In the Balkans, businesses are under fire from a double‑barreled weapon | WeLiveSecurity
Tags
cmtmf-attack-pattern: Command-Line Interface Masquerading Obfuscated Files Or Information Process Injection
country: Bahamas Bosnia And Herzegovina Croatia Montenegro Serbia Slovenia Suriname Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Application Layer Protocol - T1437 Code Signing - T1553.002 Command-Line Interface - T1605 Commonly Used Port - T1436 Credentials - T1589.001 Email Addresses - T1589.002 Exploitation For Client Execution - T1658 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Files And Directories - T1564.001 Hidden Window - T1564.003 Input Capture - T1417 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Software - T1592.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Windows Service - T1543.003 Tool - T1588.002 Access Token Manipulation - T1134 Standard Application Layer Protocol - T1071 Code Signing - T1116 Command-Line Interface - T1059 Commonly Used Port - T1043 Connection Proxy - T1090 Deobfuscate/Decode Files Or Information - T1140 Disabling Security Tools - T1089 Execution Through Api - T1106 Exploitation For Client Execution - T1203 Fallback Channels - T1008 File Deletion - T1107 Hidden Files And Directories - T1158 Hidden Window - T1143 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 New Service - T1050 Obfuscated Files Or Information - T1027 Process Injection - T1055 Redundant Access - T1108 Registry Run Keys / Start Folder - T1060 Remote Access Tools - T1219 Rootkit - T1014 Screen Capture - T1113 Scripting - T1064 Service Execution - T1035 Spearphishing Link - T1192 System Information Discovery - T1082 User Execution - T1204 Command-Line Interface Commonly Used Port Connection Proxy Execution Through Api Masquerading Rootkit Screen Capture Scripting Standard Application Layer Protocol User Execution
Show in Graph
Common Information
Type Value
UUID fabecf25-8bf6-44f9-9556-39c829d4e392
Fingerprint 45144d101adbbc5
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 14, 2019, 11:30 a.m.
Added to db Sept. 11, 2022, 12:43 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline In the Balkans, businesses are under fire from a double‑barreled weapon
Title In the Balkans, businesses are under fire from a double‑barreled weapon | WeLiveSecurity
Detected Hints/Tags/Attributes 153/4/252
Source URLs
Redirection Url
Details Source https://www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/
URL Provider
Details Provider Source level domain
Details welivesecurity.com www.welivesecurity.com
Attributes
Details Type #Events CTI Value
Details CVE 31 
cve-2018-20250
Details Domain 1 
pksrs.com
Details Domain 1 
pks.rs
Details Domain 1 
porezna-uprava.com
Details Domain 1 
porezna-uprava.hr
Details Domain 1 
porezna-uprava.net
Details Domain 1 
pufbih.com
Details Domain 1 
