The Seamless Campaign Drops Ramnit. Follow-up Malware: AZORult Stealer, Smoke Loader, etc.
Tags
| country: | United States Of America |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 8e83630f-430e-4e62-89b1-7122f5c22f86 |
| Fingerprint | 78b9bcf127b794a0 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 24, 2017, 12:09 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 18, 2024, 4:35 a.m. |
| Headline | The Seamless Campaign Drops Ramnit. Follow-up Malware: AZORult Stealer, Smoke Loader, etc. |
| Title | The Seamless Campaign Drops Ramnit. Follow-up Malware: AZORult Stealer, Smoke Loader, etc. |
| Detected Hints/Tags/Attributes | 42/3/48 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | syndication.exdynsrv.com |
|
| Details | Domain | 2 | tqbeu.voluumtrk.com |
|
| Details | Domain | 2 | tqbeu.redirectvoluum.com |
|
| Details | Domain | 1 | hdyejdn638ir8.com |
|
| Details | Domain | 1 | eppixrakqeueuttiuvi.com |
|
| Details | Domain | 1 | tmgmgjcvt.com |
|
| Details | Domain | 1 | steelskull.com |
|
| Details | Domain | 130 | api.ipify.org |
|
| Details | Domain | 1 | parking-services.us |
|
| Details | Domain | 11 | www.vkremez.com |
|
| Details | Domain | 4 | artifacts.zip |
|
| Details | File | 1 | qzsn3aad.exe |
|
| Details | File | 1 | satbin.exe |
|
| Details | File | 2 | v3.exe |
|
| Details | File | 1 | javasch.exe |
|
| Details | File | 1 | au2_exesd.exe |
|
| Details | File | 28 | loader.exe |
|
| Details | File | 1 | lw321.exe |
|
| Details | File | 101 | gate.php |
|
| Details | File | 1 | javasch.js |
|
| Details | File | 96 | wallet.dat |
|
| Details | File | 1 | lets-learn-reversing-credential-and.html |
|
| Details | File | 1 | signup4.php |
|
| Details | File | 1 | 49.txt |
|
| Details | File | 1 | 49.swf |
|
| Details | File | 23 | o32.tmp |
|
| Details | File | 4 | artifacts.zip |
|
| Details | sha256 | 1 | 83df67f6fcec4015d345684e31773eb3488295703de09306eadf34fe3bc0b420 |
|
| Details | sha256 | 1 | 5aa4502dc361d3d913ea5443c15e59831bc1db3b696f0d5347442744b36e957b |
|
| Details | sha256 | 1 | e98a80523922ac53858990234332cb9ba4c74ee4d3e2c5764d4d7b1fb7f84e10 |
|
| Details | sha256 | 1 | 7c73071a01fd77c06e43f4500201cd2eb20991bbb4116ae47e07b6864ad0b58e |
|
| Details | sha256 | 1 | babd9eb251ebebe53fda65c3d070200c1362b6d8cc619543b3d31c433d8608bb |
|
| Details | sha256 | 1 | cf3459cf29125101f5bea3f4206d8e43dbe097dd884ebf3155c49b276736f727 |
|
| Details | sha256 | 1 | 0b5d583fd8b03e642707678800199d265bfea5563dbde982479222365af01d24 |
|
| Details | IPv4 | 1 | 194.58.38.50 |
|
| Details | IPv4 | 1 | 185.118.65.143 |
|
| Details | IPv4 | 1 | 46.17.44.131 |
|
| Details | IPv4 | 1 | 185.159.129.127 |
|
| Details | IPv4 | 6 | 194.58.112.174 |
|
| Details | IPv4 | 1 | 103.253.27.234 |
|
| Details | IPv4 | 1 | 185.100.222.41 |
|
| Details | IPv4 | 1 | 109.169.89.50 |
|
| Details | IPv4 | 1 | 52.52.15.205 |
|
| Details | IPv4 | 1 | 54.183.53.133 |
|
| Details | IPv4 | 1 | 194.58.58.70 |
|
| Details | IPv4 | 1 | 188.225.87.49 |
|
| Details | IPv4 | 3 | 46.105.57.169 |
|
| Details | Url | 1 | http://www.vkremez.com/2017/07/lets-learn-reversing-credential-and.html |