Now You See Me - H-worm by Houdini | Mandiant
Tags
| country: | Algeria Argentina France |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Direct Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Visual Basic - T1059.005 |
Common Information
| Type | Value |
|---|---|
| UUID | 951e6d0f-ac61-4bf0-a94a-1a7cba755afe |
| Fingerprint | 7738085b41e3c47c |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 24, 2013, midnight |
| Added to db | Nov. 6, 2023, 7:10 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Now You See Me - H-worm by Houdini |
| Title | Now You See Me - H-worm by Houdini | Mandiant |
| Detected Hints/Tags/Attributes | 63/3/81 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | silent9.zapto.org |
|
| Details | Domain | 1 | adolf2013.sytes.net |
|
| Details | Domain | 1 | ballgogo.no-ip.biz |
|
| Details | Domain | 1 | pess-12.zapto.org |
|
| Details | Domain | 1 | sidisalim.myvnc.com |
|
| Details | Domain | 2 | xkiller.no-ip.info |
|
| Details | Domain | 1 | karimstar.zapto.org |
|
| Details | Domain | 1 | securityfocus.bounceme.net |
|
| Details | Domain | 1 | kiyoma200.no-ip.biz |
|
| Details | Domain | 1 | adamdam.zapto.org |
|
| Details | Domain | 1 | ahmad212.no-ip.biz |
|
| Details | Domain | 1 | alii007.zapto.org |
|
| Details | Domain | 1 | am1.no-ip.info |
|
| Details | Domain | 1 | basss.no-ip.info |
|
| Details | Domain | 1 | bg1337.zapto.org |
|
| Details | Domain | 1 | bog5151.zapto.org |
|
| Details | Domain | 1 | dataday3.no-ip.org |
|
| Details | Domain | 1 | docteuur13.no-ip.org |
|
| Details | Domain | 1 | doda.redirectme.net |
|
| Details | Domain | 1 | dzhacker15.no-ip.org |
|
| Details | Domain | 1 | g00gle.sytes.net |
|
| Details | Domain | 1 | gerssy.zapto.org |
|
| Details | Domain | 1 | googlechrome.servegame.com |
|
| Details | Domain | 1 | hackediraq.no-ip.biz |
|
| Details | Domain | 1 | hackeralbasrah.no-ip.biz |
|
| Details | Domain | 1 | hattouma12.no-ip.biz |
|
| Details | Domain | 1 | hmode123.no-ip.biz |
|
| Details | Domain | 1 | koko.myftp.org |
|
| Details | Domain | 2 | mda.no-ip.org |
|
| Details | Domain | 1 | medolife.no-ip.biz |
|
| Details | Domain | 1 | microsoftsystem.sytes.net |
|
| Details | Domain | 1 | mootje01.no-ip.org |
|
| Details | Domain | 1 | msgbox.zapto.org |
|
| Details | Domain | 1 | new-hacker.no-ip.org |
|
| Details | Domain | 1 | njnj.redirectme.net |
|
| Details | Domain | 1 | no99.zapto.org |
|
| Details | Domain | 1 | noooot.no-ip.biz |
|
| Details | Domain | 1 | pess-123.zapto.org |
|
| Details | Domain | 1 | portipv6.redirectme.net |
|
| Details | Domain | 1 | ronaldo-123.no-ip.biz |
|
| Details | Domain | 1 | sawdz.no-ip.biz |
|
| Details | Domain | 1 | shagagy21.no-ip.biz |
|
| Details | Domain | 1 | terminator9.zapto.org |
|
| Details | Domain | 1 | vpn-hacker.no-ip.biz |
|
| Details | Domain | 1 | xbox720.zapto.org |
|
| Details | Domain | 1 | yahia17.no-ip.org |
|
| Details | Domain | 1 | zeusback.no-ip.biz |
|
| Details | Domain | 2 | zoia.no-ip.org |
|
| Details | Domain | 1 | pwndizzle.blogspot.com |
|
| Details | Domain | 1 | laudarch.blogspot.com |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 13 | no-ip.inf |
|
| Details | File | 2 | njw0rm-brother-from-the-same-mother.html |
|
| Details | File | 1 | the-story-behind-backdoorlv.html |
|
| Details | File | 1 | how-not-to-obfuscate-your-malware.html |
|
| Details | File | 1 | serviecavbs-reverse-engineered.html |
|
| Details | md5 | 1 | 81c153256efd9161f4d89fe5fd7015bc |
|
| Details | md5 | 1 | 4543daa6936dde54dda8782b89d5daf1 |
|
| Details | md5 | 1 | a85c29d11016c633ef228fc58ebe2c14 |
|
| Details | md5 | 1 | 12cc632f24497a2aa9bed63d36c2725d |
|
| Details | md5 | 1 | 80b1f909d1217313c14ea6d4d0b003dc |
|
| Details | md5 | 1 | 6f3bad9a426a867f3ebf34bb68a75fe9 |
|
| Details | md5 | 1 | 82e6fc9a6b06fb51c134ba1755be23be |
|
| Details | md5 | 1 | e96a6b06b0b46bd3cde7137c47137643 |
|
| Details | md5 | 1 | 3034ab284cf07b9215fb0ca715d3660f |
|
| Details | md5 | 1 | 945471684a57e1e6b73c0f22beceb25c |
|
| Details | md5 | 1 | 471d61e7a3d936fa28efef3273b2dbd6 |
|
| Details | md5 | 1 | d833ba1b0ac9b512382433f47084bf52 |
|
| Details | md5 | 1 | eaba668520690207f07eb99fcd4c0cae |
|
| Details | md5 | 1 | 00df326eee18617fae2fdd3684ac1546 |
|
| Details | md5 | 1 | 1488cdc5c5c9c87b4e0dae27ba3511cb |
|
| Details | md5 | 1 | c6b53fc46427527a0739e6b6443ef72d |
|
| Details | md5 | 1 | 9e273220eb71f849ea99b923cbc1fae3 |
|
| Details | md5 | 1 | 43309710ab8f87dc5d9842a5bca85f80 |
|
| Details | md5 | 1 | a40faab2f3f546aeb29aaefcb0f751d8 |
|
| Details | md5 | 1 | 617a128b44671ac88df0b7180d9d0135 |
|
| Details | md5 | 1 | ae5c8ad09954a56f348a3b72ed824363 |
|
| Details | md5 | 1 | da3e2eeffd78d8c5ef472b8a09e9d325 |
|
| Details | sha256 | 1 | be871515ce8246118446de9d563803231c2f0dd9613f52a73a8a1b1a8f1eada6 |
|
| Details | Url | 1 | http://pwndizzle.blogspot.com/2013/09/how-not-to-obfuscate-your-malware.html |
|
| Details | Url | 1 | http://laudarch.blogspot.com/2013/05/serviecavbs-reverse-engineered.html |