TLP:WHITE137 IOCs
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Malware Families
Diamond Model
Adversary
Infrastructure(6)
Capability(1)
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise137
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| Domain | arma-reforger.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | defendercontrol.download exploitintel-blogloader | High | 58 | Jul 1, 26 |
| MD5 | 54025ce2a9405039899fe99a1d77e0bb exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | defendercontrol.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | cloudsynn.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | a85a5bfdcb7c65ab93043b8cf9e20065 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | apexlegends.org exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| URL | https://fileget.loseyourip.com/obs-studio-windows-full/gVOMs5VZ9BtlcaM aptespionageintel-blog | High | 58 | Jul 1, 26 |
| Domain | cpuz.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | lossless-scaling.download exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 01325880efffec546f59490089a3b415 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| MD5 | 776dfd3df9c04bb9fcdd6c1880c3761a exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | km-player.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | winservec.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | kms-tools.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | tmodloader.pro exploitintel-blogloader | High | 58 | Jul 1, 26 |
| Domain | vlc-player.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | antimicrox.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | processhacker.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | download-full-version.ooguy.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | lossless-scaling.online exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | file-download-crosshairx.giize.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | bd05fcf80e493cf9aa71ec510319469d exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | r.manage-server.xyz exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | tmodloader.download exploitintel-blogloader | High | 58 | Jul 1, 26 |
| Domain | ready-ornot.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | vlc-media.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | edff4f58722c93d7c09ed71899416396 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | ferdium.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 5b7e1fe55bd7b5ea54bd4ed1677e5a26 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | glary-utilities.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 9a9ccd8b0e5d05f4ee77667b024844db exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | bandicam.io exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | km-player.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | mgba.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | bandizip.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | deadreset.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 5f96c04e3afae97017b201be112284d2 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | crystaldiskmark.dev exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | mgba.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | tmodloader.app exploitintel-blogloader | High | 58 | Jul 1, 26 |
| Domain | crystaldiskmark.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 73bead922109a61e5f9f85771a7812c5 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | studio-obs.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | steamtools.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crusader-kings.church exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crystaldiskmark.cc exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crosshairx.site exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | mediaplayerclassic.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crosshair-x.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | libreoffice.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | gom-player.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | bandicam.cc exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | ferdium.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | ds4windows.io exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | lossless-scaling.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | mgba.dev exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | ds4windows.net exploitintel-blogloader | High | 58 | Jul 1, 26 |
| Domain | r.servermanagemen.xyz aptespionageintel-blog | High | 58 | Jul 1, 26 |
| Domain | wallpaper-engine.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | monster-hunterwilds.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | losslessscaling.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | studioobs.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 999a63730c9634481d1d76955a2e76a8 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | vlc-media.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | clair-obscur-33.town exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | fernbus-simulator.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | ovr-toolkit.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | arksurvival-ascended.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | all-toll-free.publicvm.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| IP | 2.59.134.97 aptespionageintel-blog | High | 58 | Jul 1, 26 |
| Domain | managedevice.xyz exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | manageserver.xyz exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 8f4e8b680d3e8d3f5ac39bd72882f713 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | bandicam.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | processhacker.org exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | studioobs.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | ds4windows.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | defendercontrol.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| IP | 162.216.241.242 intel-blogmalwarenetwork | High | 58 | Jul 1, 26 |
| Domain | dns-jumper.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crystaldiskmark.io exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | servermanagemen.xyz aptespionageintel-blog | High | 58 | Jul 1, 26 |
| Domain | cpuz.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 1e6a5c7b620d487d0cfc6874c3b77c90 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | antimicrox.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | tmodloader.org exploitintel-blogloader | High | 58 | Jul 1, 26 |
| Domain | defendercontrol.org exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | corel-draw.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | gom-player.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crosshairx2.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | pingserv.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | bandizip.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | tmod-loader.com exploitintel-blogloader | High | 58 | Jul 1, 26 |
| Domain | processhacker.dev exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | ehostservers.xyz exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | ovr-advanced-settings.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | clair-obscur-33.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | dnsjumper.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 8e4c57358a66eb14d31abb614ddc68de exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | studio-obs.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | obs-studio.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crystaldiskmark.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | defender-control.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | kms-tools.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| URL | https://direct-download.giize.com/dns-jumper/iopbsr4hymbo7nfa1q7j exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | elden-ringnightreign.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 83601c3d4ed28e8d2be1b99beb8ec18c exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | mpc-update.giize.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | mediaplayerclassic.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | all-toll-free.loseyourip.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crusader-kings.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | processhacker.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| URL | https://www.studioobs.com/ exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | steamtools.cc exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | obs-studio.site exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crosshairxv2.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | edgeserv.ru intel-blogmalwarenetwork | High | 58 | Jul 1, 26 |
| IP | 45.145.41.205 exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 87603ea025623b19954e460add532048 aptespionagefile-hash | Medium | 53 | Jul 1, 26 |
| Domain | losslessscaling.app exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | dnsjumper.io exploitintel-blogloader | High | 58 | Jul 1, 26 |
| MD5 | a40d3aeb0dae5b00bdb3a517f3135bbb exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| MD5 | 479bd3bb617b39cd4a46d0768a2592d4 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | pingpanl.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | serverdnsplan.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | free-download.camdvr.org exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | dnsjumper.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 0eee9bad07e22415439e854657fa1366 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | mora1987.work.gd aptc2espionage | High | 64 | Jul 1, 26 |
| MD5 | b32810973132d11afd61ccee222bbb79 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| Domain | studio-obs.com exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| Domain | crosshairx.pro exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| MD5 | 695e794631ef130583368770e7b81e98 exploitfile-hashintel-blog | Medium | 53 | Jul 1, 26 |
| IP | 198.23.185.81 intel-blogmalwarenetwork | High | 58 | Jul 1, 26 |
| Domain | crosshairx.net exploitintel-blogmalware | High | 58 | Jul 1, 26 |
| IP | 185.254.97.249 exploitintel-blogmalware | High | 58 | Jul 1, 26 |
IOC Relationship Graph
IOC Relationship Graph137 total IOCs
DomainMD5URLIP