ioc[.]one - OSINT Cyber Threat Intelligence Database

Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems

Tags

country:	Japan Portugal Taiwan United States Of America
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Browser Extensions - T1176 Connection Proxy - T1090 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	f845673a-f753-4560-85d2-0ec08208b0e5
Fingerprint	b51488da66f74ea3
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 16, 2020, midnight
Added to db	Oct. 15, 2024, 5:38 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
Title	Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
Detected Hints/Tags/Attributes	97/2/53

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/20/d/exposing-modular-adware-how-dealply-iserik-and-managex-persist-in-systems.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	pajuwu.com
Details	Domain	5	rokuq.com
Details	Domain	5	nusojog.com
Details	Domain	4	wagng.com
Details	Domain	9	curl.haxx.se
Details	Domain	3	qamopo.com
Details	Domain	3	tuwoqol.com
Details	Domain	3	pacudoh.com
Details	Domain	3	daqah.com
Details	Domain	2	galcomm.com
Details	Email	2	domainprivacy@galcomm.com
Details	File	9	adware.js
Details	File	2	email_open_view_pro_free.exe
Details	File	1260	explorer.exe
Details	File	2	segurazo.exe
Details	File	4	pua.msi
Details	File	2	danuci.exe
Details	File	2	netenare.exe
Details	File	3	syncversion.exe
Details	File	2	conf.db
Details	File	30	c:\windows\system32\wscript.exe
Details	File	2	sole.txt
Details	File	376	wscript.exe
Details	File	2	rino.dat
Details	File	7	sync.exe
Details	File	3	synctask.exe
Details	File	3	updane.exe
Details	File	52	updater.exe
Details	File	3	updtask.exe
Details	File	10	info.dat
Details	File	2	ttl.dat
Details	File	2	wb.cfg
Details	File	2	sb953.dat
Details	File	2	sb703.dat
Details	File	2	bapi_chmm.dat
Details	File	2	bapi_ff.dat
Details	File	2	bapi_ie.dat
Details	File	104	sqlite3.dll
Details	File	2	gratis_3890201077.exe
Details	File	2	music_3890201077.exe
Details	File	20	c:\windows\syswow64\cmd.exe
Details	File	2	c:\users\\appdata\local\temp\d3284081000781.dat
Details	File	2	c:\users\\appdata\local\temp\d3284081000782.dat
Details	md5	2	687474703a2f2f7761676e672e636f6d
Details	sha1	2	71370b5a77bff01a627a0b92bdd31dc48b946fca
Details	sha1	2	22bb3f2f3f8a4ec991198efb425b0a35f30a12c2
Details	sha1	2	fc49f556e48970561d7ab6a2f24fdd7d9eb81ff2
Details	IPv4	2	14.1.4.58
Details	IPv4	2	13.32.230.240
Details	IPv4	2	52.222.149.67
Details	Url	2	http://nusojog.com/update?os=win&arch=x86&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=63.0.3235.0&lang=en-us&acceptformat=crx2,crx3&x=id=jghiljaagglmcdeopnjkfhcikjnddhhc&v=14.1.4.58
Details	Url	4	https://wagng.com
Details	Url	2	https://curl.haxx.se/docs/http-cookies.html