Date: 07/26/2024
Severity: Medium
Summary
"A Stealer Campaign Unleashed" details a recent cybersecurity incident where a significant campaign involving stealers—malware designed to capture sensitive information—was initiated. The report likely covers the tactics, techniques, and impact of the campaign, highlighting the ongoing threats posed by such malware to cybersecurity and personal data protection.
Indicators of Compromise (IOC) List
URL/Domain | pbpbj.xyz pcvcf.xyz pcvvf.xyz ptdrf.xyz pbdbj.xyz pdddk.xyz pqdrf.xyz pdddj.xyz pddbj.xyz proffyrobharborye.xyz scratchedcards.com answerrsdo.shop 21centuryart.com |
IP Address | 62.133.61.26 62.133.61.43 5.42.107.78 |
Hash |
bd823f525c128149d70f633e524a06a0c5dc1ca14dd56ca7d2a8404e5a573078
547b6e08b0142b4f8d024bac78eb1ff399198a8d8505ce365b352e181fc4a544
643dde3f461907a94f145b3cd8fe37dbad63aec85a4e5ed759fe843b9214a8d2
8c6d355a987bb09307e0af6ac8c3373c1c4cbfbceeeb1159a96a75f19230ede6
0604e7f0b4f7790053991c33359ad427c9bf74c62bec3e2d16984956d0fb9c19
08c75c6a9582d49ea3fe780509b6f0c9371cfcd0be130bc561fae658b055a671
6c779e427b8d861896eacdeb812f9f388ebd43f587c84a243c7dab9ef65d151c
59d2c2ca389ab1ba1fefa4a06b14ae18a8f5b70644158d5ec4fb7a7eac4c0a08
4043aa37b5ba577dd99f6ca35c644246094f4f579415652895e6750fb9823bd9
abc54ff9f6823359071d755b151233c08bc2ed1996148ac61cfb99c7e8392bfe
bc6933a8fc324b907e6cf3ded3f76adc27a6ad2445b4f5db1723ac3ec86ed10d
de6960d51247844587a21cc0685276f966747e324eb444e6e975b0791556f34f
8568226767ac2748eccc7b9832fac33e8aa6bfdc03eafa6a34fb5d81e5992497
e15b200048fdddaedb24a84e99d6d7b950be020692c02b46902bf5af8fb50949 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
URL/Domain | userdomainname like "pbpbj.xyz" or url like "pbpbj.xyz" or userdomainname like "pcvcf.xyz" or url like "pcvcf.xyz" or userdomainname like "proffyrobharborye.xyz" or url like "proffyrobharborye.xyz" or userdomainname like "scratchedcards.com" or url like "scratchedcards.com" or userdomainname like "answerrsdo.shop" or url like "answerrsdo.shop" or userdomainname like "21centuryart.com" or url like "21centuryart.com" or userdomainname like "pcvvf.xyz" or url like "pcvvf.xyz" or userdomainname like "ptdrf.xyz" or url like "ptdrf.xyz" or userdomainname like "pbdbj.xyz" or url like "pbdbj.xyz" or userdomainname like "pdddk.xyz" or url like "pdddk.xyz" or userdomainname like "pqdrf.xyz" or url like "pqdrf.xyz" or userdomainname like "pdddj.xyz" or url like "pdddj.xyz" or userdomainname like "pddbj.xyz" or url like "pddbj.xyz" |
IP Address | dstipaddress IN ("62.133.61.26","62.133.61.43","5.42.107.78") or ipaddress IN ("62.133.61.26","62.133.61.43","5.42.107.78") or publicipaddress IN ("62.133.61.26","62.133.61.43","5.42.107.78") or srcipaddress IN ("62.133.61.26","62.133.61.43","5.42.107.78") |
Hash |
sha256hash IN ("bd823f525c128149d70f633e524a06a0c5dc1ca14dd56ca7d2a8404e5a573078","547b6e08b0142b4f8d024bac78eb1ff399198a8d8505ce365b352e181fc4a544","643dde3f461907a94f145b3cd8fe37dbad63aec85a4e5ed759fe843b9214a8d2","8c6d355a987bb09307e0af6ac8c3373c1c4cbfbceeeb1159a96a75f19230ede6","0604e7f0b4f7790053991c33359ad427c9bf74c62bec3e2d16984956d0fb9c19","08c75c6a9582d49ea3fe780509b6f0c9371cfcd0be130bc561fae658b055a671","6c779e427b8d861896eacdeb812f9f388ebd43f587c84a243c7dab9ef65d151c","59d2c2ca389ab1ba1fefa4a06b14ae18a8f5b70644158d5ec4fb7a7eac4c0a08","4043aa37b5ba577dd99f6ca35c644246094f4f579415652895e6750fb9823bd9","abc54ff9f6823359071d755b151233c08bc2ed1996148ac61cfb99c7e8392bfe","bc6933a8fc324b907e6cf3ded3f76adc27a6ad2445b4f5db1723ac3ec86ed10d","de6960d51247844587a21cc0685276f966747e324eb444e6e975b0791556f34f","8568226767ac2748eccc7b9832fac33e8aa6bfdc03eafa6a34fb5d81e5992497","e15b200048fdddaedb24a84e99d6d7b950be020692c02b46902bf5af8fb50949") |
Reference:
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed