otx.alienvault.com
Open in
urlscan Pro
143.204.98.16
Public Scan
URL:
https://otx.alienvault.com/pulse/61d5b8c1174648df18ff2c24?utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=otx&utm_c...
Submission: On January 05 via api from US — Scanned from DE
Submission: On January 05 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (170496) Suggest Edit Clone Embed Download Report Spam ELEPHANT BEETLE: UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION * Created 1 hour ago by AlienVault * Public * TLP: White The Sygnia Incident Response team recently identified an organized and experienced threat group siphoning off funds from businesses in the financial sector by patiently studying the targets’ financial systems, injecting fraudulent transactions hidden among regular activity, and ultimately stealing millions of dollars. This group uses an array of tools and scripts to operate undetected for vast amounts of time. Sygnia refers to this threat as Elephant Beetle. Reference: Sygnia- Elephant Beetle_Jan2022.pdf Tags: Elephant Beetle, financial, fraud Adversary: Elephant Beetle Industry: financial Targeted Country: Argentina Att&ck IDs: T1046 - Network Service Scanning , T1047 - Windows Management Instrumentation , T1059 - Command and Scripting Interpreter , T1134 - Access Token Manipulation , T1135 - Network Share Discovery , T1136 - Create Account , T1140 - Deobfuscate/Decode Files or Information , T1190 - Exploit Public-Facing Application , T1570 - Lateral Tool Transfer , T1572 - Protocol Tunneling , T1078.001 - Default Accounts , T1505.001 - SQL Stored Procedures , T1505.003 - Web Shell , T1574.002 - DLL Side-Loading , T1036.003 - Rename System Utilities , T1036.005 - Match Legitimate Name or Location , T1564.001 - Hidden Files and Directories , T1552.001 - Credentials In Files , T1003.001 - LSASS Memory , T1003.002 - Security Account Manager , T1087.002 - Domain Account , T1021.002 - SMB/Windows Admin Shares , T1560.001 - Archive via Utility , T1090.001 - Internal Proxy Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (106) * Related Pulses (69) * Comments (0) * History (0) YARA (7)FileHash-SHA256 (8)CVE (4)FileHash-SHA1 (8)FileHash-MD5 (79) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-SHA256f6917fa47ce498af0dd840e1467c29c1701dde0a850009ae7523f554b12ad379Jan 5, 2022, 3:26:58 PM0 FileHash-SHA256b23621caf5323e2207d8fbf5bee0a9bd9ce110af64b8f5579a80f2767564f917Jan 5, 2022, 3:26:58 PM4 FileHash-SHA256b20f667c2539954744ddcb7f1d673c2a6dc0c4a934df45a3cca15a203a661c88Win.Trojan.Pwdump-1Jan 5, 2022, 3:26:58 PM28 FileHash-SHA256a0dfe8e0b58b18957cc6659076b1145084f04f1f0252eed5441b72af14711a83Exploit:Win32/IISIISCrackJan 5, 2022, 3:26:58 PM0 FileHash-SHA2569f5f3a9ce156213445d08d1a9ea99356d2136924dc28a8ceca6d528f9dbd718bHackTool:Win32/IncognitoJan 5, 2022, 3:26:58 PM6 FileHash-SHA2563b86050e873ee6dd9d7999764df9ed5d99eb6426165d055fafc9b588b8336de7Jan 5, 2022, 3:26:58 PM0 FileHash-SHA25616f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5Jan 5, 2022, 3:26:58 PM17 FileHash-SHA25605732e84de58a3cc142535431b3aa04efbe034cc96e837f93c360a6387d8faadJan 5, 2022, 3:26:58 PM18 FileHash-SHA1f572dc5fc9d1a959c3a9a359750367dd6c42262fJan 5, 2022, 3:26:58 PM0 FileHash-SHA1d1387f3c94464d81f1a64207315b13bf578fd10cJan 5, 2022, 3:26:58 PM18 SHOWING 1 TO 10 OF 106 ENTRIES 1 2 3 4 5 ... 11 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status