ioc[.]one - OSINT Cyber Threat Intelligence Database

McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan | McAfee Blog

Tags

country:	United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	b16949cd-4604-41a7-a595-d9fb1423281d
Fingerprint	bff09fd988aebec7
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 16, 2017, 7:11 p.m.
Added to db	Jan. 18, 2023, 10:24 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan
Title	McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan \| McAfee Blog
Detected Hints/Tags/Attributes	70/3/25

Source URLs

	Redirection	Url
Details	Source	https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-discovers-pinkslipbot-exploiting-infected-machines-as-control-servers-releases-free-tool-to-detect-disable-trojan/

URL Provider

Details	Provider	Source level domain
Details	mcafee.com	securingtomorrow.mcafee.com

Attributes

Details	Type	#Events	Value
Details	Domain	4	sanjose.speedtest.comcast.net
Details	Domain	4	boston.speedtest.comcast.net
Details	Domain	4	jacksonville.speedtest.comcast.net
Details	Domain	4	houston.speedtest.comcast.net
Details	File	1	random750x750.jpg
Details	File	1	hardwaremonitor.dll
Details	File	1	hardwaremonitor.ini
Details	File	1	supernode_con.dll
Details	File	1018	rundll32.exe
Details	File	1	%appdata%\hardwaremonitor\hardwaremonitor.dll
Details	File	1	%allusersprofile%\hardwaremonitor\hardwaremonitor.dll
Details	File	1	%appdata%\hardwaremonitor\hardwaremonitor.ini
Details	File	1	%allusersprofile%\hardwaremonitor\hardwaremonitor.ini
Details	sha256	1	22cf76f92aad53db1304dec026b834ad77d2272c7f2eaaabf299e953b98d570e
Details	sha256	1	c23fe9f3a3035edb6fa306c7545cfd05bb310d85983dda5914cd9650c13b41d3
Details	sha256	1	730e9864795ed8d6538064551ab95505dff3e92dd67888bee323cb341b2420c6
Details	sha256	1	af25c5bed96e046ba1e25749ff51f0d8437a1ef66e469b4fd0348e372abc2f7f
Details	sha256	1	6d174dd4f29da814170e8f7c40ecd80794e1c27d8d94741a79bd1bd6eb75ea62
Details	IPv4	1	158.255.2.138
Details	IPv4	1	185.162.8.190
Details	IPv4	1	185.169.229.168
Details	Url	1	http://sanjose.speedtest.comcast.net/speedtest/random750x750.jpg?x={random}&y=1
Details	Url	1	http://boston.speedtest.comcast.net/speedtest/random750x750.jpg?x={random}&y=1
Details	Url	1	http://jacksonville.speedtest.comcast.net/speedtest/random750x750.jpg?x={random}&y=1
Details	Url	1	http://houston.speedtest.comcast.net/speedtest/random750x750.jpg?x={random}&y=1