Malvertiser copies PC news site to deliver infostealer [Thursday, November 9, 2023]

Malvertiser copies PC news site to deliver infostealer [Thursday, November 9, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Malvertiser copies PC news site to deliver infostealer

Description :
Researchers have identified a new malvertising campaign that uses a template that looks almost identical to a legitimate Windows news portal and delivers a malicious software installer to victims.

Published :
2023-11-09T14:00:14.730Z

Created :
2023-11-09T14:00:14.730Z

Modified :
2023-11-09T14:30:13.052Z

Tags

  • redline stealer
  • citrix
  • notepad
  • anydesk
  • webex
  • keepass home
  • vnc viewer
  • cpuz

Indicators

IPv4s :
  • 81.177.136.179
  • 74.119.192.188
  • 94.131.111.240
URLs :
  • http://ivcgroup.in/temp/Citrix-x64.msix
  • http://robo-claim.site/order/team.tar.gpg
  • http://argenferia.com/RealVNC-x64.msix
  • http://kaotickontracting.info/account/hdr.jpg
  • http://thecoopmodel.com/CPU-Z-x86.msix
Domains :
  • argenferia.com
  • corporatecomf.online
  • 11234jkhfkujhs.top
  • workspace-app.online
  • realvnc.pro
  • cilrix-corp.pro
  • wireshark-app.online
  • cilrix-corporate.online
  • 11234jkhfkujhs.site
  • thecoopmodel.com
  • winscp-apps.online
  • ivcgroup.in
  • robo-claim.site
  • kaotickontracting.info
Hashes :
  • 55d3ed51c3d8f56ab305a40936b446f761021abfc55e5cc8234c98a2c93e99e1
  • cf9589665615375d1ad22d3b84e97bb686616157f2092e2047adb1a7b378cc95
  • 419e06194c01ca930ed5d7484222e6827fd24520e72bfe6892cfde95573ffa16
  • 9acbf1a5cd040c6dcecbe4e8e65044b380b7432f46c5fbf2ecdc97549487ca88
Attacks Pattern :
  • T1219
  • T1059
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.