Grabbot is Back to Nab Your Data
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 9d3e3f8f-31c9-4e6c-8f7d-8a4690cb5957
Fingerprint b494fc1344a38501
Analysis status DONE
Considered CTI value 0
Text language
Published March 17, 2017, midnight
Added to db Jan. 18, 2023, 11:18 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Grabbot is Back to Nab Your Data
Title Grabbot is Back to Nab Your Data
Detected Hints/Tags/Attributes 42/1/41
Source URLs
Redirection Url
Details Source http://blog.fortinet.com/2017/03/17/grabbot-is-back-to-nab-your-data
Details Source https://www.fortinet.com/blog/threat-research/grabbot-is-back-to-nab-your-data.html
URL Provider
Details Provider Source level domain
Details fortinet.com blog.fortinet.com
Details fortinet.com www.fortinet.com
Attributes
Details Type #Events CTI Value
Details Domain 397 
www.microsoft.com
Details Domain 1 
is.site
Details Domain 1 
et.site
Details Domain 1 
ys.info
Details Domain 1 
nc.site
Details Domain 1 
is.info
Details Domain 1 
rs.info
Details Domain 69 
paypal.com
Details Domain 1 
www1.royalbank.com
Details Domain 2 
easyweb.td.com
Details Domain 1 
www1.bmo.com
Details File 2127 
cmd.exe
Details File 1260 
explorer.exe
Details File 263 
iexplore.exe
Details File 199 
firefox.exe
Details File 271 
chrome.exe
Details File 73 
opera.exe
Details File 1 
ys.inf
Details File 1 
is.inf
Details File 1 
rs.inf
Details File 14 
d.dat
Details File 9 
e.dat
Details File 2 
f.dat
Details File 3 
out.dat
Details File 2 
g.dat
Details File 3 
h.dat
Details File 1122 
svchost.exe
Details File 96 
wallet.dat
Details File 3 
electrum.dat
Details md5 1 
d439c468d59f117c584bda463b03aea9
Details sha256 1 
6d8ce2d1b33ff42ba04ded09fe79cff158e6dfffa82f6ceada12f4fda6d0c221
Details Url 1 
http://de{removed}is.site
Details Url 1 
http://ge{removed}et.site
Details Url 1 
http://bi{removed}ys.info
Details Url 1 
http://on{removed}nc.site
Details Url 1 
http://de{removed}is.info
Details Url 1 
http://ss{removed}rs.info
Details Url 1 
https://www1.royalbank.com/cgi-bin/rbaccess
Details Url 1 
https://easyweb.td.com
Details Url 1 
https://www1.bmo.com/onlinebanking/cgi-bin/netbnx/nbmain?product=5*
Details Windows Registry Key 22 
HKEY_CURRENT_USER\Software\Microsoft