ioc[.]one - OSINT Cyber Threat Intelligence Database

Compromised WordPress Sites Distribute Adwind RAT | blog

Tags

cmtmf-attack-pattern:

attack-pattern:

Dns - T1071.004 Dns - T1590.002 Email Addresses - T1589.002 System Network Configuration Discovery - T1422 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Obfuscated Files Or Information - T1027 Process Discovery - T1057 Registry Run Keys / Start Folder - T1060 Security Software Discovery - T1063 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Windows Management Instrumentation - T1047 Uncommonly Used Port - T1065 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	f72ca5f4-4100-4060-a387-f16c1ad5d7bf
Fingerprint	a411491ea18ffab4
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 29, 2020, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Compromised WordPress Sites Used to Distribute the Adwind RAT
Title	Compromised WordPress Sites Distribute Adwind RAT \| blog
Detected Hints/Tags/Attributes	77/2/83

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/research/compromised-wordpress-sites-used-distribute-adwind-rat

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	j2t.ple.il
Details	Domain	1	haus-pesjak.at
Details	Domain	1	digitaltextile.com.ru
Details	Domain	1	teddyshatsworld.pl
Details	Domain	1	thaivictory.co.th
Details	Domain	1	cherryemoore.com
Details	Domain	1	feylibertad.org
Details	Domain	1	mahalowood.com
Details	Domain	1	newsha.jsonland.ir
Details	Domain	1	www.stillval.com
Details	Domain	1	thediscoveryrun.com
Details	Domain	1	jeddahcrumbly.com
Details	Domain	1	dev.medialogistics2020.ca
Details	Domain	1	unks123.duckdns.org
Details	Domain	1	lay.dubya.us
Details	Domain	1	fresh.ygto.com
Details	Domain	1	gwiza1988.hopto.org
Details	Domain	1	praisesalways.ddns.net
Details	Domain	1	wawa.cleansite.us
Details	Domain	1	dlee889.mywire.org
Details	File	1	covid-19update.jar
Details	File	1	reylontransport-covid19-statement20.jar
Details	File	1	rescheduleusps.jar
Details	File	1	dhlpaket.jar
Details	File	1	j2t.pl
Details	File	2	key1.json
Details	File	2	key2.json
Details	File	153	config.json
Details	File	1	ntusernt.ini
Details	File	44	javaw.exe
Details	File	1	c:\users\user\oracle\bin\javaw.exe
Details	File	23	x86.dll
Details	File	3	amd64.dll
Details	File	1	telekom.jar
Details	File	1	paket.jar
Details	File	1	04-07-20intuitinvoices.jar
Details	File	2	order.jar
Details	File	1	redeliveryusps.jar
Details	File	1	amazon-po20023938.jar
Details	File	1	uspsreschedulerlabel.jar
Details	File	1	newsha.json
Details	File	1	shippinginfo.jar
Details	File	1	quickbooks-inv5066.jar
Details	md5	1	0a5f34440389ca860235434eea963465
Details	md5	1	7e4bdf62d3ecd78b3f407f6ec1158678
Details	md5	1	1da18ec639f7ec2a8aad58655d846e23
Details	md5	1	d7489b47e17630e5594a320b43b201db
Details	md5	1	da52c24302a03626d2175123b751f466
Details	md5	1	b766cf6695730b74a107cb73157262b1
Details	md5	1	919f2d0043f063a90702fb36887699e8
Details	md5	1	d470d5a428f99818278fb2816a8d03e9
Details	md5	1	8f5e55fbb1bee93dc5912dcbd0092519
Details	md5	1	4a97b2d004d72b69aa64f621b5b74775
Details	md5	1	051b4da1f0079c6f60d6c8eb62b3f586
Details	md5	1	2020551b5373121053abdbf3eaafa02d
Details	md5	1	a4da22e269b93148eb9857036b9a072a
Details	md5	1	876eb4208ef2eec6e9f12b13f764a975
Details	md5	1	1d77e96974e1e2301ed78cec19e8710b
Details	IPv4	1	212.114.52.236
Details	MITRE ATT&CK Techniques	279	T1060
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	29	T1045
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	24	T1063
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	26	T1065
Details	Url	1	http://haus-pesjak.at/covid-19update.jar
Details	Url	1	https://digitaltextile.com.ru/lk/deutsche
Details	Url	1	https://digitaltextile.com.ru/n/dhl
Details	Url	1	http://haus-pesjak.at/04-07-20intuitinvoices.jar
Details	Url	1	http://teddyshatsworld.pl/reylontransport-covid19-statement20.jar
Details	Url	1	http://thaivictory.co.th/pageconfig/album/dir/5/order.jar
Details	Url	1	http://cherryemoore.com/usps/redeliveryusps.jar
Details	Url	1	https://feylibertad.org/amazon-po20023938.jar
Details	Url	1	http://mahalowood.com/usps/uspsreschedulerlabel.jar
Details	Url	1	https://newsha.jsonland.ir/wp-includes/css/dhlpaket.jar
Details	Url	1	https://www.stillval.com/usps/rescheduleusps.jar
Details	Url	1	https://thediscoveryrun.com/ups/shippinginfo.jar
Details	Url	1	http://jeddahcrumbly.com/dhlpaket.jar
Details	Url	1	https://dev.medialogistics2020.ca/wp-content/plugins/ubh/quickbooks-inv5066.jar
Details	Windows Registry Key	7	HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run