otx.alienvault.com
Open in
urlscan Pro
143.204.98.16
Public Scan
URL:
https://otx.alienvault.com/indicator/cve/CVE-2017-0199
Submission: On March 11 via api from US — Scanned from DE
Submission: On March 11 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
×
* Browse
* Scan Endpoints
* Create Pulse
* Submit Sample
* API Integration
* Login | Sign Up
All
* Login | Sign Up
*
CVE
CVE-2017-0199
Add to Pulse
Pulses
50
Related NIDS
0
Files
320
Exploits
14
Targeted Products
9
CVE OVERVIEW
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1,
Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2,
Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via
a crafted document, aka "Microsoft Office/WordPad Remote Code Execution
Vulnerability w/Windows API."
CWE: https://cwe.mitre.org/data/definitions/CWE.html
CVE: CVE-2017-0199
Creation Date: Apr. 12, 2017, 2:59 PM
Last Modified Date: Oct. 03, 2019, 12:03 AM
Alienvault has seen this actively exploited in the wild
EXPLOIT ACTIVITY
Associated Threat Actors:
Alien Labs Pulses:
MuddyWater
Bluenoroff
User-Created Pulses:
APT34
MuddyWater
LUNAR SPIDER
Industries Targeted:
Alien Labs Pulses:
Government
,
Telecommunications
User-Created Pulses:
Education
,
Manufacturing
,
Banks
,
Energy
,
Media
,
Gaming
,
Financial
,
Construction
,
Telecommunications
,
Technology
,
Retail
,
Defense
,
Finance
,
Chemical
,
Information technology
,
Airlines
,
Telecom
,
Ngo
,
Government
,
Healthcare
,
Insurance
,
Critical infrastructure
EXPLOIT PREDICTION SCORING SYSTEM (EPSS)
The Exploit Prediction Scoring System (EPSS) uses current threat information
from CVE and real-world exploit data. The EPSS model produces a probability
score between 0 and 1 (0 and 100%). The higher the score, the greater the
probability that a vulnerability will be exploited.
EPSS Score: 0.95523
CVSS V2 SEVERITY
Access-Complexity: MEDIUM
Access-Vector: NETWORK
Authentication: NONE
Availability-Impact: COMPLETE
Confidentiality-Impact: COMPLETE
Integrity-Impact: COMPLETE
Score: 9.3
vectorString: AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS V3 SEVERITY
Attack Complexity: LOW
Attack Vector: LOCAL
Availability Impact: HIGH
Base Score: 7.8
Base Severity: HIGH
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Privileges Required: NONE
User Interaction: REQUIRED
Exploitability Score: 1.8
Impact Score: 5.9
Analysis
Related Pulses
Comments (0)
NETWORK IDS SIGNATURE HITS
Authentication required. Login to view Network IDS Signature Hits.
ASSOCIATED FILES
Show
10 25 50 100
entries
Date
Hash
Avast
AVG
Clamav
MSDefender
Mar 9, 2022 fabd8c4ed9ee153a646c88fd0a57365a29efa2d95f77b45b9f4e40f4e57868de
Rtf.Exploit.CVE_2017_8570-6596183-0Exploit:O97M/CVE-2017-0199.ZTMar 8, 2022
3126f973a80dd2c1cd074f6631d5a36c480b6d5d75d26a02f2f35bc2a62b80f7
Rtf.Exploit.CVE_2017_8570-6596183-0Exploit:O97M/CVE-2017-0199.ZTFeb 23, 2022
edc5820e9bc23da1b27f2e2ee46f7129a748d4a56abc2113f319a6dde0398df9
Rtf.Exploit.CVE_2017_8570-6596183-0Exploit:O97M/CVE-2017-0199.ZTJan 15, 2022
43e9f7518062b5bb4bc5f4ecf3be16e755790e33462bc59af8f72c29673d3974
Other:Malware-gen\ [Trj]Exploit:O97M/CVE-2017-0199.AJK!MSRJan 15, 2022
5a20461216fa5e59370399ccd8468398a901b2b0a014656f2dc94d55b5a04ce8
Other:Malware-gen\ [Trj]Exploit:O97M/CVE-2017-0199.AJK!MSRJan 15, 2022
a8b09ca50c0d78aaa643d99e71732039f8ce15ab791a42db85a740db66f4ecb3
Other:Malware-gen\ [Trj]Exploit:O97M/CVE-2017-0199.AJK!MSRDec 20, 2021
5b2649287e7633f7bca4f3f7d976c9bb61a1308b31917ab4412f9442f4c80c5b
RTF:Obfuscated-gen\ [Trj]TEL:Exploit:O97M/CVE-2017-0199.JK!MTBDec 9, 2021
8dc6f77519645fad3a51c5cd903ac8112fed21a81a12318ae079657c23ad6eef
Exploit:O97M/CVE-2017-0199.BK!MTBDec 6, 2021
7f932bc291cef7b7beeee3291740c9eb85913b7ee553eb2f6c221fe2f304ed8d
Exploit:O97M/CVE-2017-0199.CDec 5, 2021
7f8048951379614c56a10eafa2c60712038a833cdfe7835b1e3af1dc5f220b74
RTF:Obfuscated-gen\ [Trj]Exploit:O97M/CVE-2017-0199.C
SHOWING 1 TO 10 OF 320 ENTRIES
1
2
3
4
5
...
