RIG EK at 188.225.76.222 Drops Dreambot
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | aa4abd38-8eb7-4137-8d79-e832feec37a6 |
| Fingerprint | e3eb2dfdcebf80d6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 13, 2017, 1:50 a.m. |
| Added to db | Jan. 18, 2023, 9:59 p.m. |
| Last updated | Nov. 12, 2024, 2:06 a.m. |
| Headline | RIG EK at 188.225.76.222 Drops Dreambot |
| Title | RIG EK at 188.225.76.222 Drops Dreambot |
| Detected Hints/Tags/Attributes | 27/2/98 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | en.sundayloop.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 1 | www2.cloudchai.net |
|
| Details | File | 1 | dnw3xwzxsc6yso.js |
|
| Details | File | 2 | scr.php |
|
| Details | File | 1 | t32.bin |
|
| Details | File | 1 | t64.bin |
|
| Details | File | 2 | lp.txt |
|
| Details | File | 52 | exploit.swf |
|
| Details | File | 1 | ctkw46kh.exe |
|
| Details | sha256 | 1 | 93c2503c802405faa2e8312b96f38de233cc729b72bb36731550782f8e3e51a6 |
|
| Details | sha256 | 1 | 6b046933a8f9140e2ade1037c2160cd0b58d459f158e06817061e1c03b511e9f |
|
| Details | sha256 | 1 | be27efa783533b55810bbf40516af0d502180e9c8ceb75af3eaf2a54f9b5dd92 |
|
| Details | sha256 | 1 | 9824892f24b5e256d97fe4803fc7a543162a246baaca1a8bd27db855faa4e244 |
|
| Details | IPv4 | 1 | 188.225.76.222 |
|
| Details | IPv4 | 14 | 128.31.0.39 |
|
| Details | IPv4 | 18 | 193.23.244.244 |
|
| Details | IPv4 | 1 | 193.70.73.242 |
|
| Details | IPv4 | 1 | 79.197.187.177 |
|
| Details | IPv4 | 1 | 144.76.37.242 |
|
| Details | IPv4 | 1 | 89.163.246.127 |
|
| Details | IPv4 | 1 | 138.201.3.75 |
|
| Details | IPv4 | 1 | 208.80.154.39 |
|
| Details | IPv4 | 1 | 66.170.11.203 |
|
| Details | IPv4 | 1 | 79.194.71.36 |
|
| Details | IPv4 | 1 | 212.83.154.33 |
|
| Details | IPv4 | 1 | 51.175.193.142 |
|
| Details | IPv4 | 1 | 138.68.102.40 |
|
| Details | IPv4 | 1 | 5.9.61.207 |
|
| Details | IPv4 | 1 | 46.28.207.141 |
|
| Details | IPv4 | 1 | 192.42.115.101 |
|
| Details | IPv4 | 1 | 163.172.143.186 |
|
| Details | IPv4 | 1 | 91.121.158.17 |
|
| Details | IPv4 | 1 | 144.76.253.229 |
|
| Details | IPv4 | 1 | 185.15.244.124 |
|
| Details | IPv4 | 1 | 128.199.41.238 |
|
| Details | IPv4 | 1 | 185.21.217.29 |
|
| Details | IPv4 | 1 | 213.114.155.106 |
|
| Details | IPv4 | 1 | 51.255.206.74 |
|
| Details | IPv4 | 1 | 212.47.245.76 |
|
| Details | IPv4 | 1 | 5.61.34.63 |
|
| Details | IPv4 | 1 | 81.7.14.31 |
|
| Details | IPv4 | 1 | 141.255.166.189 |
|
| Details | IPv4 | 1 | 37.59.72.132 |
|
| Details | IPv4 | 1 | 5.9.7.130 |
|
| Details | IPv4 | 1 | 104.238.167.111 |
|
| Details | IPv4 | 1 | 178.63.94.196 |
|
| Details | IPv4 | 1 | 91.121.23.100 |
|
| Details | IPv4 | 1 | 138.68.78.95 |
|
| Details | IPv4 | 1 | 163.172.131.111 |
|
| Details | IPv4 | 1 | 138.201.211.235 |
|
| Details | IPv4 | 1 | 91.105.203.92 |
|
| Details | IPv4 | 1 | 18.82.3.136 |
|
| Details | IPv4 | 1 | 62.210.36.46 |
|
| Details | IPv4 | 1 | 109.95.51.107 |
|
| Details | IPv4 | 1 | 84.236.37.15 |
|
| Details | IPv4 | 1 | 89.163.141.115 |
|
| Details | IPv4 | 1 | 91.121.230.216 |
|
| Details | IPv4 | 1 | 51.255.168.229 |
|
| Details | IPv4 | 1 | 51.254.35.151 |
|
| Details | IPv4 | 1 | 176.158.236.102 |
|
| Details | IPv4 | 1 | 138.201.132.17 |
|
| Details | IPv4 | 1 | 91.121.230.218 |
|
| Details | IPv4 | 1 | 109.236.90.209 |
|
| Details | IPv4 | 1 | 78.194.220.54 |
|
| Details | IPv4 | 1 | 139.162.248.13 |
|
| Details | IPv4 | 1 | 81.7.10.203 |
|
| Details | IPv4 | 1 | 51.15.38.13 |
|
| Details | IPv4 | 1 | 92.222.115.28 |
|
| Details | IPv4 | 1 | 62.227.127.214 |
|
| Details | IPv4 | 1 | 51.254.121.63 |
|
| Details | IPv4 | 1 | 178.254.7.88 |
|
| Details | IPv4 | 1 | 46.105.84.178 |
|
| Details | IPv4 | 1 | 89.163.225.115 |
|
| Details | IPv4 | 1 | 81.7.10.93 |
|
| Details | IPv4 | 1 | 163.172.84.95 |
|
| Details | IPv4 | 1 | 94.23.204.175 |
|
| Details | IPv4 | 1 | 51.15.128.190 |
|
| Details | IPv4 | 1 | 130.230.113.229 |
|
| Details | IPv4 | 2 | 213.239.217.18 |
|
| Details | IPv4 | 1 | 104.238.188.98 |
|
| Details | IPv4 | 1 | 62.138.7.171 |
|
| Details | IPv4 | 1 | 93.186.200.68 |
|
| Details | IPv4 | 1 | 212.89.225.242 |
|
| Details | IPv4 | 1 | 37.59.29.31 |
|
| Details | IPv4 | 1 | 222.152.191.50 |
|
| Details | IPv4 | 1 | 159.203.42.254 |
|
| Details | IPv4 | 1 | 163.172.82.3 |
|
| Details | IPv4 | 2 | 178.62.22.36 |
|
| Details | IPv4 | 1 | 137.74.229.191 |
|
| Details | IPv4 | 1 | 51.254.120.82 |
|
| Details | IPv4 | 1 | 85.145.173.31 |
|
| Details | IPv4 | 1 | 46.38.236.122 |
|
| Details | IPv4 | 1 | 148.251.42.164 |
|
| Details | IPv4 | 1 | 104.223.122.213 |
|
| Details | IPv4 | 2 | 193.70.73.251 |
|
| Details | IPv4 | 1 | 31.148.219.104 |
|
| Details | Url | 8 | https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality |