Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

WorkersDevBackdoor and MadMxShell converge in malvertising campaigns

July 15, 2024, 3:26 p.m.

Description

This report analyzes two recent malware distribution campaigns that leverage malvertising techniques. The campaigns deliver the WorkersDevBackdoor and MadMxShell backdoors, which have data exfiltration capabilities and can facilitate ransomware deployment. The malware's delivery infrastructure, including command and control servers, exhibits overlapping connections, suggesting potential collaboration or shared resources between the threat actors behind these campaigns. The report provides insights into the tactics, techniques, and procedures employed in these campaigns, highlighting their targeting of IT personnel through tailored payloads and victim filtering mechanisms.

Date

Published: July 15, 2024, 2:52 p.m.

Created: July 15, 2024, 2:52 p.m.

Modified: July 15, 2024, 3:26 p.m.

Indicators

93962847285d6f81273132e72d66b03a2e6e1a0ff46893e58ad3747762548922

a8b0e013bd0d350035f12fd6703f7760a87cb218803e68c0eb482753961f2a41

70bc544b5467da13db64b55c0102d821e66454985fea7e77674af53e2364c8ae

55d1a76e4ed7d6ed0018c8129d631a637b591e18e52128dbe891a4382564793b

4a36a35aac6e37959e2337bb74ab9830c5f6c6965da6bb5112d4195350e8baf9

40acc736c093ddce187552a653c2fd10ff5df0b45b93ad257901e7593bcee215

2481ac76f08d691166a425a01cdf1ec8ab5e2fbdf451c1bfc3edcba3e4c482e5

24bff1753a60215bab00386ea11e774f0a04e2e45e70dabb122b5a697b67d174

2264d2a23f365af0830b577360a724798a6132b1a2f4cd08a7ccfaa311ee920a

timedoctors.space

timedoctors.site

timedoctors.online

timedoctor.space

timedoct0r.com

odvanced-ip-scanner.com

kwzain.space

getstorege.com

clockiify.com

clockify.space

clockify.site

clockifry.com

clockifpy.com

anscan.org

angryipscat.tech

angryipscat.org

angryipscat.online

angryipscat.net

angryipscar.com

angryipscat.com

angryipscap.com

angryipscann.com

angryipsca.org

angryipsca.com

angryips.org

angry1pscat.com

angryipo.org

angry1pscane.com

angry1pscaner.com

angry1pscan3r.com

angry1pscan.com

advanc3d-lp-scanner.com

advanc3d-lp-scaner.com

advanc3d-ip-scanner.com

advanc3d-1p-scanner.com

advanc3d-1p-scans.com

advanc3d-1p-scanne.com

advanc3d-1p-scann.com

advanc3d-1p-scaner.com

advanc3d-1p-scan3r.com

advanc3d-1p-scan.com

litterbolo.com

Attack Patterns

MadMxShell

WorkersDevBackdoor

T1207

T1556

T1490

T1136

T1572

T1189

T1497

T1087

T1105

T1071

T1055

T1219

T1566

T1059