32
Next
EXPLOITS
Show
10 25 50 100
entries
Search:
Name
Author
Platform
Date
Type
Port
Microsoft Office Word - '.RTF' Malicious HTA Execution
(Metasploit)Metasploitwindows1970-01-01remoteMicrosoft Office Word - '.RTF'
Malicious HTA Execution (Metasploit)Metasploitwindows1970-01-01remoteMicrosoft
Office Word - '.RTF' Malicious HTA Execution
(Metasploit)Metasploitwindows1970-01-01remoteMicrosoft Office Word - '.RTF'
Malicious HTA Execution (Metasploit)Metasploitwindows1970-01-01remoteMicrosoft
Office Word - '.RTF' Malicious HTA Execution
(Metasploit)Metasploitwindows1970-01-01remoteMicrosoft Office Word - '.RTF'
Malicious HTA Execution (Metasploit)Metasploitwindows1970-01-01remoteMicrosoft
Office Word - '.RTF' Malicious HTA Execution
(Metasploit)Metasploitwindows1970-01-01remoteMicrosoft Office Word - '.RTF'
Malicious HTA Execution (Metasploit)Metasploitwindows1970-01-01remoteMicrosoft
Office Word - '.RTF' Malicious HTA Execution
(Metasploit)Metasploitwindows1970-01-01remoteMicrosoft Office Word - '.RTF'
Malicious HTA Execution (Metasploit)Metasploitwindows1970-01-01remote
SHOWING 1 TO 10 OF 14 ENTRIES
1
2
Next
TARGETED PRODUCTS
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1
cpe:2.3:o:microsoft:windows_server_2012:-
cpe:2.3:o:microsoft:windows_vista:*:sp2
cpe:2.3:o:microsoft:windows_server_2008:*:sp2
cpe:2.3:a:microsoft:office:2010:sp2
cpe:2.3:a:microsoft:office:2013:sp1
cpe:2.3:a:microsoft:office:2016
cpe:2.3:o:microsoft:windows_7:*:sp1
cpe:2.3:a:microsoft:office:2007:sp3
REFERENCES
Show
10 25 50 100
entries
Search:
External Source
Name
Hyperlink
CONFIRMhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199MISChttps://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlhttps://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlMISChttps://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/BID97498http://www.securityfocus.com/bid/97498MISChttps://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/MISChttp://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.htmlhttp://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.htmlSECTRACK1038224http://www.securitytracker.com/id/1038224EXPLOIT-DB41934https://www.exploit-db.com/exploits/41934/EXPLOIT-DB41894https://www.exploit-db.com/exploits/41894/EXPLOIT-DB42995https://www.exploit-db.com/exploits/42995/
SHOWING 1 TO 10 OF 11 ENTRIES
1
2
Next
* Alien Labs (2)
* User Created (48)
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global
Government and Commercial Networks
CVE Indicator Active
* Created 2 weeks ago by AlienVault
* Public
* TLP: White
CVE: 3 | FileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 2 | IPv4: 21
A group of Iranian government-sponsored advanced persistent threat actors, known
as MuddyWater, are conducting cyber espionage and other malicious cyber
operations against global government and commercial networks, the US Department
of Homeland Security (DoH) has warned.
MuddyWater, Goverment, PowGoop, Small Sieve, Canopy, Mori, POWERSTATS
* 178,679 Subscribers
The BlueNoroff cryptocurrency hunt is still on
CVE Indicator Active
* Created 2 months ago
* Modified 4 weeks ago by AlienVault
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 179 | FileHash-SHA1: 81 | FileHash-SHA256: 81 | URL: 2 |
Domain: 55 | Hostname: 68
BlueNoroff is the name of an APT group coined by Kaspersky researchers while
investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A
mysterious group with links to Lazarus and an unusual financial motivation for
an APT. The group seems to work more like a unit within a larger formation of
Lazarus attackers, with the ability to tap into its vast resources: be it
malware implants, exploits, or infrastructure.
