Router Exploit Kits: An overview of RouterCSRF attacks and DNS hijacking in Brazil - Avast Threat Labs
Tags
country: Brazil
maec-delivery-vectors: Watering Hole
attack-pattern: Data Models Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Firmware - T1592.003 Ip Addresses - T1590.005 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Browser Extensions - T1176
Show in Graph
Common Information
Type Value
UUID acf7845d-9b46-4ede-90ba-e0488bf0cce2
Fingerprint f3a129608887718c
Analysis status DONE
Considered CTI value 0
Text language
Published July 10, 2019, 2:35 p.m.
Added to db Jan. 18, 2023, 9:31 p.m.
Last updated Nov. 17, 2024, 5:56 p.m.
Headline Router Exploit Kits: An overview of RouterCSRF attacks and DNS hijacking in Brazil
Title Router Exploit Kits: An overview of RouterCSRF attacks and DNS hijacking in Brazil - Avast Threat Labs
Detected Hints/Tags/Attributes 64/3/30
Source URLs
Redirection Url
Details Source https://decoded.avast.io/threatintel/router-exploit-kits-an-overview-of-routercsrf-attacks-and-dns-hijacking-in-brazil/
URL Provider
Details Provider Source level domain
Details avast.io decoded.avast.io
Attributes
Details Type #Events CTI Value
Details Domain 4 
popcash.net
Details Domain 1 
dolohen.com
Details Domain 2 
rotumal.com
Details Domain 1 
bodelen.com
Details Domain 1 
akibanoticias.com
Details Domain 2 
cdn.popcash.net
Details Domain 5 
widgets.outbrain.com
Details Domain 41 
www.google-analytics.com
Details Domain 4 
cdn.taboola.com
Details Domain 38 
pagead2.googlesyndication.com
Details Domain 1 
tharbadir.com
Details File 1 
fingerprint_db.js
Details File 2 
random.js
Details File 1 
random2.js
Details File 1 
get_pay.php
Details File 2 
pop.js
Details File 1 
outbrain.js
Details File 18 
ga.js
Details File 4 
cdn.tab
Details File 2 
taboolacookiesyncscript.js
Details File 1 
cookie_push.html
Details File 2 
sm.js
Details IPv4 2 
195.128.124.131
Details IPv4 2 
195.128.126.165
Details IPv4 1 
188.214.132.44
Details Url 1 
http://cdn.popcash.net/pop.js
Details Url 1 
http://widgets.outbrain.com/outbrain.js
Details Url 2 
http://www.google-analytics.com/ga.js
Details Url 1 
http://cdn.taboola.com/taboolacookiesyncscript.js
Details Url 1 
http://pagead2.googlesyndication.com/pagead/s/cookie_push.html