otx.alienvault.com Open in urlscan Pro
143.204.98.83  Public Scan

URL: https://otx.alienvault.com/pulse/61893cf42727496f32952b3c
Submission: On November 08 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (163950)
Suggest Edit
Clone
Embed
Download
Report Spam



KDCSPONGE, NGLITE, GODZILLA WEBSHELL USED IN TARGETED ATTACK CAMPAIGN

   
 * Created 31 minutes ago by AlienVault
 * Public
 * TLP: White

An attack on ManageEngine ADSelfService Plus, a self-service password management
solution, was carried out in October 2021, according to a report by Palo Alto
Networks and the US Department of Defense.

Reference:
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Tags:
nglite, kdcsponge, godzilla
Industries:
Energy, Healthcare, Technology, Education, Defense
Targeted Country:
United States of America
Malware Families:
NGLite , Godzilla , KdcSponge
Att&ck IDs:
T1003 - OS Credential Dumping , T1074 - Data Staged , T1036 - Masquerading ,
T1566 - Phishing , T1140 - Deobfuscate/Decode Files or Information , T1505 -
Server Software Component , T1190 - Exploit Public-Facing Application , T1573 -
Encrypted Channel , T1595.002 - Vulnerability Scanning , T1001 - Data
Obfuscation , T1059 - Command and Scripting Interpreter , T1041 - Exfiltration
Over C2 Channel , T1056.004 - Credential API Hooking , T1547 - Boot or Logon
Autostart Execution

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (26)
 * Related Pulses (3)
 * Comments (0)
 * History (0)

IPv4 (9)FileHash-SHA256 (12)CVE (1)FileHash-SHA1 (2)FileHash-MD5 (2)

TYPES OF INDICATORS

United States (8)Canada (1)

THREAT INFRASTRUCTURE

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

IPv4199.188.59.192Nov 8, 2021, 3:06:29 PM2

FileHash-SHA256ce310ab611895db1767877bd1f635ee3c4350d6e17ea28f8d100313f62b87382Nov
8, 2021, 3:06:29 PM2

FileHash-SHA256b4162f039172dcb85ca4b85c99dd77beb70743ffd2e6f9e0ba78531945577665Nov
8, 2021, 3:06:29 PM2

FileHash-SHA256b2a29d99a1657140f4e254221d8666a736160ce960d06557778318e0d1b7423bNov
8, 2021, 3:06:29 PM2

FileHash-SHA256a44a5e8e65266611d5845d88b43c9e4a9d84fe074fd18f48b50fb837fa6e429dNov
8, 2021, 3:06:29 PM2

FileHash-SHA256805b92787ca7833eef5e61e2df1310e4b6544955e812e60b5f834f904623fd9fNov
8, 2021, 3:06:29 PM2

FileHash-SHA25675574959bbdad4b4ac7b16906cd8f1fd855d2a7df8e63905ab18540e2d6f1600Nov
8, 2021, 3:06:29 PM2

FileHash-SHA2565fcc9f3b514b853e8e9077ed4940538aba7b3044edbba28ca92ed37199292058ConventionEngine_Term_UsersNov
8, 2021, 3:06:29 PM2

FileHash-SHA2565b8c307c424e777972c0fa1322844d4d04e9eb200fe9532644888c4b6386d755Nov
8, 2021, 3:06:29 PM2

FileHash-SHA2565475aec3b9837b514367c89d8362a9d524bfa02e75b85b401025588839a40bcbNov
8, 2021, 3:06:29 PM2


SHOWING 1 TO 10 OF 26 ENTRIES
1
2
3
Next


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2021 AlienVault, Inc.
   
 * Legal
   
 * Status