Stantinko’s Proxy After Your Apache Server - Intezer
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 3e6f9e8f-d325-4ee9-8765-9709edeea818
Fingerprint bf153d3badf90289
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 24, 2020, 2:45 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 19, 2024, 11 a.m.
Headline Stantinko’s Proxy After Your Apache Server
Title Stantinko’s Proxy After Your Apache Server - Intezer
Detected Hints/Tags/Attributes 39/1/9
Source URLs
Redirection Url
Details Source https://www.intezer.com/blog/research/stantinkos-proxy-after-your-apache-server/
URL Provider
Details Provider Source level domain
Details intezer.com www.intezer.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
kdbmai.net
Details File 1210 
index.php
Details File 1 
kdbmai.dll
Details md5 1 
7d2a840048f32e487f8a61d7fc1a0c39
Details sha256 1 
1de81bf6ee490b6bebe9f27d5386a48700e8431f902f4f17d64ddc5d8509ca7a
Details sha256 1 
889aa5a740a3c7441cdf7759d4b1c41c98fd048f4cf7e18fcdda49ea3911d5e5
Details sha256 1 
968b41b6ca0e12ea86e51e0d9414860d13599cd127ad860e1c52c2678f4f2cb9
Details sha256 1 
43a6894d5953b37f92940d5c783c9977690f358b5e25bba8c096fa54657bb2e5
Details sha256 1 
a305d488733d50ea92a2794cb6e0aa9d1d176e2c8906305ea48ff503fc2eb276