Pulse Detail — Threat Intelligence

PULSE NAME

Credential Caution: Exploring the New Public Cloud File-Borne

WHITE CyberHunter_NL 2023-04-18 Modified: 2023-04-18

IOCs

MEDIUM VOLUME

Find out more about FDR, the file-borne malware detection and response (FDR) solution, at the InQuest blog blog and on the site for all the latest products and services.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566 T1199 T1195 T1204

Indicators of Compromise (36)

All hostname URL FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	wnwbvgtrw.blob.core.windows.net	—	2023-04-18
hostname	vlpvoovi.blob.core.windows.net	—	2023-04-18
hostname	rmrnhhy.blob.core.windows.net	—	2023-04-18
hostname	nsbwyet.blob.core.windows.net	—	2023-04-18
hostname	mwkppwoiue.blob.core.windows.net	—	2023-04-18
hostname	mnbah.blob.core.windows.net	—	2023-04-18
hostname	mepeoe.blob.core.windows.net	—	2023-04-18
hostname	mennebeyry.s3.us-east-005.backblazeb2.com	—	2023-04-18
hostname	emmwppe.blob.core.windows.net	—	2023-04-18
hostname	eleoppeuy.blob.core.windows.net	—	2023-04-18
hostname	dmdjfuy.blob.core.windows.net	—	2023-04-18
URL	http://wnwbvgtrw.blob.core.windows.net/fbgryyt/lada11.html	—	2023-04-18
URL	http://vlpvoovi.blob.core.windows.net/nhytr/lada11.html	—	2023-04-18
URL	http://rmrnhhy.blob.core.windows.net/fbfgtttr/lada11.html	—	2023-04-18
URL	http://nsbwyet.blob.core.windows.net/bshdytww/lada11.html	—	2023-04-18
URL	http://mwkppwoiue.blob.core.windows.net/jshywtte/lada11.html	—	2023-04-18
URL	http://mnbah.blob.core.windows.net/nbvegw/lada11.html	—	2023-04-18
URL	http://mepeoe.blob.core.windows.net/nhebeyrt/lada11.html	—	2023-04-18
URL	http://mennebeyry.s3.us-east-005.backblazeb2.com/lada11.html	—	2023-04-18
URL	http://emmwppe.blob.core.windows.net/fmfhfyyf/lada11.html	—	2023-04-18
URL	http://eleoppeuy.blob.core.windows.net/xncbbgc/lada11.html	—	2023-04-18
URL	http://dmdjfuy.blob.core.windows.net/ndhhryw/lada11.html	—	2023-04-18
FileHash-SHA256	cb2549146b9ccfead42672e9d48e515c6234eb81f9f0448f3cf52974dd4045f8	—	2023-04-18
FileHash-SHA256	f41004462113ddf751d15b4aa81b2808b7730f0e6f51449f0d958aa2a88fbe73	—	2023-04-18
URL	http://app.raven.com/share/3WNY9XHYL9=	—	2023-04-18
URL	http://app.raven.com/share/3WNY9XHYL9J5T5JTE4XXA9353MN3HO	—	2023-04-18
URL	http://app.raven.com/share/4VA9U6YITENWUM7PO2N7KYW7TLM6KC	—	2023-04-18
URL	http://app.raven.com/share/5DJHS95YLXMWUTIVE7TA2KP8X2MVNT	—	2023-04-18
URL	http://formspree.io/f/xlekbzvj	—	2023-04-18
URL	http://fredericchaix.com/controllers/admin/RV.php	—	2023-04-18
URL	http://zumatrip.com/wp-includes/widgets/F1.php	—	2023-04-18
URL	https://phishtank.org/phish_detail.php?phish_id=8035575	—	2023-04-18
domain	formspree.io	—	2023-04-18
domain	fredericchaix.com	—	2023-04-18
domain	phishtank.org	—	2023-04-18
domain	zumatrip.com	—	2023-04-18

References (1)

↗ https://inquest.net/blog/2023/03/23/credential-caution-exploring-new-public-cloud-file-borne-phishing-attack