otx.alienvault.com
Open in
urlscan Pro
18.66.248.83
Public Scan
URL:
https://otx.alienvault.com/pulse/627e53f1eb6450408e7f1873?source=email_notification
Submission: On June 03 via api from US — Scanned from DE
Submission: On June 03 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (189253) Suggest Edit Clone Embed Download Report Spam SYK CRYPTER DISTRIBUTING MALWARE FAMILIES VIA DISCORD * Created 3 weeks ago by AlienVault * Public * TLP: White With 50% more users last year than in 2020, the number of people using the community chat platform Discord is growing at a blistering pace. This has led cybercriminals to refine and expand malicious attack use cases for the platform. In this threat research report, Morphisec reveals how threat actors are using Discord as part of an increasingly popular attack chain with a new SYK crypter designed to outwit signature and behavior-based security controls. Reference: https://blog.morphisec.com/syk-crypter-discord Tags: Discord, SYK crypter, phishing email Malware Family: SYK Att&ck IDs: T1055 - Process Injection , T1566 - Phishing , T1547 - Boot or Logon Autostart Execution , T1573 - Encrypted Channel , T1027 - Obfuscated Files or Information , T1036 - Masquerading , T1104 - Multi-Stage Channels , T1127 - Trusted Developer Utilities Proxy Execution , T1193 - Spearphishing Attachment Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (103) * Related Pulses (40) * Comments (0) * History (0) IPv4 (2)Other (26)FileHash-MD5 (7)URL (44)FileHash-SHA1 (7)Hostname (15) TYPES OF INDICATORS Sweden (1)Switzerland (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamenipuelputas.myftp.orgMay 13, 2022, 12:49:54 PM3 hostnamemijamajor.hopto.orgMay 13, 2022, 12:49:54 PM3 hostnamejoseedward5001.ddns.netMay 13, 2022, 12:49:54 PM6 hostnamehustlegang.duckdns.orgMay 13, 2022, 12:49:54 PM3 hostnamegu3rr4.duckdns.orgMay 13, 2022, 12:49:54 PM3 hostnameglengaidos2881.ddns.netMay 13, 2022, 12:49:54 PM3 hostnameenero2022.con-ip.comMay 13, 2022, 12:49:54 PM3 hostnamedreams2reality.duckdns.orgMay 13, 2022, 12:49:54 PM3 hostnamediosamor27.duckdns.orgMay 13, 2022, 12:49:54 PM3 hostnamededicatedlambo9.ddns.netMay 13, 2022, 12:49:54 PM6 SHOWING 1 TO 10 OF 103 ENTRIES 1 2 3 4 5 ... 11 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status