pufbih.ba
Details Domain 1 
rutils.com
Details Domain 1 
server.rutils.com
Details Domain 14 
list.ru
Details Domain 246 
mail.ru
Details Domain 1 
slowbeerltd.info
Details Domain 1 
bestfriendsroot.com
Details Domain 1 
consaltingsolutionshere.com
Details Domain 1 
dogvipcare.net
Details Domain 1 
hvar.dogvipcare.net
Details Domain 1 
kimdotcomfriends.com
Details Domain 1 
limosinevipsalon.com
Details Domain 1 
luxembourgprotections.com
Details Domain 1 
malmevipbikes.se
Details Domain 1 
split.malmevipbikes.se
Details Domain 1 
zagreb.porezna-uprava.com
Details Domain 20 
inbox.ru
Details Domain 29 
bk.ru
Details Domain 1 
newmail.ru
Details Domain 7 
qip.ru
Details Domain 119 
yandex.ru
Details Domain 1 
bbportal.info
Details Email 1 
llc.amo-k@list.ru
Details Email 1 
tov-valpak@mail.ru
Details Email 1 
b.klokov@inbox.ru
Details Email 1 
galkin.valentin.83@bk.ru
Details Email 1 
gligorijmaskov@mail.ru
Details Email 1 
ivan.aslanov@newmail.ru
Details Email 1 
ivan.tatarov@qip.ru
Details Email 1 
melikov.viktor@yandex.ru
Details Email 1 
mr.aleksandrandreev@mail.ru
Details Email 1 
test@bbportal.info
Details Email 1 
tgerik@list.ru
Details Email 1 
vladzlobin@list.ru
Details File 1 
mip1023.pdf
Details File 1 
ponovljeni-stav.pdf
Details File 1 
aug_1031.pdf
Details File 1 
zakon.pdf
Details File 1 
zpdg.pdf
Details File 2125 
cmd.exe
Details File 1 
weather.exe
Details File 1 
preserve.exe
Details File 1 
slowbeerltd.inf
Details File 1 
zakon.exe
Details File 1 
winmihc.exe
Details File 1 
preservs.exe
Details File 1 
windowsconnect.exe
Details File 1 
zpdgi.exe
Details File 1 
zpdgv.exe
Details File 1 
zpdge.exe
Details File 1 
zpdgo.exe
Details File 1 
zpdgu.exe
Details File 1 
zpdga.exe
Details File 1 
ponovljeni-stav.exe
Details File 1 
aug_1031.exe
Details File 1 
mip1023.exe
Details File 1 
stg.cfg
Details File 1 
winchk32.exe
Details File 89 
wininit.exe
Details File 2 
hide.exe
Details File 1 
winchk64.exe
Details File 8 
rutserv.exe
Details File 6 
rfusclient.exe
Details File 1 
winmmon.dll
Details File 1 
winmmon64.dll
Details File 1 
serk.bat
Details File 1 
serk.exe
Details File 1 
smart.php
Details File 1 
weather.php
Details File 1 
zagreb.php
Details File 1 
kversion.php
Details File 1 
dekol.php
Details File 1 
bbportal.inf
Details sha1 1 
02225c58a0800a8fffe82f7614695fdeeb75c8b3
Details sha1 1 
3e8af08f2c64d9d305a129fdea6b24ed3d8d9484
Details sha1 1 
400ff3fd5bef94dcbeae24b5b8a6632dcd1d22a6
Details sha1 1 
576ef0057982de87ca029c736706e840031a27f4
Details sha1 1 
5cc4f248595268a0c9988daee3f0f8f9f5ac0a7f
Details sha1 1 
60eb2a19ec63ff36d13f472ec0e6a594c2778ce6
Details sha1 1 
7aa3d6ea4736c3bf627db1837b9c8d2b29d7ab8d
Details sha1 1 
ac5383306459ce8cd19bff412875f093b40427c6
Details sha1 1 
006b8ef615550ba731a30fa83b0e03cd16d2a92d
Details sha1 1 
030dc8c3832f664fa10efa3105dff0a9b6d48911
