Pulse Detail — Threat Intelligence

PULSE NAME

frph.exe - URL golang.org/x/net/bpf - http://x4k.sh/get/EXFgs/OneDrive.exe

WHITE dorkingbeauty1 2022-08-05 Modified: 2022-09-04

178

IOCs

HIGH VOLUME

Created from Old Safari Booknark syncing to an old unremovabke icloud account https://bitcoin-fortune.com/profile

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1012 T1027 T1057 T1082 T1497

Indicators of Compromise (178)

All FileHash-SHA256 URL domain hostname CVE FileHash-MD5 FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	01bfd79b365a3a54c4a60fa0c8cb27e4b82022fdd98cd0b8faea3c2a060948ba	—	2022-08-05
FileHash-SHA256	07220bd8c1c72cf72677eea84a5c9e15d27371c32f6d650a5fa817a7d67baded	—	2022-08-05
FileHash-SHA256	1d41c0bd1674353fb447487d9ae13d3aba1488e72d25e7482fa3dcc52c541ffa	—	2022-08-05
FileHash-SHA256	2181fc561eed3985e3f6922bfc50bb1a761377874ab0e86344bdc74505ed8f5c	—	2022-08-05
FileHash-SHA256	2627c51434c8c57b8019455d918f320e44f574dbe74913ea4ed97a422d8e7ccb	—	2022-08-05
FileHash-SHA256	272496168f1f8a5f321e4e159cb5fafcac061e54bd52a425dda65a242dcdd4f9	—	2022-08-05
FileHash-SHA256	362a23466b49de9a7206f0de4e3f6dd24fd573270c09057a05bb4ea247671b19	—	2022-08-05
FileHash-SHA256	4a81bbf7fdba663ec6b50e205ab3738b6870b0b80e40cc980b0014894c412838	—	2022-08-05
FileHash-SHA256	522a35af7418ff5b32b2d22489cb887c5418feac24c60ab639cd1f2f3be0efd0	—	2022-08-05
FileHash-SHA256	57fcad5928813d36cbb841ca1b388f90db41856599cd65bcf85fa80438cad3c7	—	2022-08-05
FileHash-SHA256	5d09201f81261f66abb0dcfab18304d19a9f18351763bb7f11968038a14b8349	—	2022-08-05
FileHash-SHA256	610d7f22e0a413469df6732f2fe4431df45e72268df9d1632a2681c26971ef0b	—	2022-08-05
FileHash-SHA256	67ff3b4ed683c09834741fc20ac61d79e49d1aa8d5fe6737cfb11fcd8cacc545	—	2022-08-05
FileHash-SHA256	8aca3280b382b5c1ece2854afe360925499f9cb16f255fb17c84cfc3e128b1f4	—	2022-08-05
FileHash-SHA256	91ed13e672ae6d61f83beb04e25dfe04a5d5d111b945674386a302c4a07fb834	—	2022-08-05
FileHash-SHA256	9d5eef4b39df0149096f70bde04f9704e0740e93b1f7911d1ad7a79fb7918cf8	—	2022-08-05
FileHash-SHA256	b6685bb57196f0e81663562b6581d248248455a069cfb3797b3dff572c78d1e5	—	2022-08-05
FileHash-SHA256	d2de7d9d60ede11defbc66175d322f45ebfb3cdceb66ca1f7afc2ccab63ee7fa	—	2022-08-05
FileHash-SHA256	d4bf8b96e74c85bdc5558c9cf810135dfdbf1c42e89b4ce50ec80b5b707b9bb2	—	2022-08-05
FileHash-SHA256	dc6628c84c6f2db7d2d507fd56af818ab548e71a93d470209d916e160335fa5c	—	2022-08-05
URL	https://x4k.sh/get/EXFgs/OneDrive.exe	—	2022-08-05
URL	http://x4k.sh/get/EXFgs/OneDrive.exe	—	2022-08-05
domain	archive.org	—	2022-08-05
URL	http://golang.org/x/net/bpf	—	2022-08-05
hostname	mail1.runtime.net	—	2022-08-05
URL	http://antlr3.runtime.net/	—	2022-08-05
URL	http://org.apache.flink.runtime.net/	—	2022-08-05
URL	http://www.runtime.net/	—	2022-08-05
URL	https://www.runtime.net	—	2022-08-05
