ioc[.]one - OSINT Cyber Threat Intelligence Database

The Case of Cloud9 Chrome Botnet - Zimperium

Tags

attack-pattern:

Data Botnet - T1583.005 Botnet - T1584.005 Clipboard Data - T1414 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Browser Extensions - T1176 Clipboard Data - T1115

Show in Graph

Common Information

Type	Value
UUID	186b480c-b1f6-4590-8c25-b4be8601287f
Fingerprint	94249e118d7b838b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 7, 2022, 10 p.m.
Added to db	Dec. 22, 2022, 10:55 a.m.
Last updated	Nov. 17, 2024, 9:55 a.m.
Headline	The Case of Cloud9 Chrome Botnet
Title	The Case of Cloud9 Chrome Botnet - Zimperium
Detected Hints/Tags/Attributes	61/1/27

Source URLs

	Redirection	Url
Details	Source	https://www.zimperium.com/blog/the-case-of-cloud9-chrome-botnet/
Details	Source	https://zimpstage.wpengine.com/blog/the-case-of-cloud9-chrome-botnet/

URL Provider

Details	Provider	Source level domain
Details	wpengine.com	zimpstage.wpengine.com
Details	zimperium.com	www.zimperium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	75	✔	Blogs Archive - Zimperium	https://blog.zimperium.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	5		cve-2019-11708
Details	CVE	3		cve-2019-9810
Details	CVE	55		cve-2014-6332
Details	CVE	77		cve-2016-0189
Details	CVE	9		cve-2016-7200
Details	Domain	1		download.agency
Details	Domain	1		download.loginserv.net
Details	Domain	2		cloud-miner.de
Details	Domain	1		p27rjz4oiu53u4gm.onion.link
Details	Domain	1		zmsp.top
Details	File	3		campaign.js
Details	File	86		manifest.json
Details	File	1		cthulhu.js
Details	File	2		download.log
Details	sha256	1		d8159d8b2f82ca62d73e15f8fc9f38831090afe99a75560effb1ad81dcb46228
Details	sha256	1		fc194cd7fe68424071feb3087cd5aa6616dfcd7cc06588d867505dd969f50db4
Details	sha256	1		4b7ba9632318c84115ec345e2c4d07283c6a81e0112bb38b9400f0fabeb8e3be
Details	sha256	1		062ebb3d6967744ecd9abba13fdae1edb2ae5248e228d1ad39800bc742815d02
Details	sha256	1		f22eb3fab95165f994bb12c9764583939db12176a298aeb065586b7d01301165
Details	sha256	1		dc20a36d9e2e767bb994d29a50b75afc3ac757e430a7d6abb1fa8ef7fe44ebfa
Details	IPv4	1		70.66.139.68
Details	IPv4	2		107.174.133.119
Details	Url	1		http://download.agency
Details	Url	1		http://download.loginserv.net
Details	Url	1		https://cloud-miner.de
Details	Url	1		https://p27rjz4oiu53u4gm.onion.link
Details	Url	1		https://zmsp.top/bot/cloud9-github