Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors [Friday, December 15, 2023]

Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors [Friday, December 15, 2023]
Report

Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors

Description :
Mandiant disclosed a new investigation on a recently discovered infrastructure operated by the distribution threat cluster UNC2975. that leveraged malicious advertisements to trick users into visiting fake “unclaimed funds'' themed websites. In this UNC2975 campaign, the malicious websites delivered PAPERDROP and PAPERTEAR downloader malware that eventually led to DANABOT and DARKGATE backdoor malware.

Published Created Modified
2023-12-15 12:42:20 2023-12-15 12:42:20 2023-12-15 13:20:15

Tags

Indicators

IPv4s :
  • 35.203.111.228
  • 34.16.181.0
  • 8.209.99.230
  • 47.253.141.12
  • 35.247.194.72
URLs :
  • www.treasurydept.org
  • www.claimprocessing.org
  • www.assetfinder.org
  • www.myunclaimedcash.org
Domains :
  • plano.soulcarelife.org
  • gfind.org
  • whatup.cloud
  • lugbara.top
  • arlington.barracudas.sbs
  • claimunclaimed.org
  • infocatalog.pics
  • adodb.stream
  • lewru.top
  • capitalfinders.org
  • pittsburgh.soulcarelife.org
  • treasurydept.org
  • mesa.halibut.sbs
  • wscript.shell
  • thebesttime.buzz
  • dreamteamup.shop
  • pe.is
  • freelookup.org
  • durham.soulcarelife.org
  • bikeontop.shop
  • positivereview.cloud
Hashes :
  • 446c6c43616c6c28227573657233322e646c6c222c20226c726573756c74222c
  • cf013183c0024b75d28b420403c28bd08bc28bc82b4dd48b5ddc3b8ba4000000
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.