ioc[.]one - OSINT Cyber Threat Intelligence Database

Decoy Site Leads to RIG-v EK at 194.87.237.240. Post-Infection Traffic: Ursnif Variant Dreambot.

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	7b7ce8b6-4570-4b7d-ba2e-22ad613587c8
Fingerprint	e4ab395f6ce046f3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 7, 2017, 10:52 p.m.
Added to db	Jan. 18, 2023, 9:59 p.m.
Last updated	Nov. 9, 2024, 6:09 a.m.
Headline	Decoy Site Leads to RIG-v EK at 194.87.237.240. Post-Infection Traffic: Ursnif Variant Dreambot.
Title	Decoy Site Leads to RIG-v EK at 194.87.237.240. Post-Infection Traffic: Ursnif Variant Dreambot.
Detected Hints/Tags/Attributes	33/2/263

Source URLs

	Redirection	Url
Details	Source	https://malwarebreakdown.com/2017/02/07/decoy-site-leads-to-rig-v-ek-at-194-87-237-240-ek-drops-dreambot-tor-client-and-ursnif-variant/

URL Provider

Details	Provider	Source level domain
Details	malwarebreakdown.com	malwarebreakdown.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	duckporno.com
Details	Domain	2	bethanyads.info
Details	Domain	2	sell.underinsuredinamerica.com
Details	Domain	10	curlmyip.net
Details	Domain	35	resolver1.opendns.com
Details	Domain	20	222.222.67.208.in-addr.arpa
Details	Domain	35	myip.opendns.com
Details	Domain	6	nod32.com
Details	Domain	114	eset.com
Details	Domain	2	pawleysads.info
Details	Domain	2	irmoads.info
Details	Domain	2	laurelads.info
Details	Domain	2	augustads.info
Details	Domain	2	wasillaads.info
Details	Domain	2	millsboroads.info
Details	Domain	2	minneapolisads.info
Details	Domain	2	camdenads.info
Details	Domain	2	tshwater.info
Details	Domain	2	fenwikads.info
Details	Domain	2	orangeburgads.info
Details	Domain	2	blufftonads.info
Details	Domain	2	easleyads.info
Details	Domain	2	garnerads.info
Details	Domain	3	walterboroads.info
Details	Domain	2	gastoniaads.info
Details	Domain	2	flintads.info
Details	Domain	2	asheboroads.info
Details	Domain	2	sumterads.info
Details	Domain	2	chimneyads.info
Details	Domain	2	goosecreekads.info
Details	Domain	2	fetonads.info
Details	Domain	2	jakarth.info
Details	Domain	2	booneads.info
Details	Domain	2	fenwickads.info
Details	Domain	2	notablo.info
Details	Domain	2	rockads.info
Details	Domain	2	mountads.info
Details	Domain	2	spartanburgads.info
Details	Domain	2	salemads.info
Details	Domain	2	andersonads.info
Details	Domain	2	duluthads.info
Details	Domain	2	ketchikanads.info
Details	Domain	2	banskaads.info
Details	Domain	2	deweyads.info
Details	Domain	2	morgantonads.info
Details	Domain	2	pronomial.info
Details	Domain	2	ashevilleads.info
Details	Domain	2	harrisburgads.info
Details	Domain	2	beaufortads.info
Details	Domain	2	auburnads.info
Details	Domain	2	winstonads.info
Details	Domain	2	delawareads.info
Details	Domain	2	clemsonads.info
Details	Domain	2	covernment.info
Details	Domain	2	myrtleads.info
Details	Domain	2	kosiceads.info
Details	Domain	2	caryads.info
Details	Domain	2	charlotteads.info
Details	Domain	2	greensboroads.info
Details	Domain	2	philadelphiaads.info
Details	Domain	2	trencinads.info
Details	Domain	2	lexingtonads.info
Details	Domain	2	simpsonvilleads.info
Details	Domain	2	greenvilleads.info
Details	Domain	2	rockhillads.info
Details	Domain	2	fayettevilleads.info
