Everybody Gets One: QtBot Used to Distribute Trickbot and Locky
Tags
| cmtmf-attack-pattern: | Code Injection |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Code Injection - T1540 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Powershell - T1059.001 Python - T1059.006 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 Regsvr32 - T1117 |
Common Information
| Type | Value |
|---|---|
| UUID | 4de4c826-ea06-4f5d-8517-3fa6ce39ea10 |
| Fingerprint | 35bf19d120be3647 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 1, 2017, 8 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Everybody Gets One: QtBot Used to Distribute Trickbot and Locky |
| Title | Everybody Gets One: QtBot Used to Distribute Trickbot and Locky |
| Detected Hints/Tags/Attributes | 70/3/50 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | burka.ch |
|
| Details | Domain | 1 | art.ru |
|
| Details | Domain | 1 | castellodimontegioco.com |
|
| Details | Domain | 1 | nl.flipcapella.com |
|
| Details | Domain | 1 | dotecnia.cl |
|
| Details | Domain | 1 | christakranzl.at |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 1 | ds.download.windowsupdate.com |
|
| Details | Domain | 1 | toundlefa.net |
|
| Details | Domain | 1 | hobystube.net |
|
| Details | Domain | 1 | kengray.com |
|
| Details | Domain | 1 | fetchstats.net |
|
| Details | Domain | 1 | aurea-art.ru |
|
| Details | Domain | 1 | celebrityonline.cz |
|
| Details | File | 48 | c:\\windows\\system32\\cmd.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | theyweare64.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 9 | peid.exe |
|
| Details | File | 23 | x64dbg.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 40 | ollydbg.exe |
|
| Details | File | 17 | lordpe.exe |
|
| Details | File | 56 | processhacker.exe |
|
| Details | File | 29 | tcpview.exe |
|
| Details | File | 42 | vboxservice.exe |
|
| Details | File | 6 | sbiesvc.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 14 | petools.exe |
|
| Details | File | 2 | exeinfope.exe |
|
| Details | File | 44 | vboxtray.exe |
|
| Details | File | 35 | windbg.exe |
|
| Details | File | 17 | idaq.exe |
|
| Details | File | 28 | x32dbg.exe |
|
| Details | File | 65 | python.exe |
|
| Details | File | 74 | procmon.exe |
|
| Details | File | 18 | compmgmtlauncher.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | sha256 | 1 | bb92218314ffdc450320f1d44d8a2fe163c585827d9ca3e9a00cb2ea0e27f0c9 |
|
| Details | sha256 | 1 | 798aa42748dcb1078824c2027cf6a0d151c14e945cb902382fcd9ae646bfa120 |
|
| Details | sha256 | 1 | d97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2 |
|
| Details | sha256 | 1 | 4fcee2679cc65585cc1c1c7baa020ec262a2b7fb9b8dc7529a8f73fab029afad |
|
| Details | sha256 | 1 | 9d2ce15fd9112d52fa09c543527ef0b5bf07eb4c07794931c5768e403c167d49 |
|
| Details | Url | 1 | http://toundlefa.net |
|
| Details | Url | 1 | http://ds.download.windowsupdate.com |
|
| Details | Windows Registry Key | 1 | HKCU\Software\QtProject |