Pulse Detail — Threat Intelligence

PULSE NAME

frph.exe - URL golang.org/x/net/bpf - http://x4k.sh/get/EXFgs/OneDrive.exe

WHITE dorkingbeauty1 2022-08-05 Modified: 2022-09-04

178

IOCs

HIGH VOLUME

Created from Old Safari Booknark syncing to an old unremovabke icloud account https://bitcoin-fortune.com/profile

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1012 T1027 T1057 T1082 T1497

Indicators of Compromise (80 / 178 total)

All FileHash-SHA256 URL domain hostname CVE FileHash-MD5 FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://x4k.sh/get/EXFgs/OneDrive.exe	—	2022-08-05
URL	http://x4k.sh/get/EXFgs/OneDrive.exe	—	2022-08-05
URL	http://golang.org/x/net/bpf	—	2022-08-05
URL	http://antlr3.runtime.net/	—	2022-08-05
URL	http://org.apache.flink.runtime.net/	—	2022-08-05
URL	http://www.runtime.net/	—	2022-08-05
URL	https://www.runtime.net	—	2022-08-05
URL	https://www.runtime.net/	—	2022-08-05
URL	http://e.value.runtime.name	—	2022-08-05
URL	http://java.runtime.name	—	2022-08-05
URL	https://e.value.runtime.name	—	2022-08-05
URL	https://java.runtime.name	—	2022-08-05
URL	http://eq.gopkg.in	—	2022-08-05
URL	http://eq.gopkg.in/square/go-jose.v2/json.UnsupportedValueError	—	2022-08-05
URL	http://gopkg.in/sourcemap.v1/base64vlq/base64_vlq.go	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.JSONWebSignature.DetachedVerify	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.JSONWebSignature.compactSerialize	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.JSONWebSignature.computeAuthData	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.ecEncrypterVerifier.verifyPayload	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.edEncrypterVerifier.verifyPayload	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.rawHeader.getSignatureAlgorithm	—	2022-08-05
URL	http://gopkg.in/square/go-jose%2ev2.rsaEncrypterVerifier.verifyPayload	—	2022-08-05
URL	http://gopkg.in/square/go-jose.v2/json.	—	2022-08-05
URL	https://eq.gopkg.in	—	2022-08-05
URL	https://gopkg.in/go	—	2022-08-05
URL	https://gopkg.in/mgo.v2	—	2022-08-05
URL	https://gopkg.in/neurosnap/sentences.v1	—	2022-08-05
URL	https://gopkg.in/warnings.v0	—	2022-08-05
URL	https://gopkg.in/yaml.v3	—	2022-08-05
URL	http://golang.org/x/oauth2	—	2022-08-05
URL	https://repo.x4k.dev/windows/pstrap.ps1	—	2022-08-05
URL	https://repo.x4k.dev/windows/windows.jpegidna	—	2022-08-05
URL	https://pafc.pk/mx.banregio1.php	—	2022-08-05
URL	https://pafc.pk/wp-content/plugins/fdzvcev/admin/own.html	—	2022-08-05
URL	http://wakkeup.tk/jpr	—	2022-08-05
URL	http://1q.is	—	2022-08-05
URL	http://acp.x4k.dev	—	2022-08-05
URL	http://mallik.x4k.dev	—	2022-08-05
URL	http://mundo-telenovelas.x4k.dev	—	2022-08-05
URL	http://oelwein-ia.x4k.dev	—	2022-08-05
URL	http://repo.x4k.dev/windows/	—	2022-08-05
URL	http://repo.x4k.dev/windows/frph.exe	—	2022-08-05
URL	http://x4k.dev	—	2022-08-05
URL	http://xn--90a5ai.com	—	2022-08-05
URL	https://1q.is	—	2022-08-05
URL	https://acp.x4k.dev	—	2022-08-05
URL	https://mallik.x4k.dev	—	2022-08-05
URL	https://mundo-telenovelas.x4k.dev	—	2022-08-05
URL	https://oelwein-ia.x4k.dev	—	2022-08-05
URL	https://xn--90a5ai.com	—	2022-08-05
URL	https://фсб.com	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/assets/css/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/assets/js/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/assets/themes/nord/	—	2022-08-05
URL	https://x4k.dev	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZl	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZlLm	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZlLmV4ZQ=	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/css/ynh_portal.css	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/js/ynh_portal.js	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/themes/nord/custom_portal.css	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/themes/nord/custom_portal.js	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/assets/themes/nord/logo.png	—	2022-08-05
URL	http://164.68.114.29/yunohost/admin/	—	2022-08-05
URL	http://myewheelshop.com/cart/	—	2022-08-05
URL	http://myewheelshop.com/contact-page/	—	2022-08-05
URL	http://myewheelshop.com/my-account/	—	2022-08-05
URL	http://navilesphoto.com/index.html	—	2022-08-05
URL	http://pafc.pk/wp-content/plugins/fdzvcev/admin/own.html	—	2022-08-05
URL	http://repo.x4k.dev/windows/kms.cmd	—	2022-08-05
URL	http://royalparrotshome.com/available-birds/	—	2022-08-05
URL	http://wakkeup.tk/jpr/	—	2022-08-05
URL	http://x4k.dev/h3ll0/	—	2022-08-05
URL	http://x4k.dev/index.html/	—	2022-08-05
URL	http://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0V	—	2022-08-05
URL	https://x4k.dev/yunohost/sso/?r=aHR0cHM6Ly94NGsuc2gvZ2V0L0VYRmdzL09uZURyaXZlLmV4ZQ==	—	2022-08-05
URL	http://gopkg.in/ini.v1	—	2022-08-05

References (10)

↗ x4k.dev - urlscan.io.pdf ↗ x4k.dev - urlscan.io behaviours js.pdf ↗ x4k.dev - urlscan.io - simular too.pdf ↗ x4k.dev - urlscan.io content.pdf ↗ dom.pdf ↗ x4k.dev - urlscan.io dom .pdf ↗ https://hybrid-analysis.com/sample/42ef8fb1eadf609c84262dcfa569ba63c8e31dce25347ab0dd79bb778e7790a1/61f5ec666491152e286edf81 ↗ https://golang.org/x/net/bpf ↗ Source ↗ http://x4k.sh/get/EXFgs/OneDrive.exe