ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Source (April 18): New attacks distribute Formbook, LokiBot

Tags

country:	Ecuador Lebanon
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	4c7c389b-d9fc-4810-b8bf-5ce3bed57847
Fingerprint	ec902903c1a37a39
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 18, 2019, 2 p.m.
Added to db	Oct. 9, 2022, 4:18 p.m.
Last updated	Nov. 17, 2024, 5:54 p.m.
Headline	Vulnerability Information
Title	Threat Source (April 18): New attacks distribute Formbook, LokiBot
Detected Hints/Tags/Attributes	66/3/103

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	5	maftask.zip
Details	Domain	1	sharedrive.top
Details	Domain	1	alkzonobel.com
Details	Domain	1	web2prox.com
Details	Domain	1	office.webxpo.us
Details	Domain	1	sunny-displays.com
Details	Domain	1	modernizingforeignassistance.net
Details	Domain	1	plenoils.com
Details	Domain	55	live.com
Details	Domain	1	matterbusiness.xyz
Details	Domain	2	outlook.de
Details	Domain	1	ropasz.ml
Details	Domain	1	biven.ml
Details	Domain	1	viotaz.ml
Details	Domain	1	drylnewby.cf
Details	Domain	287	yahoo.com
Details	Domain	1174	gmail.com
Details	Domain	6	cysinfo.com
Details	Domain	1	antifraudintl.org
Details	Email	1	g9825@live.com
Details	Email	1	mailer@matterbusiness.xyz
Details	Email	1	inf0-greenhillsports@outlook.de
Details	Email	1	youzs@ropasz.ml
Details	Email	1	punker@biven.ml
Details	Email	1	otaz@viotaz.ml
Details	Email	1	riyanlepine@drylnewby.cf
Details	Email	1	webxpoinc@yahoo.com
Details	Email	1	chosipongs@gmail.com
Details	File	34	qmreportupload.exe
Details	File	4	max.exe
Details	File	5	cab.exe
Details	File	6	ups.exe
Details	File	5	maftask.zip
Details	File	82	fre.php
Details	File	4	pvqdq929bsx_a_d_m1n_a.php
Details	File	1	po58609.doc
Details	File	1	po58610.doc
Details	md5	38	47b97de62ae8b2b927542aa5d7f3c858
Details	md5	4	4cf6cc9fafde5d516be35f73615d3f00
Details	md5	4	b89b37a90d0a080c34bbba0d53bd66df
Details	md5	2	147ba798e448eb3caa7e477e7fb3a959
Details	md5	3	6372f770cddb40efefc57136930f4eb7
Details	sha256	31	3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
Details	sha256	3	8f236ac211c340f43568e545f40c31b5feed78bdf178f13abe498a1f24557d56
Details	sha256	3	46bc86cff88521671e70edbbadbc17590305c8f91169f777635e8f529ac21044
Details	sha256	2	790c213e1227adefd2d564217de86ac9fe660946e1240b5415c55770a951abfd
Details	sha256	3	d05a8eaf45675b2e0cd6224723ededa92c8bb9515ec801b8b11ad770e9e1e7ed
Details	sha256	1	1ace02fe46edcff8d775e3e3865813d204b138ab50e3edf6b94fc0c3afd9e883
Details	sha256	1	7a47388b6d66aadeb16cf86cc27bab61006ee33f561a99d2f54f3e8b7652361e
Details	sha256	1	cc63041400a7b39fb0560b1e5ecfe980f0ff4915b473881e203b85a14c192e50
Details	sha256	1	33ae7a8b755786de1e56341449c763fa43861a503937b3de0778188814b0f5f2
Details	sha256	1	45fd204c881bc2002cba8b58eb8f135c8e8f2b290bcede597ab1bd6647028570
Details	sha256	1	8b6819c03ab993eb21adb59f06cb4476eb6ea869f61004b56df7b3a1ee999e28
Details	sha256	1	46a047e141ed8fa151a9e3cf869ed2c56234d0de0b627d998b247150c8f99984
Details	sha256	1	597cab0edaf0034d7aab7b1ecca1bf0dcd25a094cdaf10bca6f7cb38c7f17daf
Details	sha256	1	d6e4818a63a1dc2a1887135563c0591bdb4d524b6bd4d37aa5e5051935aa7578
Details	sha256	1	ae55388db9f39945f3aee9e6c2a66bacfe6483eb83341b0982a6741c83a28a34
Details	sha256	1	e27d1d4de73d75968cacc3a581e54f71fef372a8661297c59a8d1a8cea60a51d
Details	sha256	1	8220331b94a0dc7207246b0a2193ba2335bb70c673a085f52de0bb66786c86ce
