ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis of Xloader’s C2 Network Encryption | Zscaler

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Botnet - T1583.005 Botnet - T1584.005 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006

Show in Graph

Common Information

Type	Value
UUID	8d41f2ab-e167-4b38-a537-26b911019004
Fingerprint	3e1c2cb541e7aae3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 21, 2022, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Oct. 31, 2024, 10:55 a.m.
Headline	Analysis of Xloader’s C2 Network Encryption
Title	Analysis of Xloader’s C2 Network Encryption \| Zscaler
Detected Hints/Tags/Attributes	43/2/24

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/analysis-xloaders-c2-network-encryption

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	www.pc6888.com
Details	Domain	1	www.finetipster.com
Details	Domain	1	www.go2payme.com
Details	Domain	1	www.pochi-owarai.com
Details	Domain	1	www.hosotructiep.online
Details	Domain	61	www.netscout.com
Details	Domain	184	www.fireeye.com
Details	File	4	formbook-malware-distribution-campaigns.html
Details	sha256	2	c60a64f8910005f98f6cd8c5787e4fe8c6580751a43bdbbd6a14af1ef6999b8f
Details	sha256	1	2c78fa1d90fe76c14f0a642af43c560875054e342bbb144aa9ff8f0fdbb0670f
Details	sha256	1	f3c3c0c49c037e7efa2fbef61995c1dc97cfe2887281ba4b687bdd6aa0a44e0a
Details	sha256	1	efd1897cf1232815bb1f1fbe8496804186d7c48c6bfa05b2dea6bd3bb0b67ed0
Details	Url	1	http://www.finetipster.com/pvxz
Details	Url	1	http://www.go2payme.com/snec
Details	Url	1	http://www.pochi-owarai.com/hr8n
Details	Url	1	http://www.hosotructiep.online/bsz6
Details	Url	2	https://www.netscout.com/blog/asert/formidable-formbook-form-grabber
Details	Url	2	https://www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-i?utm_source=blog&utm_campaign=deep
Details	Url	2	https://www.fortinet.com/blog/threat-research/deep-analysis-formbook-new-variant-delivered-phishing-campaign-part-ii?utm_source=blog&utm_campaign=deep
Details	Url	2	https://www.fortinet.com/blog/threat-research/deep-analysis-formbook-new-variant-delivered-in-phishing-campaign-part-iii
Details	Url	4	https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html
Details	Url	2	https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos
Details	Url	2	https://research.checkpoint.com/2021/time-proven-tricks-in-a-new-environment-the-macos-evolution-of-formbook
Details	Url	2	https://research.checkpoint.com/2021/stealth-is-never-enough-or-revealing-formbook-successors-cc-infrastructure