CYBERCOM_Malware_Alert - MuddyWater has been seen using a variety of techniques to maintain access to victim networks.
CYBERCOM_Malware_Alert - MuddyWater has been seen using a variety of techniques to maintain access to victim networks.
AI Analysis
Technical Summary
The threat actor group known as MuddyWater (also tracked as G0069) is an Iranian state-affiliated intrusion set recognized for conducting cyber espionage campaigns primarily targeting government, military, telecommunications, and critical infrastructure sectors. This alert highlights MuddyWater's continued use of diverse techniques to maintain persistent access within victim networks. Although specific technical details are limited in this report, MuddyWater is known to employ a combination of spear-phishing, exploitation of known vulnerabilities, custom malware, and living-off-the-land tactics to establish and sustain footholds. Their persistence mechanisms often include deploying backdoors, credential dumping, and lateral movement tools to evade detection and maintain long-term access. The alert does not specify particular malware variants or vulnerabilities exploited, nor does it indicate the presence of zero-day exploits or publicly available patches. The medium severity rating reflects the moderate certainty (50%) of ongoing activity and the potential for significant espionage impact. MuddyWater's campaigns are characterized by stealth and adaptability, making detection and eradication challenging. The lack of known exploits in the wild and absence of patch availability suggest that mitigation relies heavily on detection and response capabilities rather than straightforward patching.
Potential Impact
For European organizations, the presence of MuddyWater's persistent access techniques poses a significant risk to confidentiality and integrity of sensitive information, particularly for entities involved in government, defense, telecommunications, and critical infrastructure sectors. Successful intrusions could lead to espionage, intellectual property theft, disruption of services, and potential manipulation of critical systems. The stealthy nature of MuddyWater's operations increases the likelihood of prolonged undetected access, amplifying the potential damage. Additionally, compromised credentials and lateral movement within networks could facilitate broader compromise of interconnected systems. The medium severity rating indicates that while the threat is credible and capable, the current level of exploitation or impact is moderate, but could escalate if not addressed. European organizations with strategic or geopolitical relevance to Iranian interests may be specifically targeted, increasing their risk exposure.
Mitigation Recommendations
Mitigation should focus on enhancing detection and response capabilities tailored to MuddyWater's known tactics. Organizations should implement advanced endpoint detection and response (EDR) solutions capable of identifying living-off-the-land techniques and anomalous lateral movement. Network segmentation and strict access controls can limit the spread of intrusions. Regular credential hygiene, including multifactor authentication and monitoring for unusual authentication patterns, is critical to prevent credential theft exploitation. Since no patches are available, organizations should prioritize threat hunting for indicators of compromise associated with MuddyWater, leveraging threat intelligence feeds and behavioral analytics. Employee training to recognize spear-phishing attempts and suspicious activity is essential. Incident response plans should be updated to include scenarios involving persistent access and stealthy adversaries. Collaboration with national cybersecurity agencies and sharing of intelligence can improve situational awareness and collective defense.
