Major malvertising campaign spreads Kovter Ad Fraud malware | Malwarebytes Labs
Tags
| country: | Canada Germany |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Domains - T1583.001 Domains - T1584.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | 46772366-89d7-4d57-900f-a8b728611fe0 |
| Fingerprint | 245028519803b6c9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 8, 2015, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 5:56 p.m. |
| Headline | Major malvertising campaign spreads Kovter Ad Fraud malware |
| Title | Major malvertising campaign spreads Kovter Ad Fraud malware | Malwarebytes Labs |
| Detected Hints/Tags/Attributes | 42/3/65 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 55 | cve-2014-6332 |
|
| Details | Domain | 6 | news.yahoo.com |
|
| Details | Domain | 3 | huffingtonpost.com |
|
| Details | Domain | 158 | aol.com |
|
| Details | Domain | 5 | weather.com |
|
| Details | Domain | 2 | sports.yahoo.com |
|
| Details | Domain | 3 | tmz.com |
|
| Details | Domain | 3 | nydailynews.com |
|
| Details | Domain | 2 | tagged.com |
|
| Details | Domain | 3 | chron.com |
|
| Details | Domain | 229 | match.com |
|
| Details | Domain | 1 | legacy.com |
|
| Details | Domain | 1 | startribune.com |
|
| Details | Domain | 1 | 123greetings.com |
|
| Details | Domain | 1 | gaiaonline.com |
|
| Details | Domain | 1 | beforeitsnews.com |
|
| Details | Domain | 1 | intellicast.com |
|
| Details | Domain | 1 | mom.me |
|
| Details | Domain | 2 | centurylink.net |
|
| Details | Domain | 1 | rent.com |
|
| Details | Domain | 1 | entertainment.verizon.com |
|
| Details | Domain | 1 | windstream.net |
|
| Details | Domain | 1 | twincities.com |
|
| Details | Domain | 1 | webmail.comcast.net |
|
| Details | Domain | 1 | webmaila.juno.com |
|
| Details | Domain | 12 | alexa.com |
|
| Details | Domain | 9 | similarweb.com |
|
| Details | Domain | 2 | advertising.com |
|
| Details | Domain | 1 | adtech.de |
|
| Details | Domain | 6 | googlesyndication.com |
|
| Details | Domain | 1 | foxbusness.com |
|
| Details | Domain | 2 | tpc.googlesyndication.com |
|
| Details | Domain | 1 | uhupa.econsumerproductexposed.swidnica.pl |
|
| Details | Domain | 1 | choim.vjutakujoho.mazowsze.pl |
|
| Details | Domain | 1 | keywo.mbaang.olsztyn.pl |
|
| Details | Domain | 1 | etern.xbkblogueurpro.nysa.pl |
|
| Details | Domain | 1 | omais.uacademics.miasta.pl |
|
| Details | Domain | 1 | a16-kite.pw |
|
| Details | Domain | 1 | a16.car.biz |
|
| Details | Domain | 154 | youtu.be |
|
| Details | File | 4 | container.html |
|
| Details | File | 1 | swidnica.pl |
|
| Details | File | 1 | mazowsze.pl |
|
| Details | File | 1 | olsztyn.pl |
|
| Details | File | 1 | nysa.pl |
|
| Details | File | 1 | miasta.pl |
|
| Details | File | 1 | pruszkow.pl |
|
| Details | File | 20 | page.php |
|
| Details | File | 1 | sanok.pl |
|
| Details | File | 1 | ostrowwlkp.pl |
|
| Details | File | 1 | limanowa.pl |
|
| Details | File | 1 | podlasie.pl |
|
| Details | File | 1 | repfix.exe |
|
| Details | File | 1 | form2.php |
|
| Details | File | 14 | form.php |
|
| Details | sha1 | 1 | c5893070b1e9a472d191ceb6b65e2d472bfc0e4c |
|
| Details | sha1 | 1 | 46cab3acbf9a045526dca7c288a3b051064fd23b |
|
| Details | sha1 | 1 | 8eb85bf31fa1e087bd8165bbe8876e32a137fd07 |
|
| Details | sha1 | 1 | 8d75a79e1ee7a789ba8c26ef163fab9a2b81d81d |
|
| Details | sha1 | 1 | 0b457ead38ceaed7d086cea48e2b21a7d264f863 |
|
| Details | IPv4 | 1 | 176.9.251.252 |
|
| Details | IPv4 | 1 | 162.247.13.70 |
|
| Details | IPv4 | 1 | 195.138.246.17 |
|
| Details | Url | 1 | http://tpc.googlesyndication.com/safeframe/1-0-1/html/container.html |
|
| Details | Url | 1 | http://youtu.be/llozyyeumg4 |