WorkersDevBackdoor and MadMxShell converge in malvertising campaigns

July 15, 2024, 3:26 p.m.

Description

This report analyzes two recent malware distribution campaigns that leverage malvertising techniques. The campaigns deliver the WorkersDevBackdoor and MadMxShell backdoors, which have data exfiltration capabilities and can facilitate ransomware deployment. The malware's delivery infrastructure, including command and control servers, exhibits overlapping connections, suggesting potential collaboration or shared resources between the threat actors behind these campaigns. The report provides insights into the tactics, techniques, and procedures employed in these campaigns, highlighting their targeting of IT personnel through tailored payloads and victim filtering mechanisms.

External References

https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/
https://otx.alienvault.com/pulse/669537b49be3db5bd89a6596
Tags
malvertising
madmxshell
2024-07-15
workersdevbackdoor

Date

  • Created: July 15, 2024, 2:52 p.m.
  • Published: July 15, 2024, 2:52 p.m.
  • Modified: July 15, 2024, 3:26 p.m.

Indicators

  • 93962847285d6f81273132e72d66b03a2e6e1a0ff46893e58ad3747762548922
  • a8b0e013bd0d350035f12fd6703f7760a87cb218803e68c0eb482753961f2a41
  • 70bc544b5467da13db64b55c0102d821e66454985fea7e77674af53e2364c8ae
  • 55d1a76e4ed7d6ed0018c8129d631a637b591e18e52128dbe891a4382564793b
  • 4a36a35aac6e37959e2337bb74ab9830c5f6c6965da6bb5112d4195350e8baf9
  • 40acc736c093ddce187552a653c2fd10ff5df0b45b93ad257901e7593bcee215
  • 2481ac76f08d691166a425a01cdf1ec8ab5e2fbdf451c1bfc3edcba3e4c482e5
  • 24bff1753a60215bab00386ea11e774f0a04e2e45e70dabb122b5a697b67d174
  • 2264d2a23f365af0830b577360a724798a6132b1a2f4cd08a7ccfaa311ee920a
  • timedoctors.space
  • timedoctors.site
  • timedoctors.online
  • timedoctor.space
  • timedoct0r.com
  • odvanced-ip-scanner.com
  • kwzain.space
  • getstorege.com
  • clockiify.com
  • clockify.space
  • clockify.site
  • clockifry.com
  • clockifpy.com
  • anscan.org
  • angryipscat.tech
  • angryipscat.org
  • angryipscat.online
  • angryipscat.net
  • angryipscar.com
  • angryipscat.com
  • angryipscap.com
  • angryipscann.com
  • angryipsca.org
  • angryipsca.com
  • angryips.org
  • angry1pscat.com
  • angryipo.org
  • angry1pscane.com
  • angry1pscaner.com
  • angry1pscan3r.com
  • angry1pscan.com
  • advanc3d-lp-scanner.com
  • advanc3d-lp-scaner.com
  • advanc3d-ip-scanner.com
  • advanc3d-1p-scanner.com
  • advanc3d-1p-scans.com
  • advanc3d-1p-scanne.com
  • advanc3d-1p-scann.com
  • advanc3d-1p-scaner.com
  • advanc3d-1p-scan3r.com
  • advanc3d-1p-scan.com
  • litterbolo.com
Download all indicators here!

Attack Patterns

  • MadMxShell
  • WorkersDevBackdoor