Affected Countries
Germany, France, United Kingdom, Italy, Poland, Netherlands, Belgium, Sweden
Indicators of Compromise
- hash: 3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8
- hash: 42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986
- hash: b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c
- hash: 255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a
- hash: e7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca
- hash: 5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f
- hash: 9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7
- hash: b6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a
- hash: 9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2
- hash: 7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4
- hash: e7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13
- hash: b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504
- hash: dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92
- hash: 9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051
- hash: 12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa
- hash: ce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9
- hash: 2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82
- hash: a0421312705e847a1c8073001fd8499c
- hash: 3204447f54adeffb339ed3e00649ae428544eca3
- hash: 9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7
- datetime: 2022-01-13T12:41:30+00:00
- link: https://www.virustotal.com/gui/file/9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7/detection/f-9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7-1642077690
- text: 8/57
- hash: 4a022ea1fd2bf5e8c0d8b2343a230070
- hash: 89df0feca9a447465d41ac87cb45a6f3c02c574d
- hash: e7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13
- datetime: 2022-01-13T04:17:48+00:00
- link: https://www.virustotal.com/gui/file/e7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13/detection/f-e7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13-1642047468
- text: 12/56
- hash: 52299ffc8373f58b62543ec754732e55
- hash: ca97ac295b2cd57501517c0efd67b6f8a7d1fbdf
- hash: ce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9
- datetime: 2022-01-13T09:17:23+00:00
- link: https://www.virustotal.com/gui/file/ce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9/detection/f-ce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9-1642065443
- text: 0/57
- hash: 37fa9e6b9be7242984a39a024cade2d5
- hash: 0211569091b96cffab6918e18ccc97f4b24d88d4
- hash: 42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986
- datetime: 2022-01-13T13:07:07+00:00
- link: https://www.virustotal.com/gui/file/42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986/detection/f-42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986-1642079227
- text: 15/56
- hash: c0c2cd5cc018e575816c08b36969c4a6
- hash: 47a4e0d466bb20cec5d354e56a9aa3f07cec816a
- hash: b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c
- datetime: 2022-01-13T09:15:56+00:00
- link: https://www.virustotal.com/gui/file/b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c/detection/f-b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c-1642065356
- text: 7/56
- hash: b6b0edf0b31bc95a042e13f3768a65c3
- hash: 5168a8880abe8eb2d28f10787820185fe318859e
- hash: b6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a
- datetime: 2022-01-13T07:08:21+00:00
- link: https://www.virustotal.com/gui/file/b6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a/detection/f-b6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a-1642057701
- text: 0/56
- hash: 0431445d6d6e5802c207c8bc6a6402ea
- hash: 3765c1ad8a1d936aad88255aef5d6d4ce24f94e8
- hash: 3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8
- datetime: 2022-01-13T13:04:20+00:00
- link: https://www.virustotal.com/gui/file/3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8/detection/f-3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8-1642079060
- text: 26/63
- hash: a65696d6b65f7159c9ffcd4119f60195
- hash: 570f7272412ff8257ed6868d90727a459e3b179e
- hash: b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504
- datetime: 2022-01-13T08:14:02+00:00
- link: https://www.virustotal.com/gui/file/b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504/detection/f-b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504-1642061642
- text: 12/57
- hash: 51bc53a388fce06487743eadc64c4356
- hash: b9e6fc51fa3940fb632a68907b8513634d76e5a0
- hash: 9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2
- datetime: 2022-01-13T12:41:47+00:00
- link: https://www.virustotal.com/gui/file/9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2/detection/f-9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2-1642077707
- text: 1/57
- hash: 0ac499496fb48de0727bbef858dadbee
- hash: 483cd5c9dd887367793261730d59178c19fe13f3
- hash: 255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a
- datetime: 2022-01-13T04:15:36+00:00
- link: https://www.virustotal.com/gui/file/255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a/detection/f-255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a-1642047336
- text: 0/56
- hash: 860f5c2345e8f5c268c9746337ade8b7
- hash: 6c55d3acdc2d8d331f0d13024f736bc28ef5a7e1
- hash: 9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051
- datetime: 2022-01-13T06:21:14+00:00