BlueNoroff, cryptocurrencies, data theft, financial malware, malware
technologies, microsoft word, spear phishing, targeted attacks,
vulnerabilities and exploits
* 178,684 Subscribers
truthsociaal.com
CVE Indicator Active
* Created 22 hours ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-SHA1: 3 | FileHash-SHA256: 257 | IPv4: 16 | URL: 805 | Domain:
187 | Email: 1 | Hostname: 75
key identifier, algorithm, x509v3 subject, v3 serial, number, issuer, cus
cnr3, olet, subject public, key info, date
* 206 Subscribers
www.tinapeters.com ~ Mesa County Clerk (Co)
CVE Indicator Active
* Created 2 days ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA1: 11 | FileHash-SHA256: 147 | IPv4: 11 | URL: 367 |
Domain: 139 | Email: 1 | Hostname: 106
redacted for, date, server, enom, privacy tech, stateprovince, registrar
abuse, code, postal code, registrar whois, first, privacy admin, key
identifier, x509v3 subject, domain status, registrar enom, dns records,
record type
* 206 Subscribers
Harris County Hacked Employees
CVE Indicator Active
* Created 4 days ago
* Modified 4 days ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA1: 20 | FileHash-SHA256: 323 | IPv4: 24 | URL: 1096 |
Domain: 557 | Email: 4 | Hostname: 402
* 206 Subscribers
Various Malware Families Hashes
CVE Indicator Active
* Created 1 week ago by bluewatcher
* Public
* TLP: White
CVE: 2 | FileHash-MD5: 3334 | FileHash-SHA1: 3321 | FileHash-SHA256: 9436 |
Domain: 1
no expiration, filehashsha256, expiration, sha1, win32, backdoor,
filehashmd5, filehashsha1, mtb md5, mtb sha1, trojan, ransom, ave maria,
win64, virtool, dropper, fareit, nanocore, quasar, gafgyt, bank, zeus,
redline, msil, worm, keylogger, socelars, raccoon, nemucod, grandsteal,
trojanspy, trojandropper
* 23 Subscribers
Iranian Government-Sponsored Actors MuddyWater
CVE Indicator Active
* Created 2 weeks ago by BITSecurity
* Public
* TLP: White
CVE: 4 | FileHash-MD5: 10 | FileHash-SHA1: 10 | FileHash-SHA256: 10 | IPv4: 24 |
URL: 3 | Domain: 2 | Hostname: 1
A group of Iranian government-sponsored advanced persistent threat actors, known
as MuddyWater, are conducting cyber espionage and other malicious cyber
operations against global government and commercial networks, the US Department
of Homeland Security (DoH) has warned.
muddywater, powgoop, next blackcat, dlls, chisel, exchange, powershell,
cve20200688, ruler, january, command, ligolo, graph api, analyze, urls,
please, javascript, appdata, victimid, turkey, check point, belarus,
ukraine, powerstats, kanun deiiklii, delphi, april, later, turkish,
python, small sieve, mercury, static kitten, starwhale, uscert, csirt,
cert, cybersecurity, cyber security, computer security, u. s. computer
emergency readiness, cyber risks, cisa, ip address, cnmf, excel file, dll
file, ncscuk, lazagne, nsis, mori backdoor, dcom, persistence,
execution, mimikatz, panda
* 103 Subscribers
US and UK expose new malware used by MuddyWater hackers
CVE Indicator Active
* Created 2 weeks ago by dekaRituraj
* Public
* TLP: White
CVE: 3 | FileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 2 | IPv4: 23 |
URL: 1
US and UK cybersecurity and law enforcement agencies today shared information on
new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks
targeting critical infrastructure worldwide. This was revealed today in a joint
advisory issued by CISA, the Federal Bureau of Investigation (FBI), the US Cyber
Command's Cyber National Mission Force (CNMF), UK's National Cyber Security
Centre (NCSC-UK), and the National Security Agency (NSA). MuddyWater is
"targeting a range of government and private-sector organizations across
sectors—including telecommunications, defense, local government, and oil and
natural gas—in Asia, Africa, Europe, and North America," the two governments
said.
muddywater, powerstats, python, small sieve, mercury, static kitten,
powgoop, starwhale, uscert, csirt, cert, cybersecurity, cyber security,
computer security, u. s. computer emergency readiness, cyber risks, cisa,
powershell, command, ip address, cnmf, excel file, dll file, ncscuk,
lazagne, nsis, mori backdoor, dcom, persistence, execution, mimikatz,
panda
* 254 Subscribers
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global
Government and Commercial Networks
CVE Indicator Active
* Created 2 weeks ago by zer0daydan
* Public
* TLP: White
CVE: 3 | FileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 2 | IPv4: 23 |
URL: 1
A group of Iranian government-sponsored advanced persistent threat actors, known
as MuddyWater, are conducting cyber espionage and other malicious cyber
operations against global government and commercial networks, the US Department
of Homeland Security (DoH) has warned.
