Thousands of Compromised Websites Leading to Fake Flash Player Update Sites. Payload is Qadars Banking Trojan.
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a85c6163-8e0c-4202-8b57-75b67a39ab84 |
| Fingerprint | d3400020d89102de |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 12, 2017, 11:14 p.m. |
| Added to db | Jan. 18, 2023, 9:59 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Thousands of Compromised Websites Leading to Fake Flash Player Update Sites. Payload is Qadars Banking Trojan. |
| Title | Thousands of Compromised Websites Leading to Fake Flash Player Update Sites. Payload is Qadars Banking Trojan. |
| Detected Hints/Tags/Attributes | 59/1/152 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | arpanet1957.com |
|
| Details | Domain | 1 | mail.k2-enterprises.com |
|
| Details | Domain | 1 | webhostingpad.com |
|
| Details | Domain | 1 | server501.webhostingpad.com |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 3 | www.broadanalysis.com |
|
| Details | Domain | 1 | winnershouse.org |
|
| Details | Domain | 1 | whois.reg.com |
|
| Details | Domain | 51 | reg.ru |
|
| Details | Domain | 2 | regprivate.ru |
|
| Details | Domain | 1 | ns1.arpanet1957.com |
|
| Details | Domain | 1 | ns2.arpanet1957.com |
|
| Details | Domain | 1 | flesh-updates-max.com |
|
| Details | Domain | 12 | whois.ripe.net |
|
| Details | Domain | 1 | abusehost.ru |
|
| Details | Domain | 1 | ns1.freewebstatistics.net |
|
| Details | Domain | 1 | ns1.flesh-updates-max.com |
|
| Details | Domain | 1 | adobe-flesh-player.com |
|
| Details | Domain | 1 | ns1.flesh-updating-new.com |
|
| Details | Domain | 1 | flashplayer-adobe.com |
|
| Details | Domain | 1 | www.flesh-updates-max.com |
|
| Details | Domain | 1 | flesh-updating-new.com |
|
| Details | Domain | 1 | www.flashplayer-adobe.com |
|
| Details | Domain | 1 | www.adobe-flesh-player.com |
|
| Details | Domain | 1 | ns2.flesh-updating-new.com |
|
| Details | Domain | 1 | mss-russia.ru |
|
| Details | Domain | 1 | www.mss-russia.ru |
|
| Details | Domain | 1 | uchekhova.com |
|
| Details | Domain | 1 | csgo-item.ru |
|
| Details | Domain | 1 | msg01.contatofin.com.br |
|
| Details | Domain | 1 | interworking.ru |
|
| Details | Domain | 1 | www.interworking.ru |
|
| Details | Domain | 1 | mail.interworking.ru |
|
| Details | Domain | 1 | s7.irsol.ru |
|
| Details | Domain | 1 | klubkrasoti.ru |
|
| Details | Domain | 1 | bn.irsol.ru |
|
| Details | Domain | 1 | ad.irsol.ru |
|
| Details | Domain | 1 | bambiniya.ru |
|
| Details | Domain | 1 | cache.ad.irsol.ru |
|
| Details | Domain | 1 | content.klubkrasoti.ru |
|
| Details | Domain | 1 | linzapro.ru |
|
| Details | Domain | 1 | angrybirds.ru |
|
| Details | Domain | 1 | idiabet.ru |
|
| Details | Domain | 1 | favicon.klubkrasoti.ru |
|
| Details | Domain | 1 | medzakupka.ru |
|
| Details | Domain | 1 | officialauction.ru |
|
| Details | Domain | 1 | jbl-store.ru |
|
| Details | Domain | 1 | irsol.ru |
|
| Details | Domain | 1 | css.klubkrasoti.ru |
|
| Details | Domain | 1 | js.klubkrasoti.ru |
|
| Details | Domain | 1 | static.irsol.ru |
|
| Details | Domain | 1 | img.irsol.ru |
|
| Details | Domain | 1 | realdomzadanie.ru |
|
| Details | Domain | 1 | intdomzadanie.ru |
|
| Details | Domain | 1 | bestdomzadanie.ru |
|
| Details | Domain | 1 | ns.offshore-am.org |
|
| Details | Domain | 1 | ns.gplruhost.net |
|
| Details | Domain | 1 | www.corporateoneassetmgt.com |
|
| Details | Domain | 1 | ns.corporateoneassetmgt.com |
|
| Details | Domain | 1 | ns.mastersfinancialcorp.com |
|
| Details | Domain | 1 | ns.corporatefsg.com |
|
| Details | Domain | 1 | ns.centuryintlventures.com |
|
| Details | Domain | 1 | ns.trcapitalmgmt.com |
|
| Details | Domain | 1 | ns.titanfinancemgmt.com |
|
| Details | Domain | 1 | ns.fortitudeassetconsultants.com |
|
| Details | Domain | 1 | ns.pattersonklein.com |
|
| Details | Domain | 97 | abuse.ch |
|
| Details | Domain | 1 | bst2bgxin81a.org |
