ioc[.]one - OSINT Cyber Threat Intelligence Database

KryptoCibule: The multitasking multicurrency cryptostealer | WeLiveSecurity

Tags

cmtmf-attack-pattern:	Application Layer Protocol Automated Exfiltration Command And Scripting Interpreter Data Manipulation Masquerading Obfuscated Files Or Information Resource Hijacking Scheduled Task/Job
country:	Czechia Slovakia
attack-pattern:	Data Software Discovery - T1418 Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data From Local System - T1533 Data Manipulation - T1641 Data Manipulation - T1565 Disable Or Modify System Firewall - T1562.004 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Drive-By Compromise - T1456 Dynamic Resolution - T1637 Dynamic Resolution - T1568 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 File Transfer Protocols - T1071.002 Hardware - T1592.001 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerade Task Or Service - T1036.004 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Hop Proxy - T1090.003 Native Api - T1575 Non-Standard Port - T1509 Non-Standard Port - T1571 Powershell - T1059.001 Private Keys - T1552.004 Resource Hijacking - T1496 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Ssh - T1021.004 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 User Activity Based Checks - T1497.002 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Automated Collection - T1119 Automated Exfiltration - T1020 Command-Line Interface - T1059 Connection Proxy - T1090 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Drive-By Compromise - T1189 Execution Through Api - T1106 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Hidden Window - T1143 Remote File Copy - T1105 Masquerading - T1036 Multi-Hop Proxy - T1188 Obfuscated Files Or Information - T1027 Powershell - T1086 Private Keys - T1145 Process Discovery - T1057 Scheduled Task - T1053 Security Software Discovery - T1063 System Information Discovery - T1082 User Execution - T1204 Automated Collection Drive-By Compromise Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	e9139b73-665d-4e28-ab9e-a774ce7ff4b3
Fingerprint	8407235e6ca33683
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 2, 2020, 11:30 a.m.
Added to db	Sept. 11, 2022, 12:44 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	KryptoCibule: The multitasking multicurrency cryptostealer
Title	KryptoCibule: The multitasking multicurrency cryptostealer \| WeLiveSecurity
Detected Hints/Tags/Attributes	160/3/63

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	uloz.to
Details	Domain	2	rlwryismmgjijryr55u5rqlbqghqvrwxe5qgxupuviyysxkky5wah6yd.onion
Details	Domain	2	4dtu3lxrpx6nn7snjovoc3ldiy4x67k7qsrgzftvkrttoqbwnsuirhqd.onion
Details	Domain	2	v6lajszeqfkt3h2nptorindpf3mow5p3thrx2vuqbqzbv3tjrcqmgdqd.onion
Details	File	208	setup.exe
Details	File	18	3.zip
Details	File	1	buru.exe
Details	File	249	schtasks.exe
Details	File	2	%programfiles(x86)%\adobe\acrobat reader dc\reader\update\armsvc.exe
Details	File	53	ekrn.exe
Details	File	33	tor.exe
Details	File	1	adelrcp.exe
Details	File	1	libstringutils.dll
Details	File	2	systemarchitecturetranslation.exe
Details	File	5	settings.cfg
Details	File	96	wallet.dat
Details	File	4	address.txt
Details	File	1	atomic.exe
Details	File	1	copay.exe
Details	File	6	wallet.exe
Details	File	1	msigna.exe
Details	File	2	armoryqt.exe
Details	File	38	armsvc.exe
Details	File	52	updater.exe
Details	File	2	%localappdata%\microsoft\architecture\systemarchitecturetranslation.exe
Details	File	2126	cmd.exe
Details	sha1	2	3bcef852639f85803974943fc34eff2d6d7d916d
Details	sha1	2	352743ebe6a0638cc0614216ad000b6a43c4d46e
Details	sha1	2	70480d5f4cb10de42dd2c863ddf57102be6fa9e0
Details	sha1	1	2e568cdf9b28824fba1d7c16d8d0be1d73a3feba
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	57	T1036.004
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	8	T1497.002
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	70	T1562.004
Details	MITRE ATT&CK Techniques	66	T1564.003
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	31	T1071.002
Details	MITRE ATT&CK Techniques	48	T1090.003
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	27	T1568
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	107	T1496
Details	MITRE ATT&CK Techniques	33	T1565