DarkCracks, an advanced malicious payload & upgrade framework utilizing hacked GLPI and WordPress sites as intermediaries
Sept. 4, 2024, 9:17 a.m.
Description
Date
Published | Created | Modified |
---|---|---|
Sept. 4, 2024, 8:42 a.m. | Sept. 4, 2024, 8:42 a.m. | Sept. 4, 2024, 9:17 a.m. |
Indicators
73cb265deb1bfe6e9240ffa26166367443d679f20ba26239fef734c0903ebed7
6bdcd10a2434861f81f6dc75bd2b40f3aa847adb4b358ab6855d1c760a3090a1
433b437746ec027c8215d1364fa491712a8452d5a1ccb0659368ad67a175e471
2d8c7fee42d3db4a8e55fbff65351e1bb8addba8fcbd0f85ee1ca5033d0df342
1f2fe0de4af45f9a63c6ac2e5e2a1290fa3d759ebbf9a340fe2c6c6d483eed27
1cc6b3099fafce40611d84dff6c465bd03024db5cf8271ff25bd2b9151c53e49
64.227.0.146
216.238.103.62
204.199.192.44
187.190.1.137
158.177.2.191
148.102.51.6
45.169.87.67
216.74.123.97
213.139.233.163
179.191.68.85
https://www.miracles.com.hk/wp-content/plugins/foxiplugin/detail.php
https://www.auntyaliceschool.site/wp-admin/maint/wk8dnj2k
https://www.auntyaliceschool.site/wp-admin/maint/se3hf6jwc
https://www.auntyaliceschool.site/wp-admin/maint/
http://64.227.0.146/vendor/guzzlehttp/guzzle/src/Handler/CurlSingleHandler.php
http://45.169.87.67/vendor/sabre/event/lib/Promise/wk8dnj2k
http://45.169.87.67/vendor/sabre/event/lib/Promise/se3hf6jwc
http://45.169.87.67/vendor/sabre/event/lib/Promise/
http://216.238.103.62:8013/vendor/guzzlehttp/guzzle/src/Exception/DNSException.php
http://204.199.192.44/vendor/paragonie/sodium_compat/src/Core32/Poly25519.php
http://187.190.1.137/vendor/guzzlehttp/guzzle/src/Exception/detail.php
http://179.191.68.85:82/vendor/sebastian/diff/src/Exception/pQ1iM9hd-x64-musl
http://179.191.68.85:82/vendor/sebastian/diff/src/Exception/pQ1iM9hd
http://179.191.68.85:82/vendor/sebastian/diff/src/Exception/mY5bJK7e
http://179.191.68.85:82/vendor/sebastian/diff/src/Exception/j8UgL3v
http://179.191.68.85:82/vendor/sebastian/diff/src/Exception/
http://158.177.2.191/vendor/guzzlehttp/guzzle/src/Handler/CurlSingleHandler.php
http://148.102.51.6/vendor/guzzlehttp/guzzle/src/Handler/CurlSingleHandler.php
Attack Patterns
DarkCracks
QuasarRAT
T1571
T1574
T1559
T1547
T1082
T1105
T1083
T1071
T1102
T1055
T1140
T1027
T1553
T1078
T1059
Additional Informations
Transportation
Education
Government