← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
WHITE UNC2975 burtcha15 2023-12-15 Modified: 2024-01-14
33
IOCs
MEDIUM VOLUME
unc2975danabotpaperteardarkgatepaperdropmalvertising
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
paperdrop DanaBot papertear DarkGate
Indicators of Compromise (33)
All domain hostname FileHash-MD5 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain positivereview.cloud 2023-12-15
domain claimunclaimed.org 2023-12-15
domain capitalfinders.org 2023-12-15
hostname www.treasurydept.org 2023-12-15
hostname plano.soulcarelife.org 2023-12-15
domain whatup.cloud 2023-12-15
domain lewru.top 2023-12-15
hostname www.myunclaimedcash.org 2023-12-15
hostname www.claimprocessing.org 2023-12-15
hostname arlington.barracudas.sbs 2023-12-15
domain dreamteamup.shop 2023-12-15
domain treasurydept.org 2023-12-15
hostname durham.soulcarelife.org 2023-12-15
domain freelookup.org 2023-12-15
domain infocatalog.pics 2023-12-15
hostname mesa.halibut.sbs 2023-12-15
domain bikeontop.shop 2023-12-15
hostname pittsburgh.soulcarelife.org 2023-12-15
domain lugbara.top 2023-12-15
domain gfind.org 2023-12-15
domain wscript.shell 2023-12-15
domain thebesttime.buzz 2023-12-15
domain pe.is 2023-12-15
hostname www.assetfinder.org 2023-12-15
domain adodb.stream 2023-12-15
FileHash-MD5 650b0b12b21e9664d5c771d78738cf9f 2023-12-15
FileHash-MD5 862a42a91b5734062d47c37fdd80c633 2023-12-15
FileHash-MD5 9120c82b0920b9db39894107b5494ccd 2023-12-15
FileHash-MD5 7544f5bb88ad481f720a9d9f94d95b30 2023-12-15
FileHash-MD5 2c16eafd0023ea5cb8e9537da442047e 2023-12-15
FileHash-MD5 9f9c5a1269667171e1ac328f7f7f6cb3 2023-12-15
FileHash-SHA256 446c6c43616c6c28227573657233322e646c6c222c20226c726573756c74222c 2023-12-15
FileHash-SHA256 cf013183c0024b75d28b420403c28bd08bc28bc82b4dd48b5ddc3b8ba4000000 2023-12-15
References (1)
↗ https://www.mandiant.com/resources/blog/detecting-disrupting-malvertising-backdoors