WorkersDevBackdoor and MadMxShell converge in malvertising campaigns
July 15, 2024, 3:26 p.m.
Tags
External References
Description
This report analyzes two recent malware distribution campaigns that leverage malvertising techniques. The campaigns deliver the WorkersDevBackdoor and MadMxShell backdoors, which have data exfiltration capabilities and can facilitate ransomware deployment. The malware's delivery infrastructure, including command and control servers, exhibits overlapping connections, suggesting potential collaboration or shared resources between the threat actors behind these campaigns. The report provides insights into the tactics, techniques, and procedures employed in these campaigns, highlighting their targeting of IT personnel through tailored payloads and victim filtering mechanisms.
Date
Published: July 15, 2024, 2:52 p.m.
Created: July 15, 2024, 2:52 p.m.
Modified: July 15, 2024, 3:26 p.m.
Indicators
93962847285d6f81273132e72d66b03a2e6e1a0ff46893e58ad3747762548922
a8b0e013bd0d350035f12fd6703f7760a87cb218803e68c0eb482753961f2a41
70bc544b5467da13db64b55c0102d821e66454985fea7e77674af53e2364c8ae
55d1a76e4ed7d6ed0018c8129d631a637b591e18e52128dbe891a4382564793b
4a36a35aac6e37959e2337bb74ab9830c5f6c6965da6bb5112d4195350e8baf9
40acc736c093ddce187552a653c2fd10ff5df0b45b93ad257901e7593bcee215
2481ac76f08d691166a425a01cdf1ec8ab5e2fbdf451c1bfc3edcba3e4c482e5
24bff1753a60215bab00386ea11e774f0a04e2e45e70dabb122b5a697b67d174
2264d2a23f365af0830b577360a724798a6132b1a2f4cd08a7ccfaa311ee920a
timedoctors.space
timedoctors.site
timedoctors.online
timedoctor.space
timedoct0r.com
odvanced-ip-scanner.com
kwzain.space
getstorege.com
clockiify.com
clockify.space
clockify.site
clockifry.com
clockifpy.com
anscan.org
angryipscat.tech
angryipscat.org
angryipscat.online
angryipscat.net
angryipscar.com
angryipscat.com
angryipscap.com
angryipscann.com
angryipsca.org
angryipsca.com
angryips.org
angry1pscat.com
angryipo.org
angry1pscane.com
angry1pscaner.com
angry1pscan3r.com
angry1pscan.com
advanc3d-lp-scanner.com
advanc3d-lp-scaner.com
advanc3d-ip-scanner.com
advanc3d-1p-scanner.com
advanc3d-1p-scans.com
advanc3d-1p-scanne.com
advanc3d-1p-scann.com
advanc3d-1p-scaner.com
advanc3d-1p-scan3r.com
advanc3d-1p-scan.com
litterbolo.com
Attack Patterns
MadMxShell
WorkersDevBackdoor
T1207
T1556
T1490
T1136
T1572
T1189
T1497
T1087
T1105
T1071
T1055
T1219
T1566
T1059