muddywater, powerstats, python, small sieve, mercury, static kitten,
powgoop, starwhale, uscert, csirt, cert, cybersecurity, cyber security,
computer security, u. s. computer emergency readiness, cyber risks, cisa,
powershell, command, ip address, cnmf, excel file, dll file, ncscuk,
lazagne, nsis, mori backdoor, dcom, persistence, execution, mimikatz,
panda
* 426 Subscribers
BlueNoroff APT Cryptocurrency-Focused Attack
CVE Indicator Active
* Created 2 months ago
* Modified 3 weeks ago by Provintell-Lab
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 179 | FileHash-SHA1: 95 | FileHash-SHA256: 95 | URL: 3 |
Domain: 56 | Hostname: 68
BlueNoroff is the name of an APT group coined by Kaspersky researchers. It
appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected
servers to solely cryptocurrency businesses as the main source of the group’s
illegal income. For the initial infection vector, they usually utilized zipped
Windows shortcut files or weaponized Word documents. Before implanting a Windows
executable type backdoor, the malware delivered a Visual Basic Script and
Powershell Script through multiple stages. These are used to deploy a keylogger
and screenshot taker. If the attackers realize that the target uses a popular
browser extension to manage crypto wallets (such as the Metamask extension),
they change the extension source from Web Store to local storage and replace the
core extension component with a tampered version. In another case, they realized
that the user owned a substantial amount of cryptocurrency, but used a hardware
wallet. they intercepted the transaction process and injected their own logic.
BlueNoroff, Cryptocurrency
* 145 Subscribers
The BlueNoroff cryptocurrency hunt is still on
CVE Indicator Active
* Created 2 months ago
* Modified 3 weeks ago by demoextraa
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 179 | FileHash-SHA1: 95 | FileHash-SHA256: 95 | URL: 3 |
Domain: 56 | Hostname: 70
BlueNoroff is the name of an APT group coined by Kaspersky researchers while
investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A
mysterious group with links to Lazarus and an unusual financial motivation for
an APT. The group seems to work more like a unit within a larger formation of
Lazarus attackers, with the ability to tap into its vast resources: be it
malware implants, exploits, or infrastructure. The group is currently active
(recent activity was spotted in November 2021).
* 12 Subscribers
karem.fr - ctf players gone bad
CVE Indicator Active
* Created 4 weeks ago by dorkingbeauty1
* Public
* TLP: White
CVE: 1 | FileHash-SHA256: 678 | IPv4: 52 | URL: 1698 | Domain: 934 | Email: 1 |
Hostname: 559
whois record, whois whois, ssl certificate, methodpost, whois ssl
* 215 Subscribers
Log4j
CVE Indicator Active
* Created 2 months ago
* Modified 4 weeks ago by demoextraa
* Public
* TLP: White
CVE: 141 | URL: 12 | Domain: 2 | Hostname: 4
* 12 Subscribers
[QuickNote] Analysis of malware suspected to be an APT attack targeting Vietnam
| 0day in {REA_TEAM}
CVE Indicator Active
* Created 1 month ago by bluewatcher
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 2 | FileHash-SHA256: 1 | URL: 2 | Hostname: 1
A look back at some of the key points in the US presidential election campaign,
which will be held in November 2016.
vietnam, dll file, shadow chaser, group, bien ban, utc cause, pe file,
rtf file, ip address, os name
* 24 Subscribers
Indian Chief of Defense Staff Crash: SideCopy APT Organization Takes Advantage
of the Fire
CVE Indicator Active
* Created 3 months ago
* Modified 2 months ago by trisdes87
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 9 | FileHash-SHA1: 5 | FileHash-SHA256: 5 | URL: 2
Recently, the QiAnXin Threat Intelligence Center has captured a number of attack
documents using the crash-related incident of the Chief of Defense Staff of
India as bait in the daily sample analysis and judgment. On December 8, local
time, the Chief of Staff of India’s Defense Staff crashed and died in the
southern state of Tamil Nadu in a military helicopter. This incident also
quickly spread on the Internet. Attackers used such related incidents as bait
documents and used the remote template injection function in the documents to
remotely load document files containing malicious DDE domain codes and execute
malicious code downloads.
strong, powershell, sidecopy apt, sidecopy, research, dde apt, aptsidecopy
apt, dde docx, office, 2022
* 168 Subscribers
Ransomware: Night Sky
CVE Indicator Active
* Created 2 months ago by demoextraa
* Public
* TLP: White
CVE: 138 | URL: 1 | Domain: 2 | Hostname: 1
* 11 Subscribers
Clintonfoundation.com
CVE Indicator Active
* Created 3 months ago
* Modified 2 months ago by Kailula4
* Public
* TLP: White
CVE: 3 | FileHash-SHA256: 458 | URL: 1904 | Domain: 620 | Email: 1 | Hostname:
513
resolver ip, subdomains, domain status, server, date, registrar abuse,
contact phone, whois lookup, domain name, domain id, registrar whois,
registrar url, whois record, ssl certificate, whois, Clintonfoundation.com
* 207 Subscribers
APT34: The Helix Kitten Cybercriminal Group Loves to Meow Middle Eastern and
International Organizations |
CVE Indicator Active
* Created 4 months ago
* Modified 3 months ago by mohdrennis
* Public
* TLP: White
CVE: 2 | FileHash-MD5: 9 | FileHash-SHA1: 9 | FileHash-SHA256: 9 | URL: 109 |
Domain: 6 | Hostname: 50
Cyware Academy provides a comprehensive guide to APT34, an advanced Persistent
Threat Actor (APT) who has been targeting Middle Eastern and international
organisations for more than two years.
