Malware-Traffic-Analysis.net - 2016-12-28 - Sundown EK data dump
Tags
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | bdb79511-b2f5-44a3-82c4-503653324cc1 |
| Fingerprint | eab53900f4e4c4d3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 28, 2016, midnight |
| Added to db | Feb. 18, 2023, 12:18 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | UNKNOWN |
| Title | Malware-Traffic-Analysis.net - 2016-12-28 - Sundown EK data dump |
| Detected Hints/Tags/Attributes | 29/1/52 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 2016-12-28-sundown-ek-all-4-pcaps.zip |
|
| Details | Domain | 1 | 2016-12-28-sundown-ek-malware-and-artifacts.zip |
|
| Details | Domain | 1 | ah.0346.mobi |
|
| Details | Domain | 1 | iw.0541.mobi |
|
| Details | Domain | 1 | fp.0498.mobi |
|
| Details | Domain | 1 | mu.0547.mobi |
|
| Details | Domain | 1 | zwh.0142.mobi |
|
| Details | Domain | 1 | sof.0144.mobi |
|
| Details | Domain | 47 | checkip.dyndns.org |
|
| Details | Domain | 1 | settledness.ru |
|
| Details | File | 1 | 2016-12-28-sundown-ek-all-4-pcaps.zip |
|
| Details | File | 1 | 2016-12-28-sundown-ek-malware-and-artifacts.zip |
|
| Details | File | 1 | 2016-12-28-sundown-ek-artifact-inj6sfosp.txt |
|
| Details | File | 1 | 2016-12-28-sundown-ek-artifact-ottyuadaf.txt |
|
| Details | File | 1 | 2016-12-28-sundown-ek-exploit-fvdvsdfv.png |
|
| Details | File | 1 | 2016-12-28-sundown-ek-flash-exploit-208.swf |
|
| Details | File | 1 | 2016-12-28-sundown-ek-flash-exploit-225.swf |
|
| Details | File | 1 | 2016-12-28-sundown-ek-flash-exploit-542.swf |
|
| Details | File | 1 | 2016-12-28-sundown-ek-flash-exploit-5421.swf |
|
| Details | File | 1 | 2016-12-28-sundown-ek-landing-page-example-1-of-2.txt |
|
| Details | File | 1 | 2016-12-28-sundown-ek-landing-page-example-2-of-2.txt |
|
| Details | File | 1 | 2016-12-28-sundown-ek-payload-chthonic-banking-trojan.exe |
|
| Details | File | 1 | a-zloader.exe |
|
| Details | File | 1206 | index.php |
|
| Details | File | 1 | 5421.swf |
|
| Details | File | 1 | 208.swf |
|
| Details | File | 1 | 542.swf |
|
| Details | File | 1 | fvdvsdfv.png |
|
| Details | File | 1 | 225.swf |
|
| Details | File | 2 | 43526876827345687356872456.php |
|
| Details | File | 6 | z.php |
|
| Details | File | 2 | gs98h.php |
|
| Details | File | 1 | rada3269.tmp |
|
| Details | File | 1 | etgerf.exe |
|
| Details | File | 1 | rgfrf.exe |
|
| Details | File | 1 | radef99c.tmp |
|
| Details | File | 1 | z.tmp |
|
| Details | File | 1 | ytec.exe |
|
| Details | sha256 | 1 | 4fe30eb4fd3c1e54b58f901e94e36fc1a8c7a514bf827e7611740d260dd73f4b |
|
| Details | sha256 | 1 | cf730db69db781c515919b26ac46698c5249a62a5413edd11e1dd92fd3a44acb |
|
| Details | sha256 | 2 | 67d598c6acbd6545ab24bbd44cedcb825657746923f47473dc40d0d1f122abb6 |
|
| Details | sha256 | 1 | 0744ba67c5f8210fcdcf4acb328df68780e96d10f2c68b8eddbb9a355bca213e |
|
| Details | sha256 | 1 | fc4bb31eb4e3d533e369b3687d72abb263937c698019b4f50229a5ca2d083bbb |
|
| Details | sha256 | 1 | 112db20b0f6cbb39bd24dd2dbe121e62506c6862b1db1276b0219bda76a903dd |
|
| Details | sha256 | 1 | c4b894094c08ea234a2a2652f77383f4a22c5402918c330a7ad6f39520dcc53c |
|
| Details | sha256 | 1 | 9ee649300ee66768afdb2b8866d504e802bd40fd8e4125667bb0f0e2bb6d339f |
|
| Details | IPv4 | 2 | 188.165.163.227 |
|
| Details | IPv4 | 2 | 93.190.143.211 |
|
| Details | IPv4 | 3 | 45.56.117.118 |
|
| Details | IPv4 | 11 | 144.76.133.38 |
|
| Details | IPv4 | 1 | 23.88.147.108 |
|
| Details | IPv4 | 1 | 54.186.95.29 |