Demystifying targeted malware used against Polish banks | WeLiveSecurity
Tags
country: Uruguay Laos Mexico Poland Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID c023fd11-586c-4395-80e8-22068e7f0577
Fingerprint 8f0c28d12d0711d7
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 16, 2017, noon
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 7, 2024, 10:44 p.m.
Headline Demystifying targeted malware used against Polish banks
Title Demystifying targeted malware used against Polish banks | WeLiveSecurity
Detected Hints/Tags/Attributes 64/3/19
Source URLs
Redirection Url
Details Source http://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/
Details Source https://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/
URL Provider
Details Provider Source level domain
Details welivesecurity.com www.welivesecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 5 
zaufanatrzeciastrona.pl
Details Domain 3 
people.csail.mit.edu
Details Domain 2 
spy.banker.ax
Details File 5 
zaufanatrzeciastrona.pl
Details File 69 
shlwapi.dll
Details File 7 
people.cs
Details File 1 
rs14.pdf
Details File 5 
fdsvc.exe
Details File 7 
gpsvc.exe
Details File 6 
fdsvc.dll
Details sha1 4 
bedceafa2109139c793cb158cec9fa48f980ff2b
Details sha1 3 
aa115e6587a535146b7493d6c02896a7d322879e
Details sha1 3 
a107f1046f5224fdb3a5826fa6f940a981fe65a1
Details sha1 3 
4f0d7a33d23d53c0eb8b34d102cdd660fc5323a2
Details sha1 1 
fa4f2e3f7c56210d1e380ec6d74a0b6dd776994b
Details sha1 1 
11568dffd6325ade217fbe49ce56a3ee5001cbcc
Details sha1 1 
e45ca027635f904101683413dd58fbd64d602ebe
Details sha1 2 
50b4f9a8fa6803f0aabb6fd9374244af40c2ba4c
Details Url 1 
https://people.csail.mit.edu/rivest/pubs/rs14.pdf