Backdoor Xtrat Continues To Evade Detection | Zscaler
Tags
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Screen Capture - T1113 Screen Capture |
Common Information
| Type | Value |
|---|---|
| UUID | 937dd64f-724b-4fad-9aff-be86cb351d92 |
| Fingerprint | 12289fc49bafe09 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 11, 2014, midnight |
| Added to db | Jan. 19, 2023, 12:03 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Backdoor Xtrat Continues To Evade Detection |
| Title | Backdoor Xtrat Continues To Evade Detection | Zscaler |
| Detected Hints/Tags/Attributes | 23/1/35 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.stisanic.com |
|
| Details | Domain | 1 | coblackberrycomnotasdevozdate07052014.zip |
|
| Details | Domain | 1 | analaloca.chickenkiller.com |
|
| Details | Domain | 1 | cascarita1.no-ip.biz |
|
| Details | Domain | 1 | cascarita2.no-ip.biz |
|
| Details | Domain | 1 | cascarita3.no-ip.biz |
|
| Details | Domain | 1 | windows.misconfused.org |
|
| Details | Domain | 2 | uranio2.no-ip.biz |
|
| Details | Domain | 1 | fungii.no-ip.org |
|
| Details | Domain | 2 | mohammad2010.no-ip.biz |
|
| Details | Domain | 1 | supermanaa.no-ip.biz |
|
| Details | Domain | 1 | updating.serveexchange.com |
|
| Details | Domain | 1 | spycronicjn.no-ip.org |
|
| Details | Domain | 1 | allmyworkers.no-ip.biz |
|
| Details | Domain | 1 | livejasminci.no-ip.biz |
|
| Details | Domain | 1 | suportassisten.no-ip.info |
|
| Details | Domain | 1 | laithmhrez.no-ip.info |
|
| Details | Domain | 1 | papapa-1212.zapto.org |
|
| Details | Domain | 1 | sarkawt122.no-ip.biz |
|
| Details | Domain | 1 | outlook11551.no-ip.biz |
|
| Details | File | 1 | coblackberrycomnotasdevozdate07052014.zip |
|
| Details | File | 1 | coblackberrycomnotasdevozdate07052014.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | exploere.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 70 | vbc.exe |
|
| Details | File | 1 | wintegfire.exe |
|
| Details | File | 13 | no-ip.inf |
|
| Details | md5 | 1 | d7d6574a443909b04b1ac76fb07b8dc2 |
|
| Details | md5 | 1 | bd06e73db5b169120723206998a6074a |
|
| Details | md5 | 1 | 6fb9ce258a2420d898b6d0fa4d73bb8f |
|
| Details | IPv4 | 1 | 181.135.149.40 |
|
| Details | IPv4 | 1 | 31.193.9.126 |
|
| Details | Url | 1 | http://www.stisanic.com/wp-content/coblackberrycomnotasdevozdate07052014.php |
|
| Details | Url | 1 | http://analaloca.chickenkiller.com:3460/123456.functions |