ioc[.]one - OSINT Cyber Threat Intelligence Database

Fbot, A Satori Related Botnet Using Block-chain DNS System

Tags

country:	Netherlands Singapore
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	c2dee823-f9f3-4d3c-a407-bfcf82c51445
Fingerprint	a689a8190db22185
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 14, 2018, midnight
Added to db	Jan. 18, 2023, 7:36 p.m.
Last updated	Oct. 15, 2024, 7:12 p.m.
Headline	Fbot, A Satori Related Botnet Using Block-chain DNS System
Title	Fbot, A Satori Related Botnet Using Block-chain DNS System
Detected Hints/Tags/Attributes	49/2/46

Source URLs

	Redirection	Url
Details	Source	http://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Details	Source	https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/

URL Provider

Details	Provider	Source level domain
Details	360.com	blog.netlab.360.com

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	3	AS49349
Details	Autonomous System Number	3	AS45996
Details	Domain	2	emercoin.com
Details	Domain	2	explorer.emercoin.com
Details	Domain	5	netlab.360.com
Details	Domain	1	seed2.emercoin.com
Details	Domain	1	4eouhp79tl5zqs2tbqee.ukrainianhorseriding.com
Details	Domain	2	ukrainianhorseriding.com
Details	Domain	9	riseup.net
Details	Domain	2	rippr.cc
Details	Domain	1	mipsel.bot
Details	Domain	1	mips.bot.be
Details	Domain	1	i686.bot
Details	Domain	2	arm7.bot
Details	Domain	1	arm64.bot
Details	Email	2	village@riseup.net
Details	IPv4	1	188.209.52.142
Details	IPv4	1	66.42.57.45
Details	IPv4	6	176.126.70.119
Details	IPv4	4	163.53.248.170
Details	IPv4	1	174.138.48.29
Details	IPv4	5	5.132.191.104
Details	IPv4	3	107.172.42.186
Details	IPv4	1	163.172.168.171
Details	IPv4	3	185.208.208.141
Details	IPv4	1	27.102.115.44
Details	Url	1	http://188.209.52.142/c
Details	Url	1	http://188.209.52.142/w
Details	Url	1	https://explorer.emercoin.com/nvs//musl.lib//25/1/1
Details	Url	1	http://188.209.52.142/fbot.aarch64
Details	Url	1	http://188.209.52.142/fbot.arm7
Details	Url	1	http://188.209.52.142/fbot.mips
Details	Url	1	http://188.209.52.142/fbot.mipsel
Details	Url	1	http://188.209.52.142/fbot.x86
Details	Url	1	http://188.209.52.142/fbot.x86_64
Details	Url	1	http://27.102.115.44/c
Details	Url	1	http://27.102.115.44/w
Details	Url	1	http://27.102.115.44/mipsel.bot.le
Details	Url	1	http://27.102.115.44/mips.bot.be
Details	Url	1	http://27.102.115.44/i686.bot.le
Details	Url	1	http://27.102.115.44/arm7.bot.le
Details	Url	1	http://27.102.115.44/arm64.bot.le
Details	Url	1	http://27.102.115.44/x86_64.bot.le
Details	Url	1	http://27.102.115.44/adbs
Details	Url	1	http://27.102.115.44/adbs2
Details	Url	1	http://27.102.115.44