- link: https://www.virustotal.com/gui/file/9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051/detection/f-9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051-1642054874
- text: 20/66
- hash: d68f5417f1d4fc022067bf0313a3867d
- hash: 2f6dd6d11e28bf8b4d7ceec8753d15c7568fb22e
- hash: e7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca
- datetime: 2022-01-13T12:26:10+00:00
- link: https://www.virustotal.com/gui/file/e7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca/detection/f-e7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca-1642076770
- text: 0/56
- hash: 6c084c8f5a61c6bec5eb5573a2d51ffb
- hash: 61608ed1de56d0e4fe6af07ecba0bd0a69d825b8
- hash: 7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4
- datetime: 2022-01-13T07:05:59+00:00
- link: https://www.virustotal.com/gui/file/7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4/detection/f-7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4-1642057559
- text: 42/68
- hash: 218d4151b39e4ece13d3bf5ff4d1121b
- hash: 28e799d9769bb7e936d1768d498a0d2c7a0d53fb
- hash: 2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82
- datetime: 2022-01-13T08:47:01+00:00
- link: https://www.virustotal.com/gui/file/2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82/detection/f-2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82-1642063621
- text: 11/54
- hash: a27655d14b0aabec8db70ae08a623317
- hash: 8344f2c1096687ed83c2bbad0e6e549a71b0c0b1
- hash: 12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa
- datetime: 2022-01-13T13:53:27+00:00
- link: https://www.virustotal.com/gui/file/12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa/detection/f-12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa-1642082007
- text: 24/68
- hash: cec48bcdedebc962ce45b63e201c0624
- hash: 81f46998c92427032378e5dead48bdfc9128b225
- hash: dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92
- datetime: 2022-01-13T03:08:18+00:00
- link: https://www.virustotal.com/gui/file/dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92/detection/f-dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92-1642043298
- text: 35/66
- hash: a16f4f0c00ca43d5b20f7bc30a3f3559
- hash: 94e26fb2738e49bb70b445315c0d63a5d364c71b
- hash: 5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f
- datetime: 2022-01-13T02:57:46+00:00
- link: https://www.virustotal.com/gui/file/5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f/detection/f-5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f-1642042666
- text: 3/56
CYBERCOM_Malware_Alert - MuddyWater has been seen using a variety of techniques to maintain access to victim networks.
Description
CYBERCOM_Malware_Alert - MuddyWater has been seen using a variety of techniques to maintain access to victim networks.
AI-Powered Analysis
Technical Analysis
The threat actor group known as MuddyWater (also tracked as G0069) is an Iranian state-affiliated intrusion set recognized for conducting cyber espionage campaigns primarily targeting government, military, telecommunications, and critical infrastructure sectors. This alert highlights MuddyWater's continued use of diverse techniques to maintain persistent access within victim networks. Although specific technical details are limited in this report, MuddyWater is known to employ a combination of spear-phishing, exploitation of known vulnerabilities, custom malware, and living-off-the-land tactics to establish and sustain footholds. Their persistence mechanisms often include deploying backdoors, credential dumping, and lateral movement tools to evade detection and maintain long-term access. The alert does not specify particular malware variants or vulnerabilities exploited, nor does it indicate the presence of zero-day exploits or publicly available patches. The medium severity rating reflects the moderate certainty (50%) of ongoing activity and the potential for significant espionage impact. MuddyWater's campaigns are characterized by stealth and adaptability, making detection and eradication challenging. The lack of known exploits in the wild and absence of patch availability suggest that mitigation relies heavily on detection and response capabilities rather than straightforward patching.
Potential Impact
For European organizations, the presence of MuddyWater's persistent access techniques poses a significant risk to confidentiality and integrity of sensitive information, particularly for entities involved in government, defense, telecommunications, and critical infrastructure sectors. Successful intrusions could lead to espionage, intellectual property theft, disruption of services, and potential manipulation of critical systems. The stealthy nature of MuddyWater's operations increases the likelihood of prolonged undetected access, amplifying the potential damage. Additionally, compromised credentials and lateral movement within networks could facilitate broader compromise of interconnected systems. The medium severity rating indicates that while the threat is credible and capable, the current level of exploitation or impact is moderate, but could escalate if not addressed. European organizations with strategic or geopolitical relevance to Iranian interests may be specifically targeted, increasing their risk exposure.
