otx.alienvault.com
Open in
urlscan Pro
143.204.98.83
Public Scan
URL:
https://otx.alienvault.com/pulse/61893cf42727496f32952b3c
Submission: On November 08 via api from US — Scanned from DE
Submission: On November 08 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (163950) Suggest Edit Clone Embed Download Report Spam KDCSPONGE, NGLITE, GODZILLA WEBSHELL USED IN TARGETED ATTACK CAMPAIGN * Created 31 minutes ago by AlienVault * Public * TLP: White An attack on ManageEngine ADSelfService Plus, a self-service password management solution, was carried out in October 2021, according to a report by Palo Alto Networks and the US Department of Defense. Reference: https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ Tags: nglite, kdcsponge, godzilla Industries: Energy, Healthcare, Technology, Education, Defense Targeted Country: United States of America Malware Families: NGLite , Godzilla , KdcSponge Att&ck IDs: T1003 - OS Credential Dumping , T1074 - Data Staged , T1036 - Masquerading , T1566 - Phishing , T1140 - Deobfuscate/Decode Files or Information , T1505 - Server Software Component , T1190 - Exploit Public-Facing Application , T1573 - Encrypted Channel , T1595.002 - Vulnerability Scanning , T1001 - Data Obfuscation , T1059 - Command and Scripting Interpreter , T1041 - Exfiltration Over C2 Channel , T1056.004 - Credential API Hooking , T1547 - Boot or Logon Autostart Execution Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (26) * Related Pulses (3) * Comments (0) * History (0) IPv4 (9)FileHash-SHA256 (12)CVE (1)FileHash-SHA1 (2)FileHash-MD5 (2) TYPES OF INDICATORS United States (8)Canada (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses IPv4199.188.59.192Nov 8, 2021, 3:06:29 PM2 FileHash-SHA256ce310ab611895db1767877bd1f635ee3c4350d6e17ea28f8d100313f62b87382Nov 8, 2021, 3:06:29 PM2 FileHash-SHA256b4162f039172dcb85ca4b85c99dd77beb70743ffd2e6f9e0ba78531945577665Nov 8, 2021, 3:06:29 PM2 FileHash-SHA256b2a29d99a1657140f4e254221d8666a736160ce960d06557778318e0d1b7423bNov 8, 2021, 3:06:29 PM2 FileHash-SHA256a44a5e8e65266611d5845d88b43c9e4a9d84fe074fd18f48b50fb837fa6e429dNov 8, 2021, 3:06:29 PM2 FileHash-SHA256805b92787ca7833eef5e61e2df1310e4b6544955e812e60b5f834f904623fd9fNov 8, 2021, 3:06:29 PM2 FileHash-SHA25675574959bbdad4b4ac7b16906cd8f1fd855d2a7df8e63905ab18540e2d6f1600Nov 8, 2021, 3:06:29 PM2 FileHash-SHA2565fcc9f3b514b853e8e9077ed4940538aba7b3044edbba28ca92ed37199292058ConventionEngine_Term_UsersNov 8, 2021, 3:06:29 PM2 FileHash-SHA2565b8c307c424e777972c0fa1322844d4d04e9eb200fe9532644888c4b6386d755Nov 8, 2021, 3:06:29 PM2 FileHash-SHA2565475aec3b9837b514367c89d8362a9d524bfa02e75b85b401025588839a40bcbNov 8, 2021, 3:06:29 PM2 SHOWING 1 TO 10 OF 26 ENTRIES 1 2 3 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status