URL	https://www.runtime.net/	—	2022-08-05
hostname	e.value.runtime.name	—	2022-08-05
URL	http://e.value.runtime.name	—	2022-08-05
URL	http://java.runtime.name	—	2022-08-05
URL	https://e.value.runtime.name	—	2022-08-05
URL	https://java.runtime.name	—	2022-08-05
hostname	p1.gopkg.in	—	2022-08-05
hostname	p2.gopkg.in	—	2022-08-05
hostname	p3.gopkg.in	—	2022-08-05
hostname	staging.gopkg.in	—	2022-08-05
URL	http://eq.gopkg.in	—	2022-08-05
URL	http://eq.gopkg.in/square/go-jose.v2/json.UnsupportedValueError	—	2022-08-05
URL	http://gopkg.in/sourcemap.v1/base64vlq/base64_vlq.go	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.JSONWebSignature.DetachedVerify	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.JSONWebSignature.compactSerialize	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.JSONWebSignature.computeAuthData	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.ecEncrypterVerifier.verifyPayload	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.edEncrypterVerifier.verifyPayload	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.rawHeader.getSignatureAlgorithm	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.rsaEncrypterVerifier.verifyPayload	—	2022-08-05
URL	http://gopkg.in/square/go-jose.v2/json.	—	2022-08-05
URL	https://eq.gopkg.in	—	2022-08-05
URL	https://gopkg.in/go	—	2022-08-05
URL	https://gopkg.in/mgo.v2	—	2022-08-05
URL	https://gopkg.in/neurosnap/sentences.v1	—	2022-08-05
URL	https://gopkg.in/warnings.v0	—	2022-08-05
URL	https://gopkg.in/yaml.v3	—	2022-08-05
domain	time.zone	—	2022-08-05
URL	http://golang.org/x/oauth2	—	2022-08-05
hostname	cj.x4k.dev	—	2022-08-05
hostname	cracker.x4k.dev	—	2022-08-05
hostname	l.x4k.dev	—	2022-08-05
hostname	tgram.x4k.dev	—	2022-08-05
hostname	wk.x4k.dev	—	2022-08-05
URL	https://repo.x4k.dev/windows/pstrap.ps1	—	2022-08-05
URL	https://repo.x4k.dev/windows/windows.jpegidna	—	2022-08-05
hostname	www.mail.myewheelshop.com	—	2022-08-05
hostname	cpcalendars.pafc.pk	—	2022-08-05
hostname	cpcontacts.pafc.pk	—	2022-08-05
URL	https://pafc.pk/mx.banregio1.php	—	2022-08-05
URL	https://pafc.pk/wp-content/plugins/fdzvcev/admin/own.html	—	2022-08-05
hostname	www.mail.royalparrotshome.com	—	2022-08-05
URL	http://wakkeup.tk/jpr	—	2022-08-05
FileHash-SHA256	0afad218ba4fa36baa3166ed16fb5c7588b2716cf13afc0fa86a937e7ae291f9	—	2022-08-05
FileHash-SHA256	126aece6018ffc042d85c28f081e4d44c33e7381e1f3a69969d890019ec76ce2	—	2022-08-05
FileHash-SHA256	67d7cab1c9d5cd190aed310b8c75f132ea226e742faa8feaf6c7bfc66a60981c	—	2022-08-05
FileHash-SHA256	69f40292915d779ed6dc2df3e5d1d355b38fca0832741458190587b5fc457d5e	—	2022-08-05
FileHash-SHA256	7596418c84293532ad0596428a7285ac490b65f680cb836a68ac537e36e6bd52	—	2022-08-05
FileHash-SHA256	7edb94e394135ce8a1b361317697baa3bc228fac5315c8ff49637ab7f15f79a0	—	2022-08-05