Details sha1 1 
032884a46430039ed4e38518aa20742b79ab2678
Details sha1 1 
09d18cd045285a753bcf4f42c6f10af76913546a
Details sha1 1 
0f7a95c89911e3de9205ff6aa03e1a4fce6bc551
Details sha1 1 
13d8664b438da278ceb9c8593ae85023432054cd
Details sha1 1 
17ea62ebc5f86997fd7e303fbbff3e343da38fcc
Details sha1 1 
1c03ed1adf4b4e786efc00f3d892217faaafb268
Details sha1 1 
15ec88015fb554302db131258c8c11c9e46209d4
Details sha1 1 
21de3eb6f39df4dbbf2d1fe4b6467aae3d9fbebd
Details sha1 1 
21ee61874f299661aecc5453f4d6d0ec5380dad0
Details sha1 1 
270f1fa36365273f14d89ee852d8a438a594cd05
Details sha1 1 
30ba2213be4355d619e20da733f27f59da7b937e
Details sha1 1 
3170b45fb642301687a3a320282099b9d7b7f0f2
Details sha1 1 
38e7fcd6038e688dec9f1af9d2d222b9bbc03a8c
Details sha1 1 
3927b48d315f6712d33166a3b278b7835e76a6a9
Details sha1 1 
3c1ff7bbe8bc2be9e5531ffad25b18f03c51cf6b
Details sha1 1 
421f52733d334be32c899670426c06cb72d92cde
Details sha1 1 
46e4b456729cf659527d2697bd8518e67b5a0056
Details sha1 1 
4f8ba64da7ea16a7ce5aa2c83bbfce1c8646e424
Details sha1 1 
500a447a187240706c059c16366fedf1aa13ea77
Details sha1 1 
555844ca5cd40dfc27778c2d3b6afa43d1b76685
Details sha1 1 
5a3201048d8d9d696102a3c3b98da99c2cc4ff1f
Details sha1 1 
64e3a46bf393936a79478c891654c1070cec42d1
Details sha1 1 
685314454a7d7987b38add2eddbac3db9e78464f
Details sha1 1 
6c83abe56219ca656b71aa8c109e0955061da536
Details sha1 1 
6e27f7c61230452555b52b39ab9f51d42c725bed
Details sha1 1 
6ef16faa19fc4cef66c4c1b66e58fb9cffd8098e
Details sha1 1 
72db8ccc962e2d2c15ac30e98f7382e3acdedda8
Details sha1 1 
730e20ee7228080a7f90a238d9e65d55edd84301
Details sha1 1 
73e0a62f1aaab3457d895b4b1e6e2119b8b8d167
Details sha1 1 
7ba4d127c6cd6b5392870f0272c7045c9932db17
Details sha1 1 
7bf564891089377809d3f0c2c9e25fd087f5f42b
Details sha1 1 
8852647b1c1a2efa4f25fea393d773f9ff94d6fa
Details sha1 1 
8d9a804b1433a05216cfe1d4e61ce5eb092a3505
Details sha1 1 
8f85738534158db9c600a29b9ded8ac85c3de8c1
Details sha1 1 
963cf321740c4ef606fec65fce85fb3a9a6223ac
Details sha1 1 
97926e2a7514d4078cf51eac069a014309e607f1
Details sha1 1 
9ea0c6a17ee4eb23371688972b7f4e6d4d53f3c8
Details sha1 1 
9f2c6a44453e882098b17b66de70c430c64c3b26
Details sha1 1 
a1dea762dd4329e77fe59526d4abc0e15de2bbbc
Details sha1 1 
a56a299a8eef9f4ff082184f66fad1b76c7cacb8
Details sha1 1 
a5ace8f90c33cbdb12d398c0f227ec48f99551bf
Details sha1 1 
aa4ad783dfe3cc6b0b9612814ed9418253203c50
Details sha1 1 
ab311b53591c6625335b9b791676a44538b48821
Details sha1 1 
aedf43347af24d266ec5d471723f4b30b4acc0d0
Details sha1 1 
b18222e93d25649bc1b67fab4f9bf2b4c59d9a1a
Details sha1 1 
b8f67bb5682b26acd5969d9c6ac7b45fe07e79e1
Details sha1 1 
bad38d474d5caaac27082e6f727cae269f64cf3c
Details sha1 1 
beef0ee9397b01855c6daa2bff8002db4899b121
Details sha1 1 
bfe3f5cec25181f1b6852e145013e548b920651e
Details sha1 1 
c268cab6d8ec267eee463672809faaee99c2f446
Details sha1 1 
