ioc[.]one - OSINT Cyber Threat Intelligence Database

Undercovering drIBAN fraud operations 2 | Cleafy Labs

Tags

attack-pattern:

Data Model Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Hooking - T1617 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Hooking - T1179 Powershell - T1086 Scripting - T1064 Hooking Scripting

Show in Graph

Common Information

Type	Value
UUID	59c4f8d2-c394-4c67-808a-91aafa021986
Fingerprint	1e8059050d33c585
Analysis status	DONE
Considered CTI value	0
Text language
Published	May 31, 2023, midnight
Added to db	Oct. 24, 2023, 1:21 p.m.
Last updated	Nov. 18, 2024, 10:24 a.m.
Headline	Uncovering drIBAN fraud operations. Chapter 2: From sLoad to Ramnit
Title	Undercovering drIBAN fraud operations 2 \| Cleafy Labs
Detected Hints/Tags/Attributes	59/1/8

Source URLs

	Redirection	Url
Details	Source	https://www.cleafy.com/cleafy-labs/uncovering-driban-fraud-operations-chapter-2

URL Provider

Details	Provider	Source level domain
Details	cleafy.com	www.cleafy.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	1		ramnit.dll
Details	File	142		wmiprvse.exe
Details	File	1		imagindevices.exe
Details	File	12		wab.exe
Details	File	2		wabimg.exe
Details	File	1		wmbgjol.log
Details	File	1211		powershell.exe
Details	File	1		ktymrfagh.log