apt34, twoface, a, quadagent, oopsie, bondupdater, dnspionage,
valuevault, information services, turla, helix kitten, greenbug, oilrig,
iran, cyware, strong, middle eastern, april, threat briefing, threat,
middle east, pickpocket, longwatch, june, fusion, target, attack,
helminth, karkoff, ismagent, rgdoor, trojan, cve201711882, contact,
energy, execution, malware, powershell, powruner, poison, frog, tools,
august, enterprise, service, protect
* 203 Subscribers
Dominion Voting System
CVE Indicator Active
* Created 1 year ago
* Modified 3 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 89 | FileHash-SHA1: 89 | FileHash-SHA256: 402 | URL: 1091
| Domain: 506 | Hostname: 837
Voting Software, Dominion Voting System
* 206 Subscribers
How is this being missed?
CVE Indicator Active
* Created 11 months ago
* Modified 3 months ago by Kailula4
* Public
* TLP: White
CVE: 3 | FileHash-MD5: 96 | FileHash-SHA1: 103 | FileHash-SHA256: 1532 | URL:
2424 | Domain: 1077 | Hostname: 1106
ssl certificate, whois, whois record, vforwarding.com, Stealthworker /
GoBrut CoinMiner Botnet
* 209 Subscribers
Fred's AlfaBank unpacked
CVE Indicator Active
* Created 6 months ago
* Modified 3 months ago by Kailula4
* Public
* TLP: White
CVE: 3 | FileHash-SHA1: 15 | FileHash-SHA256: 1290 | URL: 3291 | Domain: 842 |
Hostname: 1459
whois record, ssl certificate, whois, Fred's AlfaBank unpacked
* 210 Subscribers
Eva.virginia.gov
CVE Indicator Active
* Created 4 months ago
* Modified 3 months ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-MD5: 4 | FileHash-SHA1: 2 | FileHash-SHA256: 2380 | URL: 5524
| Domain: 692 | Hostname: 1614
ssl certificate, whois record, whois, xidparam130194, xidparam2gl, xidchf,
origin1, ms word, document, office open, xml document, detections type,
name, pdf rfp1028, email, pdf project, form, key identifier, x509v3
subject, v3 serial, number, issuer, cus cnentrust, l1k oentrust, entrust,
validity, lottawa ocgi, passive dns, subdomains, comodo valkyrie, verdict,
ranks rank, value ingestion, time cisco, umbrella, dns records, record
type, ttl value, data, virginia, submission, portal, history first,
analysis, http response, final url, ip address, status code, body length,
query
* 208 Subscribers
Additional IcedID IOCs - September 2021
CVE Indicator Active
* Created 6 months ago
* Modified 5 months ago by 343GuiltySpark
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 24 | FileHash-SHA1: 16 | FileHash-SHA256: 16 | Domain: 9
sha1 hash, md5 hash, icedid core, project id, update c2s
* 457 Subscribers
SLFPER:Trojan:Win32/FatDuke.A!dha
CVE Indicator Active
* Created 6 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA256: 143 | URL: 452 | Domain: 56 | Hostname: 124
less
* 207 Subscribers
CatherineEngelbrecht.com - AZ Activist & Poll Watcher, TrueTheVote.org
CVE Indicator Active
* Created 7 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA256: 222 | URL: 903 | Domain: 160 | Email: 3 | Hostname:
139
available from, email, code, proxy, llc registrar, date, registry tech,
server, admin country, registrant name, resolver ip, virustotal,
subdomains, united, record type, ttl value, whois lookup, scottsdale,
arizona create, domain name, domain, expiry date, name server, 2020 US
Elections Hack, Pegasus, CatherineEngelbrecht.com - AZ Activist & Poll
Watcher, TrueTheVo
* 206 Subscribers
ScottKoch.com ~ Former Law Enforcement w/ DOD Clearance, Koch Family @ Maricopa
Elections
CVE Indicator Active
* Created 6 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA1: 1 | FileHash-SHA256: 269 | URL: 664 | Domain: 180 |
Email: 4 | Hostname: 282
server, date, dnssec, domain name, status, abuse contact, email,
registrar abuse, contact phone, registrar iana, algorithm, key identifier,
x509v3 subject, data, v3 serial, number, issuer, cus cnthawte, tls rsa,
ca g1, value a, aaaa, ScottKoch.com ~ Former Law Enforcement w/ DOD
Clearance, Koch Fa
* 207 Subscribers
accuweather-com.videoplayerhub.com - CryptoMining Aggregator
CVE Indicator Active
* Created 12 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-MD5: 50 | FileHash-SHA1: 49 | FileHash-SHA256: 1550 | URL:
3986 | Domain: 499 | Hostname: 1258
The full list of names and references to videoplayerhub.com, as compiled by the
BBC News website, has now been published, with the following:.-, 1.4m
ssl certificate, whois record, whois, configoverride, continuity,
pageparams, iframedelay, autoxhr, history, angular, Music.ly (Chinese
App), www.focuschina.com, Nanocore CnC, CryptoMining, Gandolph3000,
accuweather-com.videoplayerhub.com - CryptoMining Aggregator
* 208 Subscribers
DominionVoting.net
CVE Indicator Active
* Created 10 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 3 | FileHash-SHA256: 648 | URL: 1612 | Domain: 950 | Hostname: 686
Maintree.net, DOMINIONVOTING.com, is the world's most popular online voting
platform, but it is not yet known how many of its users have signed up to the
service.