FileHash-SHA256	90a53bf04f33230a0798011161414816bc878d8e47259a293795d47b02354b51	—	2022-08-05
FileHash-SHA256	a9282812ea5c5befd4aa46ae7fed6e38ada592853c5927ea05c3eb3b06e4b93f	—	2022-08-05
FileHash-SHA256	b7ee38385996cded731987d85c771be4fe3c370176788208ff8b2df317f39f07	—	2022-08-05
FileHash-SHA256	cdb213ab22a8c04992cd123668c696335d449805f5ae0c47cfdd1d3c9f43bdd8	—	2022-08-05
hostname	acp.x4k.dev	—	2022-08-05
hostname	fb.x4k.dev	—	2022-08-05
hostname	git.x4k.dev	—	2022-08-05
hostname	mallik.x4k.dev	—	2022-08-05
domain	mamba77.red	—	2022-08-05
hostname	mundo-telenovelas.x4k.dev	—	2022-08-05
hostname	ntop.x4k.dev	—	2022-08-05
hostname	ntopng.x4k.dev	—	2022-08-05
hostname	oelwein-ia.x4k.dev	—	2022-08-05
hostname	registry.x4k.dev	—	2022-08-05
hostname	synapse.x4k.dev	—	2022-08-05
hostname	test.x4k.dev	—	2022-08-05
hostname	vs1.x4k.dev	—	2022-08-05
hostname	vs2.x4k.dev	—	2022-08-05
hostname	vs3.x4k.dev	—	2022-08-05
domain	xn--90a5ai.com	—	2022-08-05
hostname	zeronet.x4k.dev	—	2022-08-05
URL	http://1q.is	—	2022-08-05
URL	http://acp.x4k.dev	—	2022-08-05
URL	http://mallik.x4k.dev	—	2022-08-05
URL	http://mundo-telenovelas.x4k.dev	—	2022-08-05
URL	http://oelwein-ia.x4k.dev	—	2022-08-05
URL	http://repo.x4k.dev/windows/	—	2022-08-05
URL	http://repo.x4k.dev/windows/frph.exe	—	2022-08-05
URL	http://x4k.dev	—	2022-08-05
URL	http://xn--90a5ai.com	—	2022-08-05
URL	https://1q.is	—	2022-08-05
URL	https://acp.x4k.dev	—	2022-08-05
URL	https://mallik.x4k.dev	—	2022-08-05
URL	https://mundo-telenovelas.x4k.dev	—	2022-08-05
URL	https://oelwein-ia.x4k.dev	—	2022-08-05
URL	https://xn--90a5ai.com	—	2022-08-05
URL	https://фсб.com	—	2022-08-05
domain	x4k.dev	—	2022-08-05
FileHash-SHA256	07dd33aad9339c600edbea924bb6fb81e68f8f4c77ee6dd2f72cd79c4e0d0248	—	2022-08-05
FileHash-SHA256	187e081a464b6fa19d8b73ca349b9b8880bf71710101675aad72f20510fd2959	—	2022-08-05
FileHash-SHA256	1fcaae389d2ae794243c0f3c1839873a6505143a617deaf6bf13fc7ffc821e6e	—	2022-08-05
FileHash-SHA256	324baf4e4e4adadd75fbcbc900b7965a5bef269b1b21f6f22979819e4e27938b	—	2022-08-05
FileHash-SHA256	659cefadcb804f7ac3c286f6a574be902890efab4d7547b923a36a7c6e2880b1	—	2022-08-05
FileHash-SHA256	9d853bee85040e7272de3a9dbd858a8cc28fccdef06e350208d7cf5763eecced	—	2022-08-05
FileHash-SHA256	a3b02c637674070a51564b0c205fc6f19c0cce0efdeb71376f8e692d0134f19c	—	2022-08-05
FileHash-SHA256	c836525fbdee5011375de9dc65cbee506e63bac98718730e55090a9cfa93dd27	—	2022-08-05
FileHash-SHA256	f871c883dc63a7424d1e10e6bb6b966dfb8f25fb7a202b406b63e202f94e1ad6	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/assets/css/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/assets/js/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/assets/themes/nord/	—	2022-08-05
