Clever malvertising attack uses Punycode to look like KeePass's official website
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Impersonation - T1656 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID fcbf22f5-d337-4d50-bc08-346cecf5dfcd
Fingerprint e910d8e13627b9
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 18, 2023, midnight
Added to db Oct. 22, 2023, 9:32 p.m.
Last updated Sept. 5, 2024, 2:03 a.m.
Headline Clever malvertising attack uses Punycode to look like KeePass's official website
Title Clever malvertising attack uses Punycode to look like KeePass's official website
Detected Hints/Tags/Attributes 32/2/8
Source URLs
Redirection Url
Details Source https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
URL Provider
Details Provider Source level domain
Details malwarebytes.com www.malwarebytes.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 40 Malwarebytes https://blog.malwarebytes.org/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 4 
keepasstacking.site
Details Domain 4 
xn--eepass-vbb.info
Details Domain 4 
756-ads-info.xyz
Details Domain 2 
refreshmet.com
Details File 4 
ķeepass.inf
Details File 3 
55-setup.msi
Details File 3 
package.tar
Details sha256 2 
181626fdcff9e8c63bb6e4c601cf7c71e47ae5836632db49f1df827519b01aaa