ioc[.]one - OSINT Cyber Threat Intelligence Database

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

Tags

country:	Japan
attack-pattern:	Hardware - T1592.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	f9720d17-3f20-48cb-a17b-75ddd75a4708
Fingerprint	a4952d1f8912c4e5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 19, 2023, 1 p.m.
Added to db	Oct. 22, 2023, 10:02 p.m.
Last updated	Nov. 15, 2024, 12:36 p.m.
Headline	Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
Title	Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
Detected Hints/Tags/Attributes	64/2/31

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	120	✔	Unit 42	https://feeds.feedburner.com/Unit42	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	12	cve-2023-40477
Details	CVE	10	cve-2023-25157
Details	Domain	1	checkblacklistwords.eu
Details	Domain	2	cve-2023-40477-main.zip
Details	Domain	21	poc.py
Details	Domain	180	readme.md
Details	Domain	2	streamable.com
Details	File	2	cve-2023-40477-main.zip
Details	File	20	poc.py
Details	File	1	56_rec.mp4
Details	File	17	2.zip
Details	File	2	bat.bat
Details	File	14	c.txt
Details	File	1	%temp%\c.ps1
Details	File	7	words.txt
Details	File	2	preview.exe
Details	File	20	list.txt
Details	File	2	%appdata%\mydata\datalogs_keylog_offline.txt
Details	File	2	c.ps1
Details	sha1	1	82cb695f463b93b9cc089253cd6b5e32dce46c35
Details	sha256	1	7fc8d002b89fcfeb1c1e6b0ca710d7603e7152f693a14d8c0b7514d911d04234
Details	sha256	1	ecf96e8a52d0b7a9ac33a37ac8b2779f4c52a3d7e0cf8da09d562ba0de6b30ff
Details	sha256	1	c2a2678f6bb0ff5805f0c3d95514ac6eeaeacd8a4b62bcc32a716639f7e62cc4
Details	sha256	1	b99161d933f023795afd287915c50a92df244e5041715c3381733e30b666fd3b
Details	sha256	1	b77e4af833185c72590d344fd8f555b95de97ae7ca5c6ff5109a2d204a0d2b8e
Details	IPv4	1	94.156.253.109
Details	Url	1	http://checkblacklistwords.eu/check-u/robot?963421355
Details	Url	1	http://checkblacklistwords.eu/list.txt
Details	Url	1	http://checkblacklistwords.eu
Details	Url	1	http://checkblacklistwords.eu/c.txt
Details	Url	1	http://checkblacklistwords.eu/words.txt