whois record, rdk0xjehal, whois, ssl certificate, Stealthworker / GoBrut
CoinMiner Botnet, DominionVoting.net
* 208 Subscribers
Tokthevote.com
CVE Indicator Active
* Created 1 year ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-MD5: 84 | FileHash-SHA1: 84 | FileHash-SHA256: 1607 | URL:
3752 | Domain: 755 | Hostname: 786
Tokthevote.com, the website set up to allow people to vote in the UK's general
election, has a record for the number of people registered in Scotland with a
valid Whois record.
whois record, ssl certificate, whois, WannaCry, Win32/Agent -
Command_and_Control, Tokthevote.com
* 211 Subscribers
CoriBush.com
CVE Indicator Active
* Created 11 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 3 | FileHash-MD5: 96 | FileHash-SHA1: 110 | FileHash-SHA256: 1379 | URL:
2481 | Domain: 863 | Hostname: 906
KevinMcCarthy.com, vforwarding.com, x.bidswitch.net, Cheat.exe,
Stealthworker / GoBrut CoinMiner Botnet, CoriBush.com
* 206 Subscribers
Inforextreme.com
CVE Indicator Active
* Created 11 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 4 | FileHash-MD5: 3 | FileHash-SHA1: 8 | FileHash-SHA256: 1802 | URL: 2743
| Domain: 563 | Email: 2 | Hostname: 1142
Whale To, IOT Reset Attack, Dominionvotingmachines.com, Ballotpedia.org,
Rat-X - LokiBot Agent, Loki Bot, disallowedcertstl.cab, Shadow Broker
Rootkits released, CVE-2017-11882, CVE-2017-0199, CVE-2010-3333,
CVE-2012-0158, Ransomware, Eternal Blue
* 209 Subscribers
FormBook Command and Control Expanded
CVE Indicator Active
* Created 6 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 6 | FileHash-SHA256: 583 | URL: 4077 | Domain: 2015 | Hostname: 1325
ipv4, formbook
* 207 Subscribers
5bok.tbok.tk_voting-template-microsoft-word_ 3.14.19
CVE Indicator Active
* Created 6 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CIDR: 37 | CVE: 1 | FileHash-MD5: 132 | FileHash-SHA256: 1292 | URL: 3449 |
Domain: 1269 | Hostname: 1207
CSA_TTPs-of-Indicted-APT40-Actors-Associated-with-China-MSS-Hain
* 207 Subscribers
KenBennett.com ~ AZ Senate's "Audit Liaison" & former AZ Secretary of State
CVE Indicator Active
* Created 6 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 1 | FileHash-SHA1: 10 | FileHash-SHA256: 164 | URL: 858 |
Domain: 368 | Email: 1 | Hostname: 368
cname, algorithm, key identifier, dns records, record type, ttl value,
data, v3 serial, number, issuer, server, date, domain status, admin
city, denver admin, country, admin email, organization, postal code, co
creation, 2020 US Elections Hack, scytl.com 11.14.20., KenBennett.com ~ AZ
Senate's "Audit Liaison" & former AZ Secreta
* 208 Subscribers
RobertMueller.com - Investigator of Russia Collusion in 2016 Elections
CVE Indicator Active
* Created 6 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA1: 10 | FileHash-SHA256: 166 | URL: 399 | Domain: 171 |
Email: 3 | Hostname: 136
algorithm, key identifier, x509v3 subject, v3 serial, number, issuer, cus
cnlet, x3 olet, subject public, key info, everywhere dv, tls ca, g1
odigicert, validity, server, cronon ag, registrar abuse, registrar whois,
registrar iana, contact phone, 4930398020, dnssec, domain status, creation
date, date, registrar url, thumbprint, virustotal, subdomains, domain
name, contact email, de registrant, email, expiration date, record type,
ttl value, aaaa, scytl.com 11.14.20, RobertMueller.com - Investigator of
Russia Collusion in 2016 Ele
* 208 Subscribers
127.0.0.1 ~ Local Network
CVE Indicator Active
* Created 12 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 6 | FileHash-MD5: 59 | FileHash-SHA1: 24 | FileHash-SHA256: 4907 | URL:
15461 | Domain: 4559 | Email: 1 | Hostname: 4500
W32.Bloat-A Command and Control, Cybergate CnC, Dominion Voting System -
FormBook Command and Control, Arkei CnC, Browardcountyschools.com
Win32/Chinbo.A CnC, Setting up the Network Proxy, 127.0.0.1 ~ Local Network
* 215 Subscribers
Takeonbigtech.com
CVE Indicator Active
* Created 8 months ago
* Modified 5 months ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-SHA256: 377 | URL: 1040 | Domain: 612 | Hostname: 483
Apple has fixed a bug in its iOS operating system, which resulted in the release
of an unauthorised version of WebKit, with the result of the same code being
applied to all iOS apps.