Details	Domain	2	destinads.info
Details	Domain	2	selbywilleads.info
Details	Domain	2	oceanads.info
Details	Domain	2	charlstonads.info
Details	Domain	2	highpointads.info
Details	Domain	2	newbernads.info
Details	Domain	2	steyrads.info
Details	Domain	2	chapelads.info
Details	Domain	2	kissimmeeads.info
Details	Domain	2	erieads.info
Details	Domain	2	lancasterads.info
Details	Domain	2	montgomeryads.info
Details	Domain	2	gainesvilleads.info
Details	Domain	2	warrenads.info
Details	Domain	2	lansingads.info
Details	Domain	2	sitkaads.info
Details	Domain	2	ocalaads.info
Details	Domain	2	allentownads.info
Details	Domain	2	pittsburghads.info
Details	Domain	2	saintpaulads.info
Details	Domain	2	vidinads.info
Details	Domain	2	summervilleads.info
Details	Domain	2	sewardads.info
Details	Domain	2	kodiakads.info
Details	Domain	2	kenaiads.info
Details	Domain	2	chillicotheads.info
Details	Domain	2	fairbanksads.info
Details	Domain	2	juneauads.info
Details	Domain	2	anchorageads.info
Details	Domain	2	toledoads.info
Details	Domain	2	huntsvilleads.info
Details	Domain	2	daytonads.info
Details	Domain	2	bratislavaads.info
Details	Domain	2	charlestonads.info
Details	Domain	2	akronads.info
Details	Domain	2	youngstownads.info
Details	Domain	2	clivelandads.info
Details	Domain	2	aarhusads.info
Details	Domain	2	tromsoads.info
Details	Domain	2	plevenads.info
Details	Domain	2	aalborgads.info
Details	Domain	2	stavangerads.info
Details	Domain	2	nantesads.info
Details	Domain	2	bergenads.info
Details	Domain	2	sibiuads.info
Details	Domain	2	osloads.info
Details	Domain	2	tronfheimads.info
Details	Domain	2	odenseads.info
Details	Domain	2	perugiaads.info
Details	Domain	2	brasovads.info
Details	Domain	2	clujads.info
Details	Domain	2	bucharestads.info
Details	Domain	2	nurnbergads.info
Details	Domain	2	amalfiads.info
Details	Domain	2	selvenads.info
Details	Domain	2	avignonads.info
Details	Domain	2	palermoads.info
Details	Domain	2	kolnads.info
Details	Domain	2	esbjergads.info
Details	Domain	2	munchenads.info
Details	Domain	2	ns1.topdns.me
Details	Domain	2	ns2.topdns.me
Details	Domain	2	ns3.topdns.me
Details	File	2	bethanyads.inf
Details	File	7	t64.dll
Details	File	3	hits.html
Details	File	52	exploit.swf
Details	File	2	docpdump.exe
Details	File	2	pawleysads.inf
Details	File	2	irmoads.inf
Details	File	2	laurelads.inf
Details	File	2	augustads.inf
Details	File	2	wasillaads.inf
Details	File	2	millsboroads.inf
Details	File	2	minneapolisads.inf
Details	File	2	camdenads.inf
Details	File	2	tshwater.inf
Details	File	2	fenwikads.inf
Details	File	2	orangeburgads.inf
Details	File	2	blufftonads.inf
Details	File	2	easleyads.inf
Details	File	2	garnerads.inf
Details	File	3	walterboroads.inf
Details	File	2	gastoniaads.inf
Details	File	2	flintads.inf
Details	File	2	asheboroads.inf
Details	File	2	sumterads.inf
Details	File	2	chimneyads.inf
Details	File	2	goosecreekads.inf
Details	File	2	fetonads.inf
Details	File	2	jakarth.inf
Details	File	2	booneads.inf
Details	File	2	fenwickads.inf
Details	File	2	notablo.inf
Details	File	2	rockads.inf
Details	File	2	mountads.inf
Details	File	2	spartanburgads.inf
Details	File	2	salemads.inf
Details	File	2	andersonads.inf
Details	File	2	duluthads.inf
