Tags
cmtmf-attack-pattern: Masquerading
country: Netherlands New Zealand
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Code Signing - T1553.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Services - T1583.006 Web Services - T1584.006 Code Signing - T1116 Masquerading - T1036 Powershell - T1086 Masquerading
Show in Graph
Common Information
Type Value
UUID fec566e3-e76b-4efb-8d3a-8ebfde273655
Fingerprint a42589f3001c0582
Analysis status DONE
Considered CTI value 2
Text language
Published April 12, 2021, midnight
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Pivoting through malicious infrastructure: from ZoomPortable to Windscribe
Title
Detected Hints/Tags/Attributes 48/4/57
Source URLs
Redirection Url
Details Source https://www.theta.co.nz/news-blogs/cyber-security-blog/pivoting-through-malicious-infrastructure-from-zoomportable-to-windscribe/
URL Provider
Details Provider Source level domain
Details theta.co.nz www.theta.co.nz
Attributes
Details Type #Events CTI Value
Details Domain 2 
veehy.com
Details Domain 2 
zoom-download.huvpn.com
Details Domain 25 
zoom.us
Details Domain 1 
cayzor.com
Details Domain 1 
oulous.com
Details Domain 1 
vpn.veehy.com
Details Domain 2 
windscribe.s3.us-east-2.amazonaws.com
Details Domain 2 
huvpn.com
Details Domain 358 
pastebin.com
Details Domain 1 
www.inde.nz
Details Domain 75 
user.name
Details Domain 154 
urlscan.io
Details Domain 70 
crt.sh
Details Domain 23 
community.riskiq.com
Details Domain 1 
windscribe.com
Details Domain 1 
zoom-download.s3.us-east-2.amazonaws.com
Details Domain 1 
zoom-portable.s3.us-east-2.amazonaws.com
Details File 13 
zoom.exe
Details File 6 
b.ps1
Details File 1 
zoomportable.exe
Details File 2 
windscribe.exe
Details File 1 
windscribe.ai
Details File 2125 
cmd.exe
Details File 1208 
powershell.exe
Details md5 1 
074A080F649B2D5B784675B302A963B7
Details md5 1 
0f5ee43beea50ed5f0ec765bf65b1350
Details sha1 1 
b43c94f107b19d2b23db41f45d5adcbc5342cd46
Details sha1 1 
2d89451abf19019641927f6fa09be531d84981b6
Details sha256 1 
1495500d6c8613fda22b0e0c8f2ab0ba5d244d6b166c5d854a47000a91f44ab1
Details sha256 1 
da88dc8fbc02a32d336fc8a20f67f01fc3fe833068d0275cb7f5610566d28824
Details sha256 1 
fb55cc18b16707eeb53dd51e0e4e1e7046fd7a9e1b2ec1f5a128cef8810bcbd9
Details sha256 1 
77986a638410d6d312e5eef8dd142182b50623a3aae361ccf7e6d997ec1b7581
Details sha256 1 
df8659f990176e4845615486055305a5dc7024c732850bc3043c64e8393dc38b
Details sha256 1 
fd03b531ad1d8d7358b7b50912841f81b6ea6e4e364ca6af8f0dc61aa7d3d152
Details sha256 1 
f547410bd2f0b667b640e350d7c8c55cd4c2f7249e534c02c63d824c87ee2454
Details sha256 1 
b4b5a269db3cbaf333e754f7a58a0b723e6529fe61b5438b664795f4545f74c5
Details IPv4 2 
5.39.216.178
Details IPv4 2 
5.39.216.179
Details IPv4 1 
5.39.216.177
Details Url 1 
https://windscribe.s3.us-east-2.amazonaws.com/windscribe.exe
Details Url 1 
https://pastebin.com/fghxxrdu
Details Url 1 
https://www.inde.nz/blog/different-kind-of-zoombomb
Details Url 1 
https://urlscan.io/result/6cc2b423-6d01-4151-93c3-b8ab36824b69
Details Url 1 
https://urlscan.io/result/cc3bd261-7edb-4253-8284-009cfe04760a
Details Url 1 
https://crt.sh/?id=4331658350
Details Url 1 
https://community.riskiq.com/search/5.39.216.179/resolutions
Details Url 5 
https://urlscan.io
Details Url 1 
https://crt.sh/?id=3815840137
Details Url 1 
https://urlscan.io/result/6250dcdf-dde4-4ce9-841f-6e762550b201
Details Url 1 
https://windscribe.com
Details Url 1 
https://zoom-download.s3.us-east-2.amazonaws.com/zoomportable.exe
Details Url 1 
https://zoom-portable.s3.us-east-2.amazonaws.com/zoomportable.exe
Details Url 1 
https://urlscan.io/result/6250dcdf-dde4-4ce9-841f-6e762550b201/#links
Details Url 1 
https://www.virustotal.com/gui/url/b4b5a269db3cbaf333e754f7a58a0b723e6529fe61b5438b664795f4545f74c5/detection
Details Url 1 
https://www.virustotal.com/gui/file/1495500d6c8613fda22b0e0c8f2ab0ba5d244d6b166c5d854a47000a91f44ab1/details
Details Url 1 
https://www.virustotal.com/gui/file/da88dc8fbc02a32d336fc8a20f67f01fc3fe833068d0275cb7f5610566d28824/details
Details Url 1 
https://www.virustotal.com/gui/file/fb55cc18b16707eeb53dd51e0e4e1e7046fd7a9e1b2ec1f5a128cef8810bcbd9/details