search

chartingshow / crypto-firewall

🎁 Blocks browser-based crypto mining, cryptojacking, banking and crypto malware and phishing websites, apps and hackers command-and-control (C2) servers.
GNU General Public License v3.0
7 stars 0 forks source link

Block `DarkMe` malware #441

Closed summercms closed 4 months ago

summercms commented 4 months ago

Enhancement idea

Description

The Water Hydra group was first detected in 2021, when it gained notoriety for targeting the financial industry, launching attacks against banks, cryptocurrency platforms, forex and stock trading platforms, gambling sites, and casinos worldwide.

Water Hydra exploited CVE-2024-21412 to target forex trading forums and stock trading Telegram channels in spear phishing attacks, pushing a malicious stock chart linking to a compromised trading information websites.

Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-smartscreen-zero-day/ioc-water-hydra-cve-2024-21412.txt

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

87iavv.com
fxbulls.ru
p2oaviwt39ui.com
unfawjelesst322.com

IP's

179.43.172.127
179.43.172.191
64.31.63.194
64.31.63.70
84.32.189.74

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a