|
| Details | Domain | 1 | websecuranalityc.com |
|
| Details | Domain | 369 | microsoft.com |
|
| Details | Domain | 4 | sslbl.abuse.ch |
|
| Details | Domain | 3 | whois.publicinterestregistry.net |
|
| Details | Domain | 29 | bk.ru |
|
| Details | Domain | 1 | ns1.bst2bgxin81a.org |
|
| Details | Domain | 1 | ns2.bst2bgxin81a.org |
|
| Details | Domain | 1 | whois.webnames.ru |
|
| Details | Domain | 20 | inbox.ru |
|
| Details | Domain | 1 | ns1.websecuranalityc.com |
|
| Details | Domain | 1 | ns2.websecuranalityc.com |
|
| Details | Domain | 88 | securityintelligence.com |
|
| Details | Domain | 1 | freshmodel.pw |
|
| Details | 1 | arpanet1957.com@regprivate.ru |
||
| Details | 1 | abuse@abusehost.ru |
||
| Details | 1 | microsoft.com/emailaddress=private@sysprivpop.lkdd |
||
| Details | 1 | cn=microsoft.com/emailaddress=private@sysprivpop.lkdd |
||
| Details | 1 | prehodko@bk.ru |
||
| Details | 1 | evgeni.plotnikov@inbox.ru |
||
| Details | File | 1 | statfc4.php |
|
| Details | File | 1 | list-of-domains-2-11-17.xlsx |
|
| Details | File | 2 | scanner.php |
|
| Details | File | 9 | whois.reg |
|
| Details | File | 1 | install_flashplayer_cl25.exe |
|
| Details | File | 1 | wkbrflhlr.exe |
|
| Details | File | 13 | whois.pub |
|
| Details | File | 1 | evgeni.pl |
|
| Details | File | 33 | tor.exe |
|
| Details | sha1 | 1 | b20d20ac3b2492f11a2775d800fd726e14fc6fa6 |
|
| Details | IPv4 | 1 | 188.120.225.143 |
|
| Details | IPv4 | 1 | 37.58.59.149 |
|
| Details | IPv4 | 1 | 193.169.252.130 |
|
| Details | IPv4 | 1 | 89.163.241.236 |
|
| Details | IPv4 | 1 | 188.120.239.75 |
|
| Details | IPv4 | 1 | 176.36.74.25 |
|
| Details | IPv4 | 1 | 77.122.118.74 |
|
| Details | IPv4 | 1 | 201.22.7.252 |
|
| Details | IPv4 | 1 | 60.53.107.9 |
|
| Details | IPv4 | 1 | 70.91.1.238 |
|
| Details | IPv4 | 1 | 88.242.81.78 |
|
| Details | IPv4 | 1 | 78.160.148.78 |
|
| Details | IPv4 | 1 | 116.104.98.5 |
|
| Details | IPv4 | 1 | 178.169.201.205 |
|
| Details | IPv4 | 1 | 170.231.1.134 |
|
| Details | IPv4 | 1 | 115.79.100.191 |
|
| Details | IPv4 | 1 | 78.166.177.172 |
|
| Details | IPv4 | 1 | 117.0.172.75 |
|
| Details | IPv4 | 1 | 77.144.151.203 |
|
| Details | IPv4 | 1 | 1.2.159.110 |
|
| Details | IPv4 | 1 | 176.63.228.21 |
|
| Details | IPv4 | 1 | 159.0.164.7 |
|
| Details | IPv4 | 1 | 85.100.127.29 |
|
| Details | IPv4 | 1 | 185.163.88.80 |
|
| Details | IPv4 | 1 | 1.55.86.117 |
|
| Details | IPv4 | 1 | 82.19.127.92 |
|
| Details | IPv4 | 1 | 83.7.228.142 |
|
| Details | IPv4 | 1 | 151.246.77.162 |
|
| Details | IPv4 | 1 | 130.204.154.162 |
|
| Details | IPv4 | 1 | 88.153.34.164 |
|
| Details | IPv4 | 1 | 151.246.184.58 |
|
| Details | IPv4 | 1 | 86.126.185.190 |
|
| Details | IPv4 | 1 | 217.98.62.48 |
|
| Details | IPv4 | 1 | 151.241.197.74 |
|
| Details | IPv4 | 1 | 218.187.127.15 |
|
| Details | IPv4 | 1 | 190.218.76.141 |
|
| Details | IPv4 | 1 | 197.88.141.18 |
|
| Details | IPv4 | 1 | 151.237.6.68 |
|
| Details | IPv4 | 1 | 178.148.65.96 |
|
| Details | IPv4 | 1 | 113.189.100.214 |
|
| Details | IPv4 | 1 | 117.204.239.182 |
|
| Details | IPv4 | 1 | 1.55.164.152 |
|
| Details | IPv4 | 1 | 89.150.149.0 |
|
| Details | IPv4 | 1 | 92.62.179.50 |
|
| Details | IPv4 | 1 | 151.242.206.79 |
|
| Details | IPv4 | 1 | 92.242.144.2 |
|
| Details | IPv4 | 1 | 62.75.197.233 |
|
| Details | IPv4 | 1 | 88.220.96.78 |
|
| Details | IPv4 | 1 | 85.25.110.8 |
|
| Details | Url | 1 | http://pastebin.com/xkf93hv0. |
|
| Details | Url | 1 | http://www.broadanalysis.com/2016/09/01/fake-flash-update-delivers-tor-bot |
|
| Details | Url | 1 | http://arpanet1957.com/plix/scanner.php?id=4 |
|
| Details | Url | 1 | https://sslbl.abuse.ch/intel/b20d20ac3b2492f11a2775d800fd726e14fc6fa6 |
|
| Details | Url | 1 | https://securityintelligence.com/meanwhile-britain-qadars-v3-hardens-evasion-targets-18-uk-banks |
|
| Details | Url | 1 | https://securityintelligence.com/an-analysis-of-the-qadars-trojan |