ioc[.]one - OSINT Cyber Threat Intelligence Database

Riltok mobile Trojan: A banker with global reach

Tags

country:	France Italy Russia Ukraine United Kingdom
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Credentials - T1589.001 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	1d916ff1-ec7b-4c59-ba41-ec5ae400b2cc
Fingerprint	d7d4555b8b7b9685
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 25, 2019, 10 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 14, 2024, 8:10 a.m.
Headline	Riltok mobile Trojan: A banker with global reach
Title	Riltok mobile Trojan: A banker with global reach
Detected Hints/Tags/Attributes	41/3/72

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/mobile-banker-riltok/91374/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	youlabuy.ru
Details	Domain	1	youla-protect.ru
Details	Domain	1	gumtree.cc
Details	Domain	1	subito-a.pw
Details	Domain	1	subitop.pw
Details	Domain	1	m-leboncoin.top
Details	Domain	1	leboncoin-le.com
Details	Domain	1	librealtalk-jni.so
Details	Domain	1	alr992.date
Details	Domain	1	avito-app.pw
Details	Domain	1	backfround2.pw
Details	Domain	1	background1.xyz
Details	Domain	1	blacksolider93.com
Details	Domain	1	blass9g087.com
Details	Domain	1	brekelter2.com
Details	Domain	1	broplar3hf.xyz
Details	Domain	1	buy-youla.ru
Details	Domain	1	cd78cg210xy0.com
Details	Domain	1	copsoiteess.com
Details	Domain	1	farmatefc93.org
Details	Domain	1	firstclinsop.com
Details	Domain	1	holebrhuhh3.com
Details	Domain	1	holebrhuhh45.com
Details	Domain	1	karambga3j.net
Details	Domain	1	le22999a.pw
Details	Domain	1	leboncoin-bk.top
Details	Domain	1	leboncoin-buy.pw
Details	Domain	1	leboncoin-cz.info
Details	Domain	1	leboncoin-f.pw
Details	Domain	1	leboncoin-jp.info
Details	Domain	1	leboncoin-kp.top
Details	Domain	1	leboncoin-ny.info
Details	Domain	1	leboncoin-ql.top
Details	Domain	1	leboncoin-tr.info
Details	Domain	1	myyoula.ru
Details	Domain	1	sell-avito.ru
Details	Domain	1	sell-youla.ru
Details	Domain	1	sentel8ju67.com
Details	Domain	1	subito-li.pw
Details	Domain	1	web-gumtree.com
Details	Domain	1	whitehousejosh.com
Details	Domain	1	whitekalgoy3.com
Details	Domain	1	youlaprotect.ru
Details	File	1	gumtree.apk
Details	File	1	subito.apk
Details	File	1	leboncoin.apk
Details	File	101	gate.php
Details	File	1	gating.php
Details	File	24	report.php
Details	File	1	alr992.dat
Details	File	1	leboncoin-cz.inf
Details	File	1	leboncoin-jp.inf
Details	File	1	leboncoin-ny.inf
Details	File	1	leboncoin-tr.inf
Details	sha256	1	0497b6000a7a23e9e9b97472bc2d3799caf49cbbea1627ad4d87ae6e0b7e2a98
Details	sha256	1	417fc112cd0610cc8c402742b0baab0a086b5c4164230009e11d34fdeee7d3fa
Details	sha256	1	54594edbe9055517da2836199600f682dee07e6b405c6fe4b476627e8d184bfe
Details	sha256	1	6e995d68c724f121d43ec2ff59bc4e536192360afa3beaec5646f01094f0b745
Details	sha256	1	bbc268ca63eeb27e424fec1b3976bab550da304de18e29faff94d9057b1fa25a
Details	sha256	1	dc3dd9d75120934333496d0a4100252b419ee8fcdab5d74cf343bcb0306c9811
Details	sha256	1	e3f77ff093f322e139940b33994c5a57ae010b66668668dc4945142a81bcc049
Details	sha256	1	ebd0a8043434edac261cb25b94f417188a5c0d62b5dd4033f156b890d150a4c5
Details	sha256	1	f51a27163cb0ddd08caa29d865b9f238848118ba2589626af711330481b352df
Details	IPv4	2	108.62.118.131
Details	IPv4	1	172.81.134.165
Details	IPv4	1	172.86.120.207
Details	IPv4	1	185.212.128.152
Details	IPv4	1	185.212.128.192
Details	IPv4	1	185.61.138.108
Details	IPv4	1	185.61.138.37
Details	IPv4	1	188.209.52.101
Details	IPv4	1	5.206.225.57