ioc[.]one - OSINT Cyber Threat Intelligence Database

Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant | Proofpoint US

Tags

country:	Austria Canada Germany United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	f868011b-e065-4a01-9a81-6a9f335364f0
Fingerprint	ad1509538037f342
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 19, 2021, 8:55 p.m.
Added to db	Sept. 11, 2022, 12:34 p.m.
Last updated	Oct. 10, 2024, 9:36 p.m.
Headline	Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
Title	Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant \| Proofpoint US
Detected Hints/Tags/Attributes	62/3/66

Source URLs

	Redirection	Url
Details	Source	https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant

URL Provider

Details	Provider	Source level domain
Details	proofpoint.com	www.proofpoint.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	menorukis.su
Details	Domain	3	fidufagios.com
Details	Domain	1	feristoaul.com
Details	Domain	1	cdn-wfs-nspod.com
Details	Domain	1	cdn03664-dl-fileshare.com
Details	Domain	1	cdn-8846-sharepoint-office.com
Details	Domain	1	dzikic-my-sharepoint.com
Details	Domain	1	dzikics-my-sharepoint.com
Details	File	2	audiodriver.exe
Details	File	2	image.ico
Details	File	1	dwm-x64.exe
Details	File	1	dwm-x32.exe
Details	File	7	version.php
Details	IPv4	1	139.59.93.223
Details	IPv4	1	172.105.178.119
Details	IPv4	1	207.246.101.153
Details	IPv4	1	141.164.41.231
Details	IPv4	1	89.44.197.46
Details	IPv4	1	193.42.36.110
Details	IPv4	1	5.149.255.14
Details	IPv4	1	155.138.205.35
Details	IPv4	1	45.79.239.23
Details	IPv4	1	185.202.93.201
Details	IPv4	1	185.183.96.147
Details	IPv4	1	185.176.220.198
Details	IPv4	1	95.216.138.82
Details	IPv4	1	194.180.174.6
Details	IPv4	2	185.10.68.235
Details	IPv4	1	185.225.19.246
Details	IPv4	1	185.225.19.156
Details	IPv4	2	192.36.27.92
Details	IPv4	1	5.188.108.40
Details	Url	1	http://139.59.93.223/c.php
Details	Url	1	http://menorukis.su
Details	Url	1	http://fidufagios.com
Details	Url	1	http://feristoaul.com
Details	Url	1	http://172.105.178.119/install.msi
Details	Url	1	http://207.246.101.153/chrome.msi
Details	Url	1	http://207.246.101.153/setup.msi
Details	Url	1	https://cdn03664-dl-fileshare.com/files/xls/employee
Details	Url	1	https://cdn-8846-sharepoint-office.com/cl09302021_00137.xls
Details	Url	1	https://cdn-8846-sharepoint-office.com/covid19_list.xls
Details	Url	1	https://cdn-8846-sharepoint-office.com/fp01102021_001.xls
Details	Url	1	https://dzikic-my-sharepoint.com/file/manulife_policy.xls
Details	Url	1	https://dzikics-my-sharepoint.com/file/employee_authorization_form.xls
Details	Url	1	http://141.164.41.231/host64_sh.bin
Details	Url	1	http://141.164.41.231/host32_pic.bin
Details	Url	1	http://89.44.197.46/host64_sh.bin
Details	Url	1	http://89.44.197.46/host32_pic.bin
Details	Url	1	http://193.42.36.110/host64_sh.bin
Details	Url	1	http://193.42.36.110/host32_pic.bin
Details	Url	1	http://5.149.255.14/host64_sh.bin
Details	Url	1	http://5.149.255.14/host32_pic.bin
Details	Url	1	http://155.138.205.35/?pool
Details	Url	1	http://45.79.239.23/version.php?data=
Details	Url	1	http://185.202.93.201:80/mlp.php
Details	Url	1	http://185.183.96.147/?data=
Details	Url	1	http://185.176.220.198/?data=
Details	Url	1	http://155.138.205.35
Details	Url	1	http://95.216.138.82
Details	Url	1	http://194.180.174.6
Details	Url	1	http://185.10.68.235
Details	Url	1	http://185.225.19.246
Details	Url	1	http://185.225.19.156
Details	Url	1	http://192.36.27.92/10opd3r_load.msi
Details	Url	1	http://5.188.108.40/trehjugdr4et6u.msi