otx.alienvault.com
Open in
urlscan Pro
13.35.253.51
Public Scan
URL:
https://otx.alienvault.com/pulse/61b75a09bdce253efac32ffe?source=email_notification
Submission: On December 13 via api from US — Scanned from DE
Submission: On December 13 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (168129) Suggest Edit Clone Embed Download Report Spam TINYNUKE BANKING MALWARE TARGETS FRENCH ENTITIES * Created 32 minutes ago by AlienVault * Public * TLP: White Proofpoint identified multiple recent campaigns leveraging invoice-themed lures to distribute the uncommonly observed TinyNuke malware. The activity marks a stark reappearance of this threat, which has not been seen with regularity since 2018. The campaigns target hundreds of customers in various industries including manufacturing, technology, construction, and business services. The campaigns use French language lures with invoice or other financial themes, and almost exclusively target French entities and companies with operations in France. Reference: https://www.proofpoint.com/us/blog/threat-insight/tinynuke-banking-malware-targets-french-entities Tags: TinyNuke, Banking Malware, France, email, phishing, JavaScript Industries: Transportation, Logistics, Financial, Construction, Finance, Banking, Technology, Manufacturing Targeted Country: France Malware Family: TinyNuke Att&ck IDs: T1090 - Proxy , T1102 - Web Service , T1059 - Command and Scripting Interpreter , T1114 - Email Collection , T1566 - Phishing Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (12) * Related Pulses (1) * Comments (0) * History (0) URL (11)FileHash-SHA256 (1) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses URLhttps://www.genou-alsace.fr/putty.zipDec 13, 2021, 2:34:50 PM0 URLhttps://www.edmf.org/redirect_d2CORIvmZ/putty.zipZip archive data, at least v2.0 to extractDec 13, 2021, 2:34:50 PM1 URLhttps://baloobajojonako.fr/panel/client.php?47F3640E5BCAD613Dec 13, 2021, 2:34:50 PM0 URLhttps://addendasoftware.com/blog2/wp-content/uploads/2021/11/putty.zipZip archive data, at least v2.0 to extractDec 13, 2021, 2:34:50 PM0 URLhttp://www.palette-events.com/css/_notes/putty.zipDec 13, 2021, 2:34:50 PM0 URLhttp://laurentabert.fr/setup.zipDec 13, 2021, 2:34:50 PM0 URLhttp://fizi4aqe7hpsts3r.onion/hci/client.phpDec 13, 2021, 2:34:50 PM0 FileHash-SHA2565ba482a11f1a99293a249c350c360cd0d8f1456dfcfd27bf0b4189511e4800d8Dec 13, 2021, 2:34:50 PM0 URLhttp://www.lightcharts.com/old-website/putty.zipmalware_hostingOther:Malware-gen\ [Trj]Dec 13, 2021, 2:34:50 PM0 URLhttp://www.energym63.com/10451372/putty2.zipmalware_hostingOther:Malware-gen\ [Trj]Dec 13, 2021, 2:34:50 PM0 SHOWING 1 TO 10 OF 12 ENTRIES 1 2 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status