Travle aka PYLOT backdoor hits Russian-speaking targets
Tags
country: Russia
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 File Deletion - T1070.004 File Deletion - T1630.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 File Deletion - T1107
Show in Graph
Common Information
Type Value
UUID a33e2f22-7a4e-4b04-853d-cfb94a3d5fc1
Fingerprint b400115a46f78f89
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 19, 2017, 10 a.m.
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Oct. 22, 2024, 8:42 p.m.
Headline Travle aka PYLOT backdoor hits Russian-speaking targets
Title Travle aka PYLOT backdoor hits Russian-speaking targets
Detected Hints/Tags/Attributes 52/2/7
Source URLs
Redirection Url
Details Source https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/83455/
URL Provider
Details Provider Source level domain
Details securelist.com securelist.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
remember123321.com
Details Domain 1 
ash.py
Details Domain 338 
kaspersky.com
Details Email 147 
intelreports@kaspersky.com
Details File 1 
kb178495.dat
Details File 1 
ash.py
Details md5 1 
7643335D06BAEC5A14C95A393592EA3F