← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
WorkersDevBackdoor and MadMxShell converge in malvertising campaigns
WHITE AlienVault 2024-07-15 Modified: 2024-07-15
59
IOCs
HIGH VOLUME
This report analyzes two recent malware distribution campaigns that leverage malvertising techniques. The campaigns deliver the WorkersDevBackdoor and MadMxShell backdoors, which have data exfiltration capabilities and can facilitate ransomware deployment. The malware's delivery infrastructure, including command and control servers, exhibits overlapping connections, suggesting potential collaboration or shared resources between the threat actors behind these campaigns. The report provides insights into the tactics, techniques, and procedures employed in these campaigns, highlighting their targeting of IT personnel through tailored payloads and victim filtering mechanisms.
workersdevbackdoormadmxshellmalvertising
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
WorkersDevBackdoor MadMxShell
Indicators of Compromise (59)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 29ef8384624ed5b564c6e7eadddbfef0 2024-07-15
FileHash-MD5 b84d4a8d8b276e2b1436ef4440a0c460 2024-07-15
FileHash-MD5 b8c72584ffa28b162e3f34c2c35a427e 2024-07-15
FileHash-MD5 e330bdb7a05f1778aaa5e78d29a94f2b 2024-07-15
FileHash-SHA1 2658897d768a71f98f77d000ee76f006d2347475 2024-07-15
FileHash-SHA1 b5120200fb3c684868060aa2166bf6fa8e6875c5 2024-07-15
FileHash-SHA1 dd5467c70266e6959186e7b2228e15ce3d844962 2024-07-15
FileHash-SHA1 eca4db3d716516171d7cd3900f9fe1b3fca9e4a6 2024-07-15
FileHash-SHA256 2264d2a23f365af0830b577360a724798a6132b1a2f4cd08a7ccfaa311ee920a 2024-07-15
FileHash-SHA256 2481ac76f08d691166a425a01cdf1ec8ab5e2fbdf451c1bfc3edcba3e4c482e5 2024-07-15
FileHash-SHA256 24bff1753a60215bab00386ea11e774f0a04e2e45e70dabb122b5a697b67d174 2024-07-15
FileHash-SHA256 40acc736c093ddce187552a653c2fd10ff5df0b45b93ad257901e7593bcee215 2024-07-15
FileHash-SHA256 4a36a35aac6e37959e2337bb74ab9830c5f6c6965da6bb5112d4195350e8baf9 2024-07-15
FileHash-SHA256 55d1a76e4ed7d6ed0018c8129d631a637b591e18e52128dbe891a4382564793b 2024-07-15
FileHash-SHA256 70bc544b5467da13db64b55c0102d821e66454985fea7e77674af53e2364c8ae 2024-07-15
FileHash-SHA256 93962847285d6f81273132e72d66b03a2e6e1a0ff46893e58ad3747762548922 2024-07-15
FileHash-SHA256 a8b0e013bd0d350035f12fd6703f7760a87cb218803e68c0eb482753961f2a41 2024-07-15
domain advanc3d-1p-scan.com 2024-07-15
domain advanc3d-1p-scan3r.com 2024-07-15
domain advanc3d-1p-scaner.com 2024-07-15
domain advanc3d-1p-scann.com 2024-07-15
domain advanc3d-1p-scanne.com 2024-07-15
domain advanc3d-1p-scanner.com 2024-07-15
domain advanc3d-1p-scans.com 2024-07-15
domain advanc3d-ip-scanner.com 2024-07-15
domain advanc3d-lp-scaner.com 2024-07-15
domain advanc3d-lp-scanner.com 2024-07-15
domain angry1pscan.com 2024-07-15
domain angry1pscan3r.com 2024-07-15
domain angry1pscane.com 2024-07-15
domain angry1pscaner.com 2024-07-15
domain angry1pscat.com 2024-07-15
domain angryipo.org 2024-07-15
domain angryips.org 2024-07-15
domain angryipsca.com 2024-07-15
domain angryipsca.org 2024-07-15
domain angryipscann.com 2024-07-15
domain angryipscap.com 2024-07-15
domain angryipscar.com 2024-07-15
domain angryipscat.com 2024-07-15
domain angryipscat.net 2024-07-15
domain angryipscat.online 2024-07-15
domain angryipscat.org 2024-07-15
domain angryipscat.tech 2024-07-15
domain anscan.org 2024-07-15
domain clockifpy.com 2024-07-15
domain clockifry.com 2024-07-15
domain clockify.site 2024-07-15
domain clockify.space 2024-07-15
domain clockiify.com 2024-07-15
domain getstorege.com 2024-07-15
domain kwzain.space 2024-07-15
domain litterbolo.com 2024-07-15
domain odvanced-ip-scanner.com 2024-07-15
domain timedoct0r.com 2024-07-15
domain timedoctor.space 2024-07-15
domain timedoctors.online 2024-07-15
domain timedoctors.site 2024-07-15
domain timedoctors.space 2024-07-15
References (1)
↗ https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/