ioc[.]one - OSINT Cyber Threat Intelligence Database

Technical Analysis of the Winbox Payload in WindiGo

Tags

country:	Brazil China Latvia Vietnam United States Of America
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Network Devices - T1584.008 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Brute Force - T1110 Connection Proxy - T1090 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	535df984-1f74-47df-afed-871f71c5a2e3
Fingerprint	a78131154c3330c5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 6, 2022, 9:26 a.m.
Added to db	Dec. 14, 2022, 4:13 p.m.
Last updated	Oct. 28, 2024, 6:07 a.m.
Headline	Technical Analysis of the Winbox Payload in WindiGo
Title	Technical Analysis of the Winbox Payload in WindiGo
Detected Hints/Tags/Attributes	61/2/27

Source URLs

	Redirection	Url
Details	Source	https://www.nozominetworks.com/blog/technical-analysis-of-the-winbox-payload-in-windigo/

URL Provider

Details	Provider	Source level domain
Details	nozominetworks.com	www.nozominetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	345	✔	—	https://www.nozominetworks.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	27	cve-2018-14847
Details	Domain	1	zancetom.com
Details	Domain	2	myfrance.xyz
Details	Domain	3	bestony.club
Details	Domain	1	strtbiz.site
Details	Domain	1	cloudsond.me
Details	Domain	1	spacewb.tech
Details	Domain	2	gamedate.xyz
Details	Domain	1	fanmusic.xyz
Details	Domain	1	1abcnews.xyz
Details	Domain	1	gamesone.xyz
Details	Domain	1	bestmade.xyz
Details	Domain	1	picsgifs.xyz
Details	Domain	1	my1story.xyz
Details	Domain	1	mobigifs.xyz
Details	Domain	1	mobstore.xyz
Details	Domain	1	myphotos.xyz
Details	Domain	1	onlinegt.xyz
Details	File	14	user.dat
Details	sha256	1	c4ea89b8795bd7ee97594ca62e1e9c5189e338ba1765a819cf54bd2f89922768
Details	sha256	1	5191548b8edf4b98e623f055f5205e2db17aa220c28928b1da1c3a9ba1a75ee0
Details	sha256	1	9d790a4377414a1e96b329fbf7741e90c8c8099d5e5996d718f663a79bb43037
Details	sha256	1	7f3f983368989fdd9216cdd6b5a6c6063442cf3dbed5b4055b47b04ccb2fbdbb
Details	IPv4	10	100.64.0.0
Details	Windows Registry Key	1	HKCU\Software\Microsoft\TestApp\Servers
Details	Windows Registry Key	1	HKCU\Software\Microsoft\TestApp\ServiceVersion
Details	Windows Registry Key	1	HKCU\Software\Microsoft\TestApp\UUID