Malvertising Leads to HookAds Campaign Which Redirects to RIG EK at 188.225.74.13. RIG EK Drops Dreambot.
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Malvertising - T1583.008 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 653ba32a-8b17-4baf-aadd-0a03ba9c5726 |
| Fingerprint | f8ab24792e7c478d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 25, 2017, 2:23 a.m. |
| Added to db | Jan. 18, 2023, 9:59 p.m. |
| Last updated | Nov. 2, 2024, 8:03 a.m. |
| Headline | Malvertising Leads to HookAds Campaign Which Redirects to RIG EK at 188.225.74.13. RIG EK Drops Dreambot. |
| Title | Malvertising Leads to HookAds Campaign Which Redirects to RIG EK at 188.225.74.13. RIG EK Drops Dreambot. |
| Detected Hints/Tags/Attributes | 22/2/31 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | jwvwak1a.com |
|
| Details | Domain | 1 | boultrated.info |
|
| Details | Domain | 1 | viewt.zip |
|
| Details | Domain | 9 | ip-addr.es |
|
| Details | Domain | 35 | resolver1.opendns.com |
|
| Details | Domain | 20 | 222.222.67.208.in-addr.arpa |
|
| Details | Domain | 35 | myip.opendns.com |
|
| Details | Domain | 4 | aeeeeeeeeeeeeeeeeeeeeeeeeeeeva.onion |
|
| Details | File | 8 | popunder.php |
|
| Details | File | 1 | boultrated.inf |
|
| Details | File | 1 | viewt.zip |
|
| Details | File | 35 | 2.txt |
|
| Details | File | 1 | bbwjobs.txt |
|
| Details | File | 1 | 13.txt |
|
| Details | File | 1 | 13.swf |
|
| Details | File | 23 | o32.tmp |
|
| Details | File | 1 | 4aqdak84.exe |
|
| Details | sha256 | 1 | 46630f9f89794376d37715606fb333017106749532f444517efb6ebcc4be8652 |
|
| Details | sha256 | 1 | 1c7fd09b6dc9bb0a817d04569705e68e2140c1de6fdc1d091dda9577f2ee2d39 |
|
| Details | sha256 | 1 | 15536875d8a40b7f8541475d68017a795318fed86f682e1635c89359dd89cc95 |
|
| Details | sha256 | 1 | 6f2be67a2bc9f1a61577feb5ab364c014b89f1cfb7f29461e8439de57a081b80 |
|
| Details | sha256 | 1 | 9970412366402809ba2089cb8fc23d92199d13226b67f0302b1fa87adb138352 |
|
| Details | sha256 | 1 | b1e2e9182211e866dce3cfc7a62641b7a2bff194cb94d25e98064c524cc32ad6 |
|
| Details | IPv4 | 1 | 188.225.74.13 |
|
| Details | IPv4 | 10 | 80.77.82.41 |
|
| Details | IPv4 | 1 | 23.227.201.103 |
|
| Details | IPv4 | 2 | 64.182.208.181 |
|
| Details | IPv4 | 24 | 222.222.67.208 |
|
| Details | Url | 1 | http://boultrated.info/banners/bbwjobs. |
|
| Details | Windows Registry Key | 15 | HKCUSoftwareMicrosoftWindowsCurrentVersionRun |
|
| Details | Windows Registry Key | 7 | HKCUSoftwareAppDataLowSoftwareMicrosoft |