c2f9ffdf518da9e037f76902746de89c2e2821e8
Details sha1 1 
c3813734d3bfc07e339c05417055a1a106e2fbbd
Details sha1 1 
c8cbbc175451a097e605e448f94c89d3e050acd5
Details sha1 1 
c90756a3c6f6dc34e12babf5f26543510aace704
Details sha1 1 
c90b5471bba3293c0a0e6829a81fbe2eb10b42b2
Details sha1 1 
cd1bc431f53e9cff8204279cdf274838de8ebb61
Details sha1 1 
cd82d898a3cea623179456d9ae5fad1fb5da01a0
Details sha1 1 
cdbb74ca0960f2e8631d49acabf2cea878ae35b8
Details sha1 1 
ce7092ff909e9380cc647c3350aa3067e40c36a9
Details sha1 1 
cea70db7fb8e851ef0d6a257a41c9cee904345b5
Details sha1 1 
cf7a8afac141e162a0204a49bad0a49c259b5a45
Details sha1 1 
deea26f5af918cec406b4f12184f0cab2755b602
Details sha1 1 
dfdfcc61770425a8d1520550c028d1df2861e53f
Details sha1 1 
e0007a2e0e9ae47dd028029c402d7d0a08ebbc25
Details sha1 1 
e00c309e3fe09248b8afcff29fc1a79445c913da
Details sha1 1 
e95c651c539eaf73e142d1867a1a96098a5e219f
Details sha1 1 
eceee01f4e8051f544062ae37d76a3df2921df82
Details sha1 1 
f06cb000f9a25dde791c7e5bc30917c74a8f2876
Details sha1 1 
f26c663d5f6f534543a7c42b02254c98bb4ec0d5
Details sha1 1 
f3bc2f436693b61fed7fa7ddf8bc7f27618f24f3
Details sha1 1 
f6030ae46dc2cef9c68da1844f7dcea4f25a90a3
Details sha1 1 
fa19e71f9a836ea832b5d738d833c721d776781a
Details sha1 1 
ffe23d510a24db27c1c171d2baf1fbeb18899039
Details sha1 1 
038eceb80597de438d8194f8f57245eb0239ff4b
Details sha1 1 
2a1bb4bb455d3238a01e121165603a9b58b4d09d
Details sha1 1 
34ce3fbee3c487f4f467b9e8eb36844bb5acb465
Details sha1 1 
3b88d4047fa2b8f8fa6241320d81508eb676ea7a
Details sha1 1 
400438eb302886fd064274188647e6653e455eed
Details sha1 1 
42f70daa8c75e97551935d2370142c8904f5a20d
Details sha1 1 
446d3fbae9889fe59afad02c6fb71d8838c3fc67
Details sha1 1 
4d46fb773c02a9ff98e998da4f0777fb5d9f796b
Details sha1 1 
510c93d3dc620b17500c10369585f4af7cf3ce0d
Details sha1 1 
6a5ca3b9ee0a048f0aee1e99cbf3943d84f597ff
Details sha1 1 
6d53e7b5099ce11aca176519620e8064d4ff9ad0
Details sha1 1 
7cec39ac6a436577e02e7e8fe8226a00e58564cb
Details sha1 1 
8888014c16732cd5136a8315127ba50bb8bb94ed
Details sha1 1 
a5a05ba6e24226f1bc575cbc12b9fc59f6039312
Details sha1 1 
b77cfff0e359946029120dd642505bc0a9713ecc
Details sha1 1 
bc6f31d5ebc71ff83bacc0b4471fdefc206b28d0
Details sha1 1 
be8a582360fb16a4b515cd633227d6a002d142fa
Details sha1 1 
c6e62a113e95705f9b612cdbf49dac6bad2073bd
Details sha1 1 
d8d27c742da87292ef19a197594193c2c5e5f845
Details sha1 1 
dbe0e084b2a8ce4711c3df4e62e8062234bf6d3b
Details sha1 1 
e56189fe86c9537c28099518d4f4ea2e42ef9eee
Details sha1 1 
e918192d2b5c565a9b2756a1d01070c6608f361c
Details sha1 1 
0bd6c70b7e2320f42f0cfc2a79e161614c7c4f66
Details sha1 1 
7a41b912a3f99370df4cd3791c91467e23b2aa82
Details sha1 1 
a15ab505b79b88a9e868c95ce544942403c58cb6
Details sha1 1 
a8a5980de35fbf580497b43ef7e8499e004f9f38
Details sha1 1 
b248e43bab127d8e1e466821b96b7b7ecf37cb78
Details sha1 1 
