RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
Tags
country: Bangladesh Germany Italy Spain Romania
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Valid Accounts - T1078 Valid Accounts
Show in Graph
Common Information
Type Value
UUID 5a50d63c-1a98-4b79-ba1a-a709f5e80185
Fingerprint a5050db9813782c7
Analysis status DONE
Considered CTI value 2
Text language
Published July 12, 2021, 10 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 11:36 p.m.
Headline UNKNOWN
Title RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
Detected Hints/Tags/Attributes 112/3/31
Source URLs
Redirection Url
Details Source https://securityintelligence.com/posts/roboski-global-recovery-automation/
URL Provider
Details Provider Source level domain
Details securityintelligence.com securityintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 1175 
gmail.com
Details Domain 2 
tutanota.com.de
Details Domain 2 
8123wsheurope.access.ly
Details Domain 3 
adam9.ddns.net
Details Domain 2 
uyeco.pw
Details Domain 2 
zolta.icu
Details Domain 9 
alphastand.trade
Details Domain 2 
alphashtand.top
Details Domain 9 
alphastand.win
Details Domain 12 
kbfvzoboss.bid
Details Domain 3 
azmtool.us
Details Domain 4 
becharnise.ir
Details Domain 3 
newcesarnex.com
Details Domain 3 
klimsourcinq.com
Details Domain 3 
laboratoriogenfarp.linkpc.net
Details Domain 2 
o5.ga
Details Email 2 
janattbs7@gmail.com
Details Email 2 
imports@tutanota.com.de
Details File 2 
%appdata%\microsift.exe
Details File 2 
%temp%\windefendllinici.exe
Details File 2 
%appdata%\notes\logs.dat
Details File 2 
%appdata%\seguridad\logs.dat
Details md5 2 
A830299B3222E31F1F2765E3AC4D37FD
Details md5 2 
8896DBA4C4FC821D8BAAC764BC9822E3
Details md5 2 
9b792353406c1c8bf440fa5417aee5b2
Details IPv4 2 
79.134.225.44
Details IPv4 2 
79.134.225.71
Details IPv4 2 
184.140.53.148
Details IPv4 2 
79.134.225.14
Details IPv4 2 
91.241.19.107
Details IPv4 2 
176.111.174.14