66d917defd9c8ed3bd436162e3fbc180a12584d372442
Details	sha256	1	217f21bd9d5e92263e3a903cfcea0e6a1d4c3643eed223007a4deb630c4aee26
Details	sha256	1	5d0e45febd711f7564725ac84439b74d97b3f2bc27dbe5add5194f5cdbdbf623
Details	sha256	1	351a2e8a4dc2e60d17208c9efb6ac87983853c83dae5543e22674a8fc5c05234
Details	sha256	1	4044008da4fc1d0eb4a0242b9632463a114b2129cedf9728d2d552e379c08037
Details	sha256	1	1ea23d7456195e8674baa9bed2a2d94c7235d26a574adf7009c66d6ec9c994b3
Details	sha256	1	3de9d91962a043406b542523e11e58acb34363f2ebb1142d09adbab7861c8a63
Details	sha256	1	dfa093364bf809f3146c2b8a5925f937cc41a99552ea3ca077dac0f389caa0da
Details	sha256	1	e05a4b7b889cba453f02f2496cb7f3233099b385fe156cae9e89bc66d3c80a7f
Details	sha256	1	ae930317faf12307d3fb9a534fe977a5ef3256e62e58921cd4bf70e0c05bf88a
Details	sha256	1	440be2c75d55939c90fc3ef2d49ceeb66e2c762fd4133c935667b3b2c6fb8551
Details	sha256	1	a5edae721568cdbd8d4818584ddc5a192e78c86345b4cdfb4dc2880b9634acab
Details	sha256	1	1505368c8f4b7bf718ebd9a44395cfa15657db97a0c13dcf47eb8cfb94e7528b
Details	sha256	1	63525e19aad0aae1b95c3a357e96c93775d541e9db7d4635af5363d4e858a345
Details	sha256	1	31e99c8f68d340fd046a9f6c8984904331dc6a5aa4151608058ee3aabc7cc905
Details	sha256	1	f8472b1385ed22897c99f413e7b87a05df8be05b270fd57a9b7dd27bed9a79a6
Details	sha256	1	19f57a213e7828e5e32adf169e51e0d165ddf25a6851a726268e10273a8df8b8
Details	sha256	1	b0b709a620509154bc6d7b4e66d0a7daa7fd8ce23d1e104d80128ea3d0bb54e7
Details	sha256	1	d22d616255b3cceff0fbcaba98083f5fda8be951287fb1d1c207fd1887889b2f
Details	sha256	1	7c1fc5dfb970f856abf48cc65bda4f102452216ad8b9f1fe9c7a66650d91959d
Details	sha256	1	a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4
Details	sha256	1	525f9dbf9a74390fd22779a68f191b099ee9b4d2e8095c57ac1c932629a8af56
Details	sha256	1	3ae5cd106e3130748ef61d317022d7b6ab98a0811088cfc478d49375c352bf04
Details	sha256	1	daf17fbf2bfcfaa2dafb6470a5da0054eb61ab5b44cd8cbbf22f8819f3c432db
Details	sha256	1	fcd8f8647a1d5e08446a392cc6c69090c00714d681c4fa258656e12cd4f80c2e
Details	Url	1	https://github.com/avast/ioc/tree/master/magnitude.
Details	Url	1	https://github.com/avast/ioc/blob/master/magnitude/cncs.txt
Details	Url	1	https://github.com/avast/ioc/blob/master/magnitude/decoys.txt
Details	Windows Registry Key	16	HKCU\Software\Classes\mscfile\shell\open\command
Details	Windows Registry Key	9	HKCU\Software\Classes\ms-settings\shell\open\command