HookAds Campaign Leads to RIG EK and Drops ZeuS Panda.
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | 6492a45d-b5f8-47ef-a538-807a6fe61a01 |
| Fingerprint | bc23295d7ebfc5c3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 14, 2017, 1:11 p.m. |
| Added to db | Jan. 18, 2023, 9:59 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | HookAds Campaign Leads to RIG EK and Drops ZeuS Panda. |
| Title | HookAds Campaign Leads to RIG EK and Drops ZeuS Panda. |
| Detected Hints/Tags/Attributes | 37/2/37 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 1 | AS62088 |
|
| Details | Domain | 1 | rocksident.info |
|
| Details | Domain | 2 | nekfad.xyz |
|
| Details | Domain | 1 | davydovamihalina02.example.com |
|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 1 | lax28s15-in-f14.1e100.net |
|
| Details | Domain | 1 | tinyupload.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | File | 8 | popunder.php |
|
| Details | File | 1 | rocksident.inf |
|
| Details | File | 1 | bilonebilo.exe |
|
| Details | File | 1 | comsupportflashplayersyswebapps.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 7 | windowssystem32svchost.exe |
|
| Details | File | 1 | advertising.txt |
|
| Details | File | 1 | 149.txt |
|
| Details | File | 1 | 149.swf |
|
| Details | File | 23 | o32.tmp |
|
| Details | sha256 | 1 | ebfbed3dcb88f480bffc9f8855d43b4c0d3ffc37919a25a382e8233c5f171b84 |
|
| Details | sha256 | 1 | b18b668915e46a1e3cd0515449d8f958df4e7cb998c549c9b52bd73555586edf |
|
| Details | sha256 | 1 | 25ea9df2932a2441a919978151145c6aeff96c89830bb0d0cd6dfb55e7e3e6eb |
|
| Details | sha256 | 1 | ef9861034c348993c4962008860264d69c4144431b84c94483d1c3d7da3ad0dc |
|
| Details | sha256 | 1 | 5007255195dc24c63dfc7bdcddaa827893c8fce5bc080bdf1ab2c55b08e267bb |
|
| Details | sha256 | 1 | 161385403c4044b0ee62b56a5f038d3bb9bb62274a98bf539e978592f65fe2f5 |
|
| Details | sha256 | 1 | 318d7b19ac9d836eeb6ddc4ee2d767ccd4aca2c445c373a0b4b5afd142a700d8 |
|
| Details | IPv4 | 1 | 188.225.83.149 |
|
| Details | IPv4 | 1 | 5.8.88.219 |
|
| Details | IPv4 | 3 | 5.8.88.0 |
|
| Details | IPv4 | 1 | 5.8.88.255 |
|
| Details | IPv4 | 1 | 172.217.11.174 |
|
| Details | IPv4 | 10 | 80.77.82.41 |
|
| Details | IPv4 | 1 | 188.225.83.137 |
|
| Details | Url | 1 | http://rocksident.info/banners/advertising |
|
| Details | Url | 1 | http://188.225.83.149/?njy3njq5&twixy=xxvqmvwzbrxqc53ekvjct6nemvhrhecl2yqdmrhsefjaevwkzrbftf_wozkatwsg6_jtdfj&party=udqrjjbhregdonntcwwgt9qqnikwezxsy1j |
|
| Details | Url | 1 | https://www.proofpoint.com/us/threat-insight/post/panda-banker-new-banking-trojan-hits-the-market |
|
| Details | Windows Registry Key | 15 | HKCUSoftwareMicrosoftWindowsCurrentVersionRun |
|
| Details | Windows Registry Key | 2 | HKCUSoftwareMicrosoft |