IcedID (Bokbot) with Dark VNC and Cobalt Strike - SANS Internet Storm Center
Tags
Common Information
Type | Value |
---|---|
UUID | 5167c178-d118-4841-b849-c8cf715a0faf |
Fingerprint | 3db53b7e36ef4487 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | July 27, 2022, midnight |
Added to db | Oct. 24, 2023, 1:42 p.m. |
Last updated | Dec. 24, 2024, 5:56 a.m. |
Headline | Internet Storm Center |
Title | IcedID (Bokbot) with Dark VNC and Cobalt Strike - SANS Internet Storm Center |
Detected Hints/Tags/Attributes | 30/2/37 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://isc.sans.edu/diary/rss/28884 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1 | tritehairs.com |
|
Details | Domain | 1 | lufuyadehi.com |
|
Details | Domain | 1 | peranistaer.top |
|
Details | Domain | 2 | wiandukachelly.com |
|
Details | Domain | 2 | alohasockstaina.com |
|
Details | Domain | 1 | gruvihabralo.nl |
|
Details | Domain | 1 | zuyonijobo.com |
|
Details | Domain | 90 | malware-traffic-analysis.net |
|
Details | File | 34 | license.dat |
|
Details | File | 1 | figures.iso |
|
Details | File | 1 | pgjqfv.js |
|
Details | File | 1 | t1ovwm.dat |
|
Details | File | 1102 | rundll32.exe |
|
Details | File | 1 | jgv5xfie.dat |
|
Details | File | 1 | olfann64.dll |
|
Details | File | 11 | svchost.dll |
|
Details | File | 1 | yuicku32.dll |
|
Details | File | 498 | regsvr32.exe |
|
Details | sha256 | 1 | 4b86c52424564e720a809dca94f5540fcddac10cb57618b44d693e49fd38c0a5 |
|
Details | sha256 | 1 | d9a7ce532ee39918815f9dd03d0b4961ef85dddfd2498759b868e9ed8858a532 |
|
Details | sha256 | 1 | 4661a789c199544197a7d3ccfedb51ec95393641fb44875c92cf6c2c4a40fc1d |
|
Details | sha256 | 1 | eef2684a47bbadf954f3bc06b3611989447f1b5cfd47cdeacb38321987b3565c |
|
Details | sha256 | 1 | df66d308065919c5d45f6c9b718b1a7c58f9e461488bbef850c924728f053b14 |
|
Details | sha256 | 1 | f53321d9a70050759f1d3d21e4748f6e9432bf2bc476f294e6345f67e6c56c3e |
|
Details | sha256 | 2 | a15ae5482b31140220bb75ce2e6c53aaafe3dc702784a0d235a77668e3b0a69a |
|
Details | sha256 | 1 | ee0379ef06a74b3c810b4f757097cd0534ec5c4ebf0d92875b07421fe1a5dd55 |
|
Details | sha256 | 1 | e512027d42d829fad95d14aa4c48f3ce30089e5c200681a2bded67068b8973f4 |
|
Details | sha256 | 3 | 1de8b101cf9f0fabc9f086bddb662c89d92c903c5db107910b3898537d4aa8e7 |
|
Details | sha256 | 1 | a7a0025d77b576bcdaf8b05df362e53a748b64b51dd5ec5d20cf289a38e38d56 |
|
Details | IPv4 | 1 | 159.203.45.144 |
|
Details | IPv4 | 2 | 46.21.153.211 |
|
Details | IPv4 | 1 | 178.33.187.139 |
|
Details | IPv4 | 4 | 135.181.175.108 |
|
Details | IPv4 | 1 | 108.177.235.8 |
|
Details | IPv4 | 1 | 108.62.118.133 |
|
Details | Url | 1 | http://tritehairs.com |
|
Details | Url | 1 | http://lufuyadehi.com/svchost.dll |