Mitigation Recommendations
Mitigation should focus on enhancing detection and response capabilities tailored to MuddyWater's known tactics. Organizations should implement advanced endpoint detection and response (EDR) solutions capable of identifying living-off-the-land techniques and anomalous lateral movement. Network segmentation and strict access controls can limit the spread of intrusions. Regular credential hygiene, including multifactor authentication and monitoring for unusual authentication patterns, is critical to prevent credential theft exploitation. Since no patches are available, organizations should prioritize threat hunting for indicators of compromise associated with MuddyWater, leveraging threat intelligence feeds and behavioral analytics. Employee training to recognize spear-phishing attempts and suspicious activity is essential. Incident response plans should be updated to include scenarios involving persistent access and stealthy adversaries. Collaboration with national cybersecurity agencies and sharing of intelligence can improve situational awareness and collective defense.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 0
- Uuid
- ed46f822-41e6-4dca-a1c5-ad768306bfe9
- Original Timestamp
- 1642082225
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8 | ā | |
hash42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986 | ā | |
hashb1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c | ā | |
hash255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a | ā | |
hashe7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca | ā | |
hash5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f | ā | |
hash9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7 | ā | |
hashb6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a | ā | |
hash9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2 | ā | |
hash7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4 | ā | |
hashe7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13 | ā | |
hashb5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504 | ā | |
hashdd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92 | ā | |
hash9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051 | ā | |
hash12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa | ā | |
hashce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9 | ā | |
hash2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82 | ā | |
hasha0421312705e847a1c8073001fd8499c | ā | |
hash3204447f54adeffb339ed3e00649ae428544eca3 | ā | |
hash9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7 | ā | |
hash4a022ea1fd2bf5e8c0d8b2343a230070 | ā | |
hash89df0feca9a447465d41ac87cb45a6f3c02c574d | ā | |
hashe7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13 | ā | |
hash52299ffc8373f58b62543ec754732e55 | ā | |
hashca97ac295b2cd57501517c0efd67b6f8a7d1fbdf | ā | |
hashce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9 | ā | |
hash37fa9e6b9be7242984a39a024cade2d5 | ā | |
hash0211569091b96cffab6918e18ccc97f4b24d88d4 | ā | |
hash42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986 | ā | |
hashc0c2cd5cc018e575816c08b36969c4a6 | ā | |
hash47a4e0d466bb20cec5d354e56a9aa3f07cec816a | ā | |
hashb1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c | ā | |
hashb6b0edf0b31bc95a042e13f3768a65c3 | ā | |
hash5168a8880abe8eb2d28f10787820185fe318859e | ā | |
hashb6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a | ā | |
hash0431445d6d6e5802c207c8bc6a6402ea | ā | |
hash3765c1ad8a1d936aad88255aef5d6d4ce24f94e8 | ā | |
hash3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8 | ā | |
hasha65696d6b65f7159c9ffcd4119f60195 | ā | |
hash570f7272412ff8257ed6868d90727a459e3b179e | ā | |
hashb5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504 | ā | |
hash51bc53a388fce06487743eadc64c4356 | ā | |
hashb9e6fc51fa3940fb632a68907b8513634d76e5a0 | ā | |
hash9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2 | ā | |
hash0ac499496fb48de0727bbef858dadbee | ā | |
hash483cd5c9dd887367793261730d59178c19fe13f3 | ā | |
hash255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a | ā | |
hash860f5c2345e8f5c268c9746337ade8b7 | ā | |
hash6c55d3acdc2d8d331f0d13024f736bc28ef5a7e1 | ā | |
hash9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051 | ā | |
hashd68f5417f1d4fc022067bf0313a3867d | ā | |
hash2f6dd6d11e28bf8b4d7ceec8753d15c7568fb22e | ā | |
hashe7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca | ā | |
hash6c084c8f5a61c6bec5eb5573a2d51ffb | ā | |
hash61608ed1de56d0e4fe6af07ecba0bd0a69d825b8 | ā | |
hash7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4 | ā | |
hash218d4151b39e4ece13d3bf5ff4d1121b | ā | |
hash28e799d9769bb7e936d1768d498a0d2c7a0d53fb | ā | |
hash2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82 | ā | |
hasha27655d14b0aabec8db70ae08a623317 | ā | |
hash8344f2c1096687ed83c2bbad0e6e549a71b0c0b1 | ā | |
hash12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa | ā | |
hashcec48bcdedebc962ce45b63e201c0624 | ā | |
hash81f46998c92427032378e5dead48bdfc9128b225 | ā | |
