ioc[.]one - OSINT Cyber Threat Intelligence Database

eSentire Threat Intelligence Malware Analysis: HeaderTip

Tags

country:	Chile Russia Syria Ukraine United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Models Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Software - T1592.002 Vulnerabilities - T1588.006 Brute Force - T1110 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	ead9fe3e-65fa-4f48-ada5-57a27ea59ed7
Fingerprint	8566099dad2b8691
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 16, 2022, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	eSentire Threat Intelligence Malware Analysis: HeaderTip
Title	eSentire Threat Intelligence Malware Analysis: HeaderTip
Detected Hints/Tags/Attributes	98/3/26

Source URLs

	Redirection	Url
Details	Source	https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-headertip

URL Provider

Details	Provider	Source level domain
Details	esentire.com	www.esentire.com

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	2	UAC-0026
Details	Domain	124	www.sentinelone.com
Details	Domain	83	cert.gov.ua
Details	Domain	2	product2020.mrbasic.com
Details	File	2	officecleaner.dat
Details	File	1	%temp%\httpshelper.dll
Details	File	1	%temp%\officecleaner.dat
Details	File	1	c:\windows\system32\run%jlkjfaewiuoqrjljretfdsg%dll32.exe
Details	File	127	c:\windows\system32\rundll32.exe
Details	File	2	httpshelper.dll
Details	File	2	officecleaner.bat
Details	File	2	2163_02_33-2022.pdf
Details	File	1	федерації.rar
Details	File	1	федерації.exe
Details	sha256	2	839e968aa5a6691929b4d65a539c2261f4ecd1c504a8ba52abbfbac0774d6fa3
Details	sha256	2	042271aadf2191749876fc99997d0e6bdd3b89159e7ab8cd11a9f13ae65fa6b1
Details	sha256	2	c0962437a293b1e1c2702b98d935e929456ab841193da8b257bd4ab891bf9f69
Details	sha256	1	a2ffd62a500abbd157e46f4caeb91217738297709362ca2c23b0c2d117c7df38
Details	sha256	2	830c6ead1d972f0f41362f89a50f41d869e8c22ea95804003d2811c3a09c3160
Details	sha256	2	63a218d3fc7c2f7fcadc0f6f907f326cc86eb3f8cf122704597454c34c141cf1
Details	IPv4	1	104.155.198.25
Details	Url	1	https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine
Details	Url	2	https://cert.gov.ua/article/38097
Details	Url	1	https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?documentkey=8bfa7311
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run