otx.alienvault.com
Open in
urlscan Pro
13.32.121.87
Public Scan
URL:
https://otx.alienvault.com/pulse/6185218842a91bb63bda21dc?scan=1&utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=ot...
Submission: On November 05 via api from US — Scanned from DE
Submission: On November 05 via api from US — Scanned from DE
Form analysis
1 forms found in the DOM<form _ngcontent-yvt-c132="" novalidate="" class="login ng-untouched ng-pristine ng-invalid" id="welcomeLoginForm-pulse-detail" __bizdiag="-695151727" __biza="WJ__">
<div _ngcontent-yvt-c132="" class="form-group"><label _ngcontent-yvt-c132="" for="id_login">Username</label><input _ngcontent-yvt-c132="" container="body" formcontrolname="login" id="id_login" name="login" placement="right" type="text"
class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div>
<div _ngcontent-yvt-c132="" class="form-group"><label _ngcontent-yvt-c132="" for="id_password">Password</label><input _ngcontent-yvt-c132="" container="body" formcontrolname="password" id="id_password" name="password" placement="right"
type="password" class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div><button _ngcontent-yvt-c132="" id="loginBtn" type="submit" class="btn btn-att disabled" disabled=""> Log in
<i _ngcontent-yvt-c132="" aria-hidden="true" class="fa fa-chevron-right smaller"></i></button>
<div _ngcontent-yvt-c132="" class="remember-checkbox"><label _ngcontent-yvt-c132=""><input _ngcontent-yvt-c132="" id="id_remember" name="remember" type="checkbox"> REMEMBER ME</label></div>
</form>
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (163676) Suggest Edit Clone Embed Download Report Spam FRESH VARIANT OF SNAKE KEYLOGGER MALWARE * Created 34 minutes ago by AlienVault * Public * TLP: White Fortinet’s FortiGuard Labs recently captured a Microsoft Excel sample from the wild that was used to spread malware. After researching its behaviors, I recognized it as a fresh variant of the Snake Keylogger malware. Snake Keylogger is a malware developed using .NET. It first appeared in late 2020 and focused on stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes, screenshots of the victim’s screen, and clipboard data. Reference: https://www.fortinet.com/blog/threat-research/deep-dive-into-a-fresh-variant-of-snake-keylogger-malware Tags: snake, snake keylogger, keylogger, powershell, Microsoft Excel, Malicious document Malware Families: Snake , Snake Keylogger Att&ck IDs: T1056 - Input Capture , T1115 - Clipboard Data , T1071 - Application Layer Protocol , T1055 - Process Injection , T1137 - Office Application Startup , T1113 - Screen Capture , T1010 - Application Window Discovery , T1106 - Native API , T1012 - Query Registry , T1547 - Boot or Logon Autostart Execution , T1027 - Obfuscated Files or Information , T1204 - User Execution , T1566 - Phishing Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (8) * Related Pulses (2) * Comments (0) * History (0) URL (2)FileHash-SHA256 (2)FileHash-MD5 (2)FileHash-SHA1 (2) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-SHA25653d520c1f12fe4e479c6e31626f7d4aba5a65d107c1a13401380ebca7cca5b05Win32:MalwareX-gen\ [Trj]Nov 5, 2021, 12:20:25 PM1 FileHash-SHA2563b437baa9a07e9dece2659f20b5d97f8f729ba077d399933041cdc656c8d4d04#Lowfi:Lua:Mampa:95!mlNov 5, 2021, 12:20:25 PM1 FileHash-SHA1ea89519b812adc5dff90531a6c64c987d6d109d8Win32:MalwareX-gen\ [Trj]Nov 5, 2021, 12:20:25 PM2 FileHash-SHA11d5fb4b5a63f16d2c8bde8e42f9bc15fc8e1ff03#Lowfi:Lua:Mampa:95!mlNov 5, 2021, 12:20:25 PM1 FileHash-MD599a0109485e8ca6d9ee2b809390d89b8Win32:MalwareX-gen\ [Trj]Nov 5, 2021, 12:20:25 PM1 FileHash-MD508188e5102d3824ad530a21c1b25ad97#Lowfi:Lua:Mampa:95!mlNov 5, 2021, 12:20:25 PM1 URLhttp://3.64.251.139/v3/2/Requests07520000652.exeNov 5, 2021, 12:20:25 PM0 URLhttps://store2.gofile.io/download/0283e6ba-afc6-4dcb-b2f4-3173d666e2c4/Huzeigtmvaplpinhoo.dllNov 5, 2021, 12:20:25 PM0 SHOWING 1 TO 8 OF 8 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status Login to Initiate Scan × * Sign Up * Log In or Username Password Log in REMEMBER ME Recover Your Password | Resend Verification Email