whois record, ssl certificate, whois, javascriptcore, quartzcore, webcore,
webkit, corefoundation, thread qos, user initiated, qos unspecified,
iokit, foundation, unknown, metal, powerstats, Dataminr Android Kit, Mail
with office attachments contain malware, Takeonbigtech.com
* 206 Subscribers
OliviaTroye.com - National Security Official, National Counterterrorism Center,
DHS, NSA
CVE Indicator Active
* Created 7 months ago
* Modified 6 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA256: 42 | URL: 173 | Domain: 36 | Email: 2 | Hostname: 59
comodo valkyrie, verdict, dns records, record type, ttl value, domain
status, date, server, registrar abuse, available from, country, proxy,
postal code, city, contact phone, code, Wanna Cry, 2020 US Elections Hack,
Pegasus
* 206 Subscribers
Pegasusprods.com
CVE Indicator Active
* Created 7 months ago
* Modified 6 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA256: 60 | URL: 159 | Domain: 53 | Hostname: 123
ip address, location united, asn as15169, Pegasus
* 206 Subscribers
JenaGriswold.com -Colorado Secretary of State
CVE Indicator Active
* Created 7 months ago
* Modified 6 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-SHA256: 42 | URL: 112 | Domain: 37 | Email: 2 | Hostname: 54
available from, code, proxy, llc registrar, date, registry tech, server,
virustotal, lookups, registrant, domain status, registrar abuse, country,
postal code, city, contact phone, 2020 US Elections Hack, Pegasus
* 206 Subscribers
ZachWamp.com ~ Coordinator of Election Protection Counsel
CVE Indicator Active
* Created 7 months ago
* Modified 6 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 1 | FileHash-SHA1: 10 | FileHash-SHA256: 149 | URL: 347 |
Domain: 159 | Email: 1 | Hostname: 131
Mountain.ai is the world's most popular social network, according to the latest
statistics from Google's live-streaming service, iBiz.com, which allows users to
check all of the site's details.
registrant, first, graph summary, virustotal, dns replication, date,
resolver ip, subdomains, files referring, detections type, name, server,
dnssec, domain name, status, abuse contact, email, registrar abuse,
contact phone, registrar iana, algorithm, key identifier, v3 serial,
number, issuer, cgb stgreater, rsa domain, server ca, subject public, key
info, ranks rank, value ingestion, time alexa, dns records, record type,
ttl value, msms30600175, 2020 US Election Hack, AnalystInstitute.org
* 207 Subscribers
Cellebrite
CVE Indicator Active
* Created 12 months ago
* Modified 6 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 35 | FileHash-SHA1: 37 | FileHash-SHA256: 752 | URL: 5767
| Domain: 1217 | Email: 2 | Hostname: 1885
Cellebrite.com, a company with a reputation as one of the world's most popular
social media sites, is being investigated by the US Federal Bureau of
Investigation (FBI).
ssl certificate, whois record, whois, Ransom:Win32/Sodinokibi.DSB!MTB,
bleesk.com (Beacon Service), AZ SOS, FormBook CnC, Ronjohnson.com, ,
InstallCore CnC, Lokibot, Monero Mining Worm using EternalBlue Exploit
* 209 Subscribers
Trump's new website
CVE Indicator Active
* Created 8 months ago
* Modified 6 months ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 492 | URL: 1703 | Domain: 671 |
Email: 2 | Hostname: 792
GoDaddy.com is the world's most popular website for domain owners, but its users
are also the most likely targets for malware and other malicious websites to
attempt to access their address book and access the addresses.
