Attack Trends Related to DangerousPassword

2023-05-12 JPCERT

https://blogs.jpcert.or.jp/en/2023/05/dangerouspassword.html

Thumbnail for Attack Trends Related to DangerousPassword

JPCERT/CC documents continued DangerousPassword, also known as CryptoMimic or SnatchCrypto, activity against cryptocurrency exchanges in Japan. Recent intrusion patterns include LinkedIn job-themed outreach delivering RAR-packed CHM files, OneNote attachments embedding MSI malware, virtual hard disk files containing decoys and DLL loaders, and macOS AppleScript chains. The Windows malware collects infected-host information, downloads additional payloads through MSI, DLL, PowerShell, or curl-based stages, and can alter behavior when antivirus products are detected. The report also lists C2 domains and hashes, showing the campaign has expanded beyond earlier email shortcut-file delivery while retaining financially focused targeting.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 26e376fc80b090b2ee04e7d3104d308… 2023-05-01 2023-06-06
DOMAIN web.j-ic.co 2023-05-01 2023-06-06
DOMAIN autoprotect.com.de 2023-02-16 2023-06-06
HASH 9525f5081a5a7ab7d35cf2fb2d7524e… 2023-05-01 2023-05-22
HASH 7981ebf35b5eff8be2f3849c8f3085b… 2023-05-01 2023-05-22
HASH c56a97efd6d3470e14193ac9e194fa4… 2023-05-01 2023-05-22
HASH 38106b043ede31a66596299f17254d3… 2023-05-01 2023-05-22
HASH a3f087c83453cde2bc845122c05ebeb… 2023-05-01 2023-05-12
HASH 5ad84c75b4a8825a4ee49fcb2ab895f… 2023-05-01 2023-05-12
HASH f14c5bad5219b1ed5166eb02f5ff08a… 2023-05-01 2023-05-12
HASH 5816eb32cbaadfc3477c823293a8c49… 2023-05-01 2023-05-12
HASH 741be5e53a5dc7cebaa63d6ff624c5e… 2023-05-01 2023-05-12
HASH 4fb31b9f5432fd09f1fa51a35e8de98… 2023-05-01 2023-05-12
HASH bdd109cba8346548dd6fe5110180aa2… 2023-05-01 2023-05-12
HASH a064e62cb168affa9dac8a4374b582b… 2023-05-01 2023-05-12
HASH 248867e775fda3c6c03c1daeb0e10d2… 2023-05-01 2023-05-12
HASH 9f7a7717884519763f043c39c1cb2a9… 2023-05-01 2023-05-12
HASH 049bfff97fbb2c5e53eeed6df36d2c9… 2023-05-01 2023-05-12
HASH 3a4aed5b9ad0827696a1bb5f3497a6a… 2023-05-01 2023-05-12
HASH eee5ee98f57ab2b30a3bf04b8fa9d7b… 2023-05-01 2023-05-12
HASH 1bc742f1aebbc12220cd6bf761509fd… 2023-05-01 2023-05-12
HASH a2fd03354c2ec433d2eedc28e85c0fe… 2023-05-01 2023-05-12
HASH 02acbedc105104541e67eec1ef845c7… 2023-05-01 2023-05-12
HASH 9472f5ecac1672186bc1275cc70f024… 2023-05-01 2023-05-12
HASH f0b6d6981e06c7be2e45650e5f6d395… 2023-05-01 2023-05-12
HASH a1a30091cf25740468cd1894d39fce0… 2023-05-01 2023-05-12
HASH ab31b0cb796b3ae001fb4d12d9cac8c… 2023-05-01 2023-05-12
HASH 5f4f006bfb9136c304e0aabf7557536… 2023-05-01 2023-05-12
HASH b63bca8d35653ce17b99b89f00fbee9… 2023-05-01 2023-05-12
HASH a131edf272f1df1c841a9c457a50011… 2023-05-01 2023-05-12
HASH 8a7ba38d597e8230609df4153039d1b… 2023-05-01 2023-05-12
HASH 31908e42d8cb30f5bda71516de7c5c6… 2023-05-01 2023-05-12
HASH f0cf1829a93751d2f7e812545af079a… 2023-05-01 2023-05-12
HASH 7e2b38decf1f826fbb792d762d9e6a2… 2023-05-01 2023-05-12
HASH 782f24a4b8fa692489ddfdac5eb989f… 2023-05-01 2023-05-12
HASH 4867215129fead94a52e4b62ef6851b… 2023-05-01 2023-05-12
HASH d18cda8fc17f0c412b209dda24784cb… 2023-05-01 2023-05-12
HASH 7935839ab987a47b9bacc2daf12e7af… 2023-05-01 2023-05-12
HASH 60701bdae4b33de7c53e4a0708b7187… 2023-05-01 2023-05-12
HASH d6c3d0d2dedfa37cd1bebded60f303b… 2023-05-01 2023-05-12
HASH ba186a1a97d4f647dad39cb3ccae546… 2023-05-01 2023-05-12
HASH d0072130eb4ee81ffba5b703a16c276… 2023-05-01 2023-05-12
HASH fc07a2468fafc762e106dd33fd0734a… 2023-05-01 2023-05-12
HASH 48bd1c5cf9ccc3d454ab80d7284abaf… 2023-05-01 2023-05-12
DOMAIN openaibt.com 2023-05-01 2023-05-12
IPv4 104.200.137.32 2023-05-01 2023-05-12
HASH 826f2a2a25f7b7d42f54d18a99f6721… 2022-11-29 2023-05-12

Related Reports

« Back