28f152154f6e6074ea0de34214102119c8589583
Details sha1 1 
37a2a15c52caa7d63af86778c2dd1d2d81d4a270
Details sha1 1 
b4a847d7aac4164cf90ea585e4842cbf938b26cf
Details sha1 1 
1e0c4a5f0ff2e835d12c3b6571ae6000e81a014b
Details sha1 1 
8722441ff3678d154c89e312db1a54951dd21c3f
Details sha1 1 
88c3fda42768c5b465fd680591639f2cdc933283
Details sha1 1 
9f48e109675cdb0a53400358c27853db48fcd156
Details sha1 1 
c9b592bd7b69995c75cd5b1e4261b229c27fb479
Details sha1 1 
4e36c4d10f1e3d820058e4d451c4a7b77856bdb3
Details sha1 1 
17d50e2dbbaf5f8f60bffe1b90f4dd52fdb44a09
Details sha1 1 
4a362020f1afd3bd0c67f12f55a5754d2e70338c
Details sha1 1 
936edfb338d458fbacb25fe557f26aa3e101506e
Details sha1 1 
e7df448539d1e2671dcf787cf368aac2ed8f5698
Details sha1 1 
2359d644e48759f43993d34885167fecafd40022
Details MITRE ATT&CK Techniques 23 
T1192
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 239 
T1106
Details MITRE ATT&CK Techniques 80 
T1064
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 279 
T1060
Details MITRE ATT&CK Techniques 116 
T1134
Details MITRE ATT&CK Techniques 14 
T1116
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 41 
T1089
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 10 
T1108
Details MITRE ATT&CK Techniques 41 
T1014
Details MITRE ATT&CK Techniques 8 
T1143
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 152 
T1056
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 245 
T1203
Details MITRE ATT&CK Techniques 39 
T1035
Details MITRE ATT&CK Techniques 36 
T1050
Details MITRE ATT&CK Techniques 67 
T1107
Details MITRE ATT&CK Techniques 42 
T1158
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 219 
T1113
Details MITRE ATT&CK Techniques 60 
T1043
Details MITRE ATT&CK Techniques 152 
T1090
Details MITRE ATT&CK Techniques 41 
T1008
Details MITRE ATT&CK Techniques 444 
T1071
Details Url 1 
http://bestfriendsroot.com/smart.php
Details Url 1 
http://bestfriendsroot.com/weather.php
Details Url 1 
http://bestfriendsroot.com/zagreb.php
Details Url 1 
http://consaltingsolutionshere.com/smart.php
Details Url 1 
http://consaltingsolutionshere.com/weather.php
Details Url 1 
http://consaltingsolutionshere.com/zagreb.php
Details Url 1 
http://dogvipcare.net/kversion.php
Details Url 1 
http://hvar.dogvipcare.net/dekol.php
Details Url 1 
http://kimdotcomfriends.com/smart.php
Details Url 1 
http://kimdotcomfriends.com/weather.php
Details Url 1 
http://kimdotcomfriends.com/zagreb.php
Details Url 1 
http://limosinevipsalon.com/kversion.php
Details Url 1 
http://luxembourgprotections.com/kversion.php
Details Url 1 
http://malmevipbikes.se/kversion.php
Details Url 1 
http://split.malmevipbikes.se/dekol.php
Details Url 1 
http://zagreb.porezna-uprava.com/dekol.php
Details Windows Registry Key 8 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
Details Windows Registry Key 1 
HKEY_CURRENT_USER\Software\Usoris\Remote