← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Winter Vivern summer campaign
WHITE Wintervivern AlienVault 2021-09-28 Modified: 2021-09-28
33
IOCs
MEDIUM VOLUME
In July, 2021, researchers found a currently active infection campaign attributed to a group referred as Wintervivern after a report published by the research team from DomainTools.
wintervivernsharpshooter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SharpShooter
Indicators of Compromise (33)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1e4ac5f0f8423676e87092552f5f595f MD5 of 2f52434696f98c9668a85f1af5dd4af2be729a7971f878ca9125731e27c63c50 2021-09-28
FileHash-MD5 4f5684ef53558b3e425aca2d17a28b9a MD5 of 0303936e7341b47b797b42b6911101d72a82f38faa263898c5993e7ee90107cc 2021-09-28
FileHash-MD5 6661ea544a541357ada6c32eb70cd96c MD5 of c34e98a31246f0903d4742dcf0a9890d5328ba8a1897fcf9cd803e104591ed5f 2021-09-28
FileHash-MD5 7940c343ae91e7198acf83400b25252f MD5 of 94f45ba55420961451afd1b70657375ec64b7697a515a37842478a5009694cfa 2021-09-28
FileHash-MD5 7a59366676daaa95cc71a0110ef75753 2021-09-28
FileHash-MD5 fdc4631008461df18e78fb653662f111 MD5 of 2a176721b35543d7f4d9e3d24a7c50e0ea57d7eaa251c6b24985d5266a6a977a 2021-09-28
FileHash-SHA1 24ff451168937cdb4ee9a63a42485b548c980288 SHA1 of c34e98a31246f0903d4742dcf0a9890d5328ba8a1897fcf9cd803e104591ed5f 2021-09-28
FileHash-SHA1 47049d87ed32060f9827f3a275b38042a35dcfab SHA1 of 2f52434696f98c9668a85f1af5dd4af2be729a7971f878ca9125731e27c63c50 2021-09-28
FileHash-SHA1 6cbfb9c5e112443576e96edf427b3461a626eda0 SHA1 of 94f45ba55420961451afd1b70657375ec64b7697a515a37842478a5009694cfa 2021-09-28
FileHash-SHA1 952d4471b78d2f4fbbff396ce7895e31e47985ef SHA1 of 0303936e7341b47b797b42b6911101d72a82f38faa263898c5993e7ee90107cc 2021-09-28
FileHash-SHA1 ceec36e6c881b957b52d30cc9848eb53fffb32d5 2021-09-28
FileHash-SHA1 d7aed9fce2ec209b135422cf0430e95a0403c0ca SHA1 of 2a176721b35543d7f4d9e3d24a7c50e0ea57d7eaa251c6b24985d5266a6a977a 2021-09-28
FileHash-SHA256 00f6291012646213a5aab81153490bb121bbf9c64bb62eb4ce582c3af88bccfd 2021-09-28
FileHash-SHA256 0303936e7341b47b797b42b6911101d72a82f38faa263898c5993e7ee90107cc 2021-09-28
FileHash-SHA256 066ac6b068ba1b3f177173a113085cc53c785e875b841948df8bbf095c61807d 2021-09-28
FileHash-SHA256 0682e44d2e37f2f7b3f42fffa8366f4b20470ab54ece04da444f47efda1ac610 2021-09-28
FileHash-SHA256 2a176721b35543d7f4d9e3d24a7c50e0ea57d7eaa251c6b24985d5266a6a977a 2021-09-28
FileHash-SHA256 2f52434696f98c9668a85f1af5dd4af2be729a7971f878ca9125731e27c63c50 2021-09-28
FileHash-SHA256 4f498238ba3568fd9dc2d12954e16bdd06ddadd4484fa2b40c6f9cf08a2c1360 2021-09-28
FileHash-SHA256 63005efc652557fad43118273e11f7b37e2d59db2d677e936cddab82fba30602 2021-09-28
FileHash-SHA256 638bedcc00c1b1b8a25026b34c29cecc76c050aef56fa55f6e8878e6b951e473 2021-09-28
FileHash-SHA256 94f45ba55420961451afd1b70657375ec64b7697a515a37842478a5009694cfa 2021-09-28
FileHash-SHA256 b5551ee3d24c53983670fca24e07f0b86ceb3adb7ac353d59fc98f481e5339ca 2021-09-28
FileHash-SHA256 bd1efa4cf3f02cd8723c48deb5f69a432c22f359b93cab4f1d2a9f037a236eaa 2021-09-28
FileHash-SHA256 c34e98a31246f0903d4742dcf0a9890d5328ba8a1897fcf9cd803e104591ed5f 2021-09-28
FileHash-SHA256 cdca87c79b4c3c0ed4ffad2a7a64f267250d94ed9e9f8d931faad91cecb5a595 2021-09-28
FileHash-SHA256 d66b7443285a23cea3c21cdfeb7fbc22cac53f347437ff26b9d709279996744a 2021-09-28
FileHash-SHA256 f84044bddbd3e05fac1319c988919492971553bb65dbf7b7988d66a8cd677eb8 2021-09-28
URL https://securetourspd.com/../users/2cd6c84c6c64ec05e7b418e15f9d1b7c0dc6733154aa266c64f0cb74e2083472/ceec36e6c881b957b52d30cc9848eb53fffb32d5.php’ 2021-09-28
domain centr-security.com 2021-09-28
domain secure-daddy.com 2021-09-28
domain securemanag.com 2021-09-28
domain securetourspd.com 2021-09-28
References (1)
↗ https://lab52.io/blog/winter-vivern-all-summer/