PBot: a Python-based adware | Malwarebytes Labs
Tags
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Hooking - T1617 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 Hooking - T1179 Hooking |
Common Information
| Type | Value |
|---|---|
| UUID | bc6b5a69-bba4-4c43-8bcf-0403d2005b7d |
| Fingerprint | 4098cf09d7c76c3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 18, 2018, midnight |
| Added to db | Jan. 18, 2023, 8:35 p.m. |
| Last updated | Nov. 18, 2024, 5:19 p.m. |
| Headline | PBot: a Python-based adware |
| Title | PBot: a Python-based adware | Malwarebytes Labs |
| Detected Hints/Tags/Attributes | 42/3/22 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 221 | gist.github.com |
|
| Details | Domain | 1 | ml.py |
|
| Details | Domain | 1 | httpfilter.py |
|
| Details | File | 65 | python.exe |
|
| Details | File | 14 | uninstall.exe |
|
| Details | File | 3 | i.js |
|
| Details | File | 2 | rules.ini |
|
| Details | File | 18 | settings.ini |
|
| Details | File | 2 | ml.py |
|
| Details | File | 1 | httpfilter.py |
|
| Details | File | 1 | httpfilter.bin |
|
| Details | File | 1 | injectee-x86.dll |
|
| Details | File | 1 | injectee-x64.dll |
|
| Details | File | 84 | crypt32.dll |
|
| Details | Github username | 35 | hasherezade |
|
| Details | md5 | 1 | 5ffefc13a49c138ac1d454176d5a19fd |
|
| Details | md5 | 1 | b508908cc44a54a841ede7214d34aff3 |
|
| Details | md5 | 1 | e5ba5f821da68331b875671b4b946b56 |
|
| Details | md5 | 1 | 596dc36cd6eabd8861a6362b6b55011a |
|
| Details | md5 | 1 | 645176c6d02bdb8a18d2a6a445dd1ac3 |
|
| Details | md5 | 1 | df11c8590217fdcc096c57a8cc315a2d |
|
| Details | Url | 1 | https://gist.github.com/hasherezade/df11c8590217fdcc096c57a8cc315a2d#file |