Details	File	2	ketchikanads.inf
Details	File	2	banskaads.inf
Details	File	2	deweyads.inf
Details	File	2	morgantonads.inf
Details	File	2	pronomial.inf
Details	File	2	ashevilleads.inf
Details	File	2	harrisburgads.inf
Details	File	2	beaufortads.inf
Details	File	2	auburnads.inf
Details	File	2	winstonads.inf
Details	File	2	delawareads.inf
Details	File	2	clemsonads.inf
Details	File	2	covernment.inf
Details	File	2	myrtleads.inf
Details	File	2	kosiceads.inf
Details	File	2	caryads.inf
Details	File	2	charlotteads.inf
Details	File	2	greensboroads.inf
Details	File	2	philadelphiaads.inf
Details	File	2	trencinads.inf
Details	File	2	lexingtonads.inf
Details	File	2	simpsonvilleads.inf
Details	File	2	greenvilleads.inf
Details	File	2	rockhillads.inf
Details	File	2	fayettevilleads.inf
Details	File	2	destinads.inf
Details	File	2	selbywilleads.inf
Details	File	2	oceanads.inf
Details	File	2	charlstonads.inf
Details	File	2	highpointads.inf
Details	File	2	newbernads.inf
Details	File	2	steyrads.inf
Details	File	2	chapelads.inf
Details	File	2	kissimmeeads.inf
Details	File	2	erieads.inf
Details	File	2	lancasterads.inf
Details	File	2	montgomeryads.inf
Details	File	2	gainesvilleads.inf
Details	File	2	warrenads.inf
Details	File	2	lansingads.inf
Details	File	2	sitkaads.inf
Details	File	2	ocalaads.inf
Details	File	2	allentownads.inf
Details	File	2	pittsburghads.inf
Details	File	2	saintpaulads.inf
Details	File	2	vidinads.inf
Details	File	2	summervilleads.inf
Details	File	2	sewardads.inf
Details	File	2	kodiakads.inf
Details	File	2	kenaiads.inf
Details	File	2	chillicotheads.inf
Details	File	2	fairbanksads.inf
Details	File	2	juneauads.inf
Details	File	2	anchorageads.inf
Details	File	2	toledoads.inf
Details	File	2	huntsvilleads.inf
Details	File	2	daytonads.inf
Details	File	2	bratislavaads.inf
Details	File	2	charlestonads.inf
Details	File	2	akronads.inf
Details	File	2	youngstownads.inf
Details	File	2	clivelandads.inf
Details	File	2	aarhusads.inf
Details	File	2	tromsoads.inf
Details	File	2	plevenads.inf
Details	File	2	aalborgads.inf
Details	File	2	stavangerads.inf
Details	File	2	nantesads.inf
Details	File	2	bergenads.inf
Details	File	2	sibiuads.inf
Details	File	2	osloads.inf
Details	File	2	tronfheimads.inf
Details	File	2	odenseads.inf
Details	File	2	perugiaads.inf
Details	File	2	brasovads.inf
Details	File	2	clujads.inf
Details	File	2	bucharestads.inf
Details	File	2	nurnbergads.inf
Details	File	2	amalfiads.inf
Details	File	2	selvenads.inf
Details	File	2	avignonads.inf
Details	File	2	palermoads.inf
Details	File	2	kolnads.inf
Details	File	2	esbjergads.inf
Details	File	2	munchenads.inf
Details	File	1	rad1f5da.tmp
Details	sha256	1	97c71854b39af2814ae8c06237c3945346a2aaccebb3460f4067ff2caf74018b
Details	sha256	1	e5872a0a5073189039fcaa0dc0fc026e81e2dbdccb1aeed5c714f492bda43d1d
Details	sha256	1	3f517c7bf5176614ff11f3fc275849155c5bfede0b7a7748781b8aaf36fc6650
Details	sha256	1	188343c4106c1a727a16dfbcf6dfeff082467b57b44d8eb007fb71596106c2c7
Details	sha256	3	f3be7f161667ea0cb63fde959f62cd0775b20727cc0c006f3d9e58ca78a41b0f
Details	IPv4	2	194.87.237.240
Details	IPv4	3	88.214.225.168
Details	IPv4	3	80.77.82.42
Details	IPv4	2	89.223.31.51
Details	IPv4	6	37.48.122.26
Details	IPv4	24	222.222.67.208