URL	https://x4k.dev	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZl	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZlLm	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZlLmV4ZQ=	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/css/ynh_portal.css	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/js/ynh_portal.js	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/themes/nord/custom_portal.css	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/themes/nord/custom_portal.js	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/themes/nord/logo.png	—	2022-08-05
URL	http://164.68.114.29/yunohost/admin/	—	2022-08-05
URL	http://myewheelshop.com/cart/	—	2022-08-05
URL	http://myewheelshop.com/contact-page/	—	2022-08-05
URL	http://myewheelshop.com/my-account/	—	2022-08-05
URL	http://navilesphoto.com/index.html	—	2022-08-05
URL	http://pafc.pk/wp-content/plugins/fdzvcev/admin/own.html	—	2022-08-05
URL	http://repo.x4k.dev/windows/kms.cmd	—	2022-08-05
URL	http://royalparrotshome.com/available-birds/	—	2022-08-05
URL	http://wakkeup.tk/jpr/	—	2022-08-05
URL	http://x4k.dev/h3ll0/	—	2022-08-05
URL	http://x4k.dev/index.html/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0V	—	2022-08-05
domain	myewheelshop.com	—	2022-08-05
domain	navilesphoto.com	—	2022-08-05
domain	pafc.pk	—	2022-08-05
domain	royalparrotshome.com	—	2022-08-05
domain	wakkeup.tk	—	2022-08-05
hostname	repo.x4k.dev	—	2022-08-05
hostname	www.tedistr.si	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZlLmV4ZQ==	—	2022-08-05
CVE	CVE-2021-22941	—	2022-08-05
FileHash-MD5	07b5472d347d42780469fb2654b7fc54	—	2022-08-05
FileHash-MD5	1ea7c1c69785c6825ca588348053cfda	—	2022-08-05
FileHash-MD5	2040d24cf25f213b5b0b06726a1acc7f	—	2022-08-05
FileHash-MD5	4035d2883e01d64f3e7a9dccb1d63af5	—	2022-08-05
FileHash-MD5	50004e3d2b9b270e5c1b0f87dd54aaab	—	2022-08-05
FileHash-MD5	996c3eb5c21a20dd13b7ceee6c80b673	—	2022-08-05
FileHash-MD5	a091d41d5bf233c26cfc86988e879949	—	2022-08-05
FileHash-MD5	a109b3f1d646c7f14033447c2e69a116	—	2022-08-05
FileHash-SHA1	39c5459c920e7c0a325e053116713bfd8bc5ddaf	—	2022-08-05
FileHash-SHA256	42ef8fb1eadf609c84262dcfa569ba63c8e31dce25347ab0dd79bb778e7790a1	—	2022-08-05
FileHash-SHA256	6e90d525e170c3d16697227fff9bc2fd17eaefcae6648983e776898e3fa6d524	—	2022-08-05
URL	http://gopkg.in/ini.v1	—	2022-08-05
domain	gopkg.in	—	2022-08-05
domain	reflect.name	—	2022-08-05
domain	runtime.name	—	2022-08-05
domain	runtime.net	—	2022-08-05
domain	singleflight.call	—	2022-08-05

References (10)

↗ x4k.dev - urlscan.io.pdf ↗ x4k.dev - urlscan.io behaviours js.pdf ↗ x4k.dev - urlscan.io - simular too.pdf ↗ x4k.dev - urlscan.io content.pdf ↗ dom.pdf ↗ x4k.dev - urlscan.io dom .pdf ↗ https://hybrid-analysis.com/sample/42ef8fb1eadf609c84262dcfa569ba63c8e31dce25347ab0dd79bb778e7790a1/61f5ec666491152e286edf81 ↗ https://golang.org/x/net/bpf ↗ Source ↗ http://x4k.sh/get/EXFgs/OneDrive.exe