ioc[.]one - OSINT Cyber Threat Intelligence Database

Zoom Users At Risk In Latest Malware Campaign

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Obfuscated Files Or Information
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Credentials - T1589.001 File And Directory Discovery - T1420 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 File And Directory Discovery - T1083 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Rundll32 - T1085 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 System Information Discovery - T1082 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	ebcabb25-cc43-4fb9-8795-25867943103a
Fingerprint	89857f09a9ff2285
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 5, 2023, midnight
Added to db	Oct. 24, 2023, 1:32 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Zoom Users At Risk In Latest Malware Campaign
Title	Zoom Users At Risk In Latest Malware Campaign
Detected Hints/Tags/Attributes	74/3/22

Source URLs

	Redirection	Url
Details	Redirection	https://blog.cyble.com/2023/01/05/zoom-users-at-risk-in-latest-malware-campaign/
Details	Source	https://cyble.com/blog/zoom-users-at-risk-in-latest-malware-campaign/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com
Details	cyble.com	blog.cyble.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	explorezoom.com
Details	Domain	4	trbiriumpa.com
Details	File	2	zoominstallerfull.exe
Details	File	2	ikm.msi
Details	File	2	maker.dll
Details	File	1018	rundll32.exe
Details	sha256	1	2f3dddb9952e0268def85fbe47f253056077894ce6bd966120654324787b83be
Details	sha256	1	9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd
Details	sha256	1	3c9cd4cf008ed70df41cc270c77055f6edac139ec7ec2a9c3de1b21c1a294ca7
Details	IPv4	4	143.198.92.88
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	121	T1218
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	159	T1095
Details	Url	1	https://explorezoom.com/products/app/zoominstallerfull.exe