whois record, ssl certificate, whois, key identifier, x509v3 subject, v3
serial, number, issuer, cus cnstarfield, authority, g2 lscottsdale,
ouhttp, validity, info, available from, code, proxy, llc registrar,
registry tech, server, date, virustotal, tech email, admin country,
first, Dataminr Android Kit
* 206 Subscribers
DominionVotingSystem.com - Updated
CVE Indicator Active
* Created 10 months ago
* Modified 6 months ago by Kailula4
* Public
* TLP: White
CVE: 3 | FileHash-SHA256: 1771 | URL: 1608 | Domain: 254 | Hostname: 611
minergate.com (Monero Pool)
whois record, whois, ssl certificate, Malicious SolarWinds Installer,
Gaetz4Congress.com, Az.gov is Maine.gov, MarthaForArizonia.com,
MarthaForArizonia.com, minergate.com (Monero Pool)
* 207 Subscribers
Recopilación de IoC´s para el Malware tipo troyano: Janeleiro
CVE Indicator Active
* Created 7 months ago
* Modified 6 months ago by esoporteingenieria2020
* Public
* TLP: White
CVE: 82 | FileHash-MD5: 25 | FileHash-SHA1: 27 | FileHash-SHA256: 25 | URL: 7 |
Domain: 5 | Email: 1 | Hostname: 1
Janeleiro es un malware que desde 2019 ataca a usuarios corporativos de bancos
grandes en Brasil. Este malware muestra ventanas emergentes falsas que simulan
ser formularios legítimos de bancos, para así lograr acceso no autorizado a la
banca en línea de las cuentas de las víctimas. Desde el 26 de enero de 2021, el
equipo de Ocelot ha estado monitoreando una campaña activa de Janeleiro. Esta
campaña se dirige tanto a tarjetahabientes de bancos mexicanos como a titulares
de cuentas de criptomonedas.
direcciones y, puertos, figura, este, figura 2, formulario, ventana,
robo, janeleiro, actualizacin, inicio, metabase q, shutdown, njrat,
investigadores, search, apple corrige, el spyware, pegasus, oracle
weblogic, hispasec, malware, grandoreiro, casbaneiro, mekotio, vadokrist,
android, macos, corea, lazarus, notrobin, quasar rat, babuk, redline
stealer, twitter, mxico, el universal, english, san luis, bbva,
santander, colombia, siem, github, brasil, janeleiro sigue, amrica
latina, execution, guildma
* 37 Subscribers
CSA_TTPs-of-Indicted-APT40-Actors-Associated-with-China-MSS-Hainan-State-Security-Department.pdf
CVE Indicator Active
* Created 7 months ago
* Modified 7 months ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-MD5: 462 | FileHash-SHA256: 153 | URL: 179 | Domain: 50 |
Email: 2 | Hostname: 99
QUANTUM Insert, PRISM Flys under the radar
* 206 Subscribers
data-infra.inside.ai
CVE Indicator Active
* Created 12 months ago
* Modified 7 months ago by Kailula4
* Public
* TLP: White
CVE: 2 | FileHash-MD5: 82 | FileHash-SHA1: 82 | FileHash-SHA256: 937 | URL: 1639
| Domain: 433 | Hostname: 900
Clinton Foundation.org, FormBook CnC, Broward County Schools Cyber Attack,
Cell Mapper, JAR-16-20296A.csv ~ 2016 Russian Election Hack
* 206 Subscribers
Quick analysis note about DealPly (Adware)
CVE Indicator Active
* Created 7 months ago by mohdrennis
* Public
* TLP: White
CVE: 1 | FileHash-SHA256: 1 | Domain: 1
A look back at some of the key points in the US presidential election campaign,
which will be held on 5 May 2021, as part of a two-year process to elect a new
president.
orgaddr, c2transform, xortbl, command, update service, triggers,
runlevel, dll payload, val0x2c, calctblval, dealply, delphi, python
* 192 Subscribers
Hat Trick: Office Macros, VBS and CVEs highlight TrickBot’s June Debut - Cofense
CVE Indicator Active
* Created 8 months ago
* Modified 7 months ago by mohdrennis
* Public
* TLP: White
CVE: 1 | URL: 8 | Domain: 3
Learn more about Cofense's Phishing Defense and Response Services and how to
prevent and respond to the threats posed by email phishing and other
cyber-attacks on your email accounts and social media accounts.
trickbot, office macro, solutions, cofense, strong, segs, microsoft,
figure, office, vbs script, managed pdr, demo, close, contact, tools,
boom, phishing, emotet, ryuk, june, svchost, phishme, term
* 201 Subscribers
Mobility4ps
CVE Indicator Active
* Created 1 year ago
* Modified 7 months ago by Kailula4
* Public
* TLP: White
CVE: 1 | FileHash-MD5: 57 | FileHash-SHA1: 57 | FileHash-SHA256: 328 | URL: 590
| Domain: 406 | Hostname: 275
A look at some of the key facts about mobility4ps.com, or MOBILITY4PS.COM, as
compiled by the BBC News website and BBC Radio 4's Newsnight programme.
ssl certificate, whois record, whois, Bridge4PS, DHS, Mobility4PS,
Emotet, FormBook CnC
* 206 Subscribers
COMMENTS
You must be logged in to leave a comment.
Refresh Comments
* © Copyright 2022 AlienVault, Inc.
* Legal
* Status