Details	sha256	1	3497d5897559c595f1ebd982171d74770dd135973eb6ea62f8fad6fec6438acc
Details	sha256	1	2718ac89d522881522af2fb0b552ef55e25308544b594ed64e7f15f31acdec73
Details	sha256	1	bfce7a05c96bf7ffbafa03f283c0fa2bdc13521f9e2f1664cb522d88def782c6
Details	sha256	1	907c57b17f97570704df5391c2f49ff2a13d513f1da95c0f24f34285bb01dfe4
Details	sha256	1	6d4211fe7b01222bfa653dcc9e3eadd542bbd5b03ab44f2c459508eff9acff39
Details	sha256	1	636fd49f53c72528f7a8780ccb4cf064839a9bd29f3f65499f10919ae5939c0a
Details	sha256	1	5b1392ad890381075aeac3ef5839aace8a42460ca80834320a483202656721d6
Details	sha256	1	0ca5a9a87b301d664c16c9237900adf3e12a48c5a36b7d94e4beb99eeaf127d7
Details	sha256	1	7db875e9bf67c66365778004bcb5e502f91e852ad02f99b7be5160350d3edcf2
Details	sha256	1	ff063e2b52f753778ac92eb436e6b35f6255c11970febc9868c29abd2e3fbeac
Details	sha256	1	dea7c0f7d5c7b941d1dbae7f271cec5906fd08d529a5165e4bdb825fd502a79f
Details	sha256	1	b9bc454e763b66df9623de4116503f3f1972eaa83beafe062856b214e01dad25
Details	sha256	1	a1f9826d9e376eaca7b6f597fbec52ae6b588d687e083fca09606cbc1bb0ce10
Details	sha256	1	1b60205a11da53b07e53297f26353d65d6e3777de2464b59b73908dec51d8560
Details	sha256	1	3de7152b38fa291592f749037908c01ab85705e138073ede18286dd2ac18fc4a
Details	sha256	1	64fc2ec1ece8ffed4d8d7a94f48fa5ac191b3b7de8a2da8971c75f28aa7dd960
Details	sha256	1	e27c409bd463f4d14ee606b71216ef895f8767a6d1845d8a92bd2dd17dd3f797
Details	sha256	1	2acc3bdf6821d27a401376845659040d75dd31d0405da2e1809a22a9b5f65145
Details	sha256	1	461a950af13fe9b1d18c9895b7fa844ab9fcae0b7f17af438bd886fae146502e
Details	sha256	1	97d3a9daa6c215983b340d8b4e8bf89561383e260a2c05f71c6d26014f6bc96d
Details	sha256	1	1c878537a25979839e31f128e8ef4e7f582c196448c8e0e1277f0568e566a067
Details	sha256	1	722be87f72a8e18c0b7f50cdac7e118f64364f519cf59d0b4e0f4798029847d8
Details	sha256	1	1365104bee40dc25b0df2e9102961c9fbce10658cce9f15b9f45d0e60e18d3a9
Details	sha256	1	c08fafb05053df47f2f830d0c6d7fe34be30b13bd2280ab2db6249d7dae6b5fb
Details	sha256	1	811c32c017d340fe1d198ff441b14d95c7101bd04cd4fdeaaaf03124700bf3ef
Details	sha256	1	1c3c62a64dcb66595eb8140fc73a9e0cbfdc9fe5f73f802489c04a460fa6e6ba
Details	sha256	1	3a5d7cd294848302f16c47735fe6342c1811c4d2309ff1a250d9bad267c2e278
Details	sha256	1	d667c0c158786889fafa273d81bce9980bdc6ab54ea58bd2a558e248598158ac
Details	sha256	1	62ed293128f4728ef73efb2089d92e68fe21937aca34577d3083d1cda3fab60e
Details	sha256	1	b0dc50e22a2c3fe76831f2990dcd7b1b0ca969113c2d0c962d84c5e8b02ae75f
Details	sha256	1	5b3c39e9d85ac947f830ed02988277f6460b991aa050063545cffb147029fd51
Details	IPv4	1	173.198.217.123
Details	IPv4	1	37.49.225.195
Details	IPv4	1	84.38.132.25
Details	IPv6	63	::1201
Details	Url	1	https://sharedrive.top/?qp
Details	Url	1	http://sunny-displays.com:80/old/lk/fre.php
Details	Url	1	http://sunny-displays.com/secured/lk/pvqdq929bsx_a_d_m1n_a.php
Details	Url	1	http://modernizingforeignassistance.net/wp-content/plugins/projects/we.hta
Details	Url	1	http://37.49.225.195/hook/logs/fre.php
Details	Url	1	https://cysinfo.com/nefarious-macro-malware-drops-loki-bot-across-gcc-countries
Details	Url	1	https://antifraudintl.org/threads/marie-louise-el-ammar-seko-lebanon-sarl.105031
Details	Url	1	https://www.reverse.it/sample/811c32c017d340fe1d198ff441b14d95c7101bd04cd4fdeaaaf03124700bf3ef?environmentid=4
Details	Url	1	https://www.reverse.it/sample/1c3c62a64dcb66595eb8140fc73a9e0cbfdc9fe5f73f802489c04a460fa6e6ba?environmentid=1