ioc[.]one - OSINT Cyber Threat Intelligence Database

Fobos Campaign Using RIG EK to Drop Bunitu Trojan

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malvertising - T1583.008 Rundll32 - T1218.011 Connection Proxy - T1090 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	8c677423-2a39-426d-9a84-3742944b0a50
Fingerprint	e3b58df7babc6180
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 16, 2017, 11:18 p.m.
Added to db	Jan. 18, 2023, 9:59 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Fobos Campaign Using RIG EK to Drop Bunitu Trojan
Title	Fobos Campaign Using RIG EK to Drop Bunitu Trojan
Detected Hints/Tags/Attributes	28/2/23

Source URLs

	Redirection	Url
Details	Source	https://malwarebreakdown.com/2017/08/16/fobos-campaign-using-rig-ek-to-drop-bunitu-trojan/

URL Provider

Details	Provider	Source level domain
Details	malwarebreakdown.com	malwarebreakdown.com

Attributes

Details	Type	#Events	Value
Details	Domain	246	mail.ru
Details	Domain	1	777betx.info
Details	Domain	1	213jkhgfdghj.ga
Details	Domain	1	driftinhishouse.com
Details	Domain	1	081617.zip
Details	Email	2	fobos@mail.ru
Details	File	1206	index.php
Details	File	1	fastdrv.dll
Details	File	1	122.txt
Details	File	1	122.swf
Details	File	1	a6erdcmc.exe
Details	File	1	081617.zip
Details	sha256	1	378a409004f3a66b9c2c5b0b09ff7a3062c4222cf62e739ab6d2d64730d6abe3
Details	sha256	1	f523ae762b46a13832ee43b88249a1b52fb5f0b11612af2a3bfad5e59ce05679
Details	sha256	1	baf7a5feca95726a88b72a672d5697e7c2e57d4a6d22a02f75282726c56e0e08
Details	sha256	1	84218b9c0954375bc3f7b2ef6a79f8a4b4bf94de00afcf3ae5e109d5e66cdfcd
Details	IPv4	1	16.227.86.98
Details	IPv4	1	150.39.215.89
Details	IPv4	2	216.58.206.78
Details	IPv4	1	95.211.138.72
Details	IPv4	1	217.23.11.115
Details	IPv4	1	78.47.1.213
Details	IPv4	1	188.225.27.122