Return of the Festi Rootkit - Check Point Research
Tags
| country: | Brazil Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Rootkit - T1014 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | af59f50c-7149-42c5-8908-6011dcfc2ca3 |
| Fingerprint | a425a273a5e178c5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 3, 2018, 7:26 p.m. |
| Added to db | Jan. 18, 2023, 10:16 p.m. |
| Last updated | Oct. 1, 2024, 2:41 p.m. |
| Headline | Return of the Festi Rootkit |
| Title | Return of the Festi Rootkit - Check Point Research |
| Detected Hints/Tags/Attributes | 39/3/6 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://research.checkpoint.com/return-festi-rootkit/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 5cm.co.za |
|
| Details | File | 6 | npf.sys |
|
| Details | sha256 | 1 | 496b568c0dfdeeb382a3091dce50cf2ac7887f0b9a99f5746b7018272fdf3a76 |
|
| Details | sha256 | 1 | 7cd7d3b45bdc3a41080a937188c171c415825dedd074b20a1c5b48182c134675 |
|
| Details | sha256 | 1 | bb157a637deb4d7b0534813460e9f872f29240a7675f51709de25bd827b9249d |
|
| Details | sha256 | 1 | cf0c9d798b1086b2d20363664f64c2844c70ab48037a7b19771dc77b6f00d8e5 |