Is "Xmaker" the new “TrickLoader”?
Tags
| country: | Germany Singapore Russia |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Vnc - T1021.005 |
Common Information
| Type | Value |
|---|---|
| UUID | 6ba2958b-d144-4740-84bc-bbcc97e4f0ec |
| Fingerprint | ab146d7b9cb386d1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 6, 2016, 4:33 p.m. |
| Added to db | Jan. 18, 2023, 9:32 p.m. |
| Last updated | Nov. 17, 2024, 12:52 p.m. |
| Headline | DevCentral |
| Title | Is "Xmaker" the new “TrickLoader”? |
| Detected Hints/Tags/Attributes | 40/2/26 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://devcentral.f5.com/s/articles/is-xmaker-the-new-trickloader-24372 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 123 | www.reuters.com |
|
| Details | Domain | 5 | www.threatgeek.com |
|
| Details | Domain | 2 | www.reverse.it |
|
| Details | Domain | 8 | devcentral.f5.com |
|
| Details | Domain | 81 | blog.malwarebytes.com |
|
| Details | Domain | 23 | www.arbornetworks.com |
|
| Details | Domain | 27 | f5.com |
|
| Details | File | 4 | trickbot-the-dyre-connection.html |
|
| Details | md5 | 1 | 38503c00be6b7f7eeb5076c0bd071b4c |
|
| Details | md5 | 1 | bf621ef7e98047fea8c221e17c1837b8 |
|
| Details | md5 | 1 | 0804499dba4090c439e580f5693660e0 |
|
| Details | md5 | 1 | e4a8dc8fd08d4f65a68d0a40e2190c70 |
|
| Details | md5 | 1 | 46ffaa075dd586a6f93a4d26a2431355 |
|
| Details | md5 | 1 | 1c8ea23e2892c4c7155c9f976c6e661d |
|
| Details | md5 | 1 | 26992865a2ae96ed48df8ddfc7223a13 |
|
| Details | md5 | 1 | 52cab07e1a41e68bd2793a37ba04d270 |
|
| Details | sha256 | 1 | 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a |
|
| Details | Url | 1 | http://www.reuters.com/article/us-cybercrime-russia-dyre-exclusive-iduskcn0ve2qs |
|
| Details | Url | 4 | http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html |
|
| Details | Url | 1 | https://www.reverse.it/sample/2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a?lang= |
|
| Details | Url | 1 | https://devcentral.f5.com/s/articles/dyre-presents-server-side-web-injects |
|
| Details | Url | 8 | https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor |
|
| Details | Url | 1 | https://www.arbornetworks.com/blog/asert/trickbot-banker-insights |
|
| Details | Url | 1 | https://f5.com/about-us/news/articles/little-trickbot-growing-up-new-campaign-22790 |
|
| Details | Url | 1 | https://f5.com/about-us/news/articles/trickbot-now-targeting-german-banking-group-sparkassen-finanzg... |
|
| Details | Url | 1 | https://www.hybrid-analysis.com/sample/3bf7d98b2fede6512fa2f5d5423a3e3b93a2ed357d2112bcadde751765bdb... |