hashdd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92 | ā | |
hasha16f4f0c00ca43d5b20f7bc30a3f3559 | ā | |
hash94e26fb2738e49bb70b445315c0d63a5d364c71b | ā | |
hash5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f | ā |
Datetime
| Value | Description | Copy |
|---|---|---|
datetime2022-01-13T12:41:30+00:00 | ā | |
datetime2022-01-13T04:17:48+00:00 | ā | |
datetime2022-01-13T09:17:23+00:00 | ā | |
datetime2022-01-13T13:07:07+00:00 | ā | |
datetime2022-01-13T09:15:56+00:00 | ā | |
datetime2022-01-13T07:08:21+00:00 | ā | |
datetime2022-01-13T13:04:20+00:00 | ā | |
datetime2022-01-13T08:14:02+00:00 | ā | |
datetime2022-01-13T12:41:47+00:00 | ā | |
datetime2022-01-13T04:15:36+00:00 | ā | |
datetime2022-01-13T06:21:14+00:00 | ā | |
datetime2022-01-13T12:26:10+00:00 | ā | |
datetime2022-01-13T07:05:59+00:00 | ā | |
datetime2022-01-13T08:47:01+00:00 | ā | |
datetime2022-01-13T13:53:27+00:00 | ā | |
datetime2022-01-13T03:08:18+00:00 | ā | |
datetime2022-01-13T02:57:46+00:00 | ā |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://www.virustotal.com/gui/file/9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7/detection/f-9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7-1642077690 | ā | |
linkhttps://www.virustotal.com/gui/file/e7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13/detection/f-e7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13-1642047468 | ā | |
linkhttps://www.virustotal.com/gui/file/ce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9/detection/f-ce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9-1642065443 | ā | |
linkhttps://www.virustotal.com/gui/file/42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986/detection/f-42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986-1642079227 | ā | |
linkhttps://www.virustotal.com/gui/file/b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c/detection/f-b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c-1642065356 | ā | |
linkhttps://www.virustotal.com/gui/file/b6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a/detection/f-b6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a-1642057701 | ā | |
linkhttps://www.virustotal.com/gui/file/3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8/detection/f-3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8-1642079060 | ā | |
linkhttps://www.virustotal.com/gui/file/b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504/detection/f-b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504-1642061642 | ā | |
linkhttps://www.virustotal.com/gui/file/9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2/detection/f-9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2-1642077707 | ā | |
linkhttps://www.virustotal.com/gui/file/255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a/detection/f-255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a-1642047336 | ā | |
linkhttps://www.virustotal.com/gui/file/9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051/detection/f-9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051-1642054874 | ā | |
linkhttps://www.virustotal.com/gui/file/e7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca/detection/f-e7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca-1642076770 | ā | |
linkhttps://www.virustotal.com/gui/file/7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4/detection/f-7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4-1642057559 | ā | |
linkhttps://www.virustotal.com/gui/file/2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82/detection/f-2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82-1642063621 | ā | |
linkhttps://www.virustotal.com/gui/file/12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa/detection/f-12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa-1642082007 | ā | |
linkhttps://www.virustotal.com/gui/file/dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92/detection/f-dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92-1642043298 | ā | |
linkhttps://www.virustotal.com/gui/file/5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f/detection/f-5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f-1642042666 | ā |
Text
| Value | Description | Copy |
|---|---|---|
text8/57 | ā | |
text12/56 | ā | |
text0/57 | ā | |
text15/56 | ā | |
text7/56 | ā | |
text0/56 | ā | |
text26/63 | ā | |
text12/57 | ā | |
text1/57 | ā | |
text0/56 | ā | |
text20/66 | ā | |
text0/56 | ā | |
text42/68 | ā | |
text11/54 | ā | |
text24/68 | ā | |
text35/66 | ā | |
text3/56 | ā |
Threat ID: 682acdbebbaf20d303f0eed6
Added to database: 5/19/2025, 6:20:46 AM
Last enriched: 7/2/2025, 7:10:20 AM
Last updated: 7/30/2025, 6:23:18 PM
Views: 11
Related Threats
The Hidden Infrastructure Behind VexTrio's TDS
MediumThreatFox IOCs for 2025-08-14
MediumMalicious JavaScript Injects Fullscreen Iframe On a WordPress Website
MediumThreatFox IOCs for 2025-08-13
MediumCoordinated Brute Force Campaign Targets Fortinet SSL VPN
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.