Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog
Tags
Common Information
| Type | Value |
|---|---|
| UUID | ca4b68bc-2006-40f3-b797-7970ac98bcb5 |
| Fingerprint | 85a89dc98cfa8e97 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 9, 2015, 11:20 p.m. |
| Added to db | Jan. 18, 2023, 8:53 p.m. |
| Last updated | Sept. 4, 2024, 5:07 a.m. |
| Headline | Rovnix Downloader Updated with SinkHole and Time Checks |
| Title | Rovnix Downloader Updated with SinkHole and Time Checks | McAfee Blog |
| Detected Hints/Tags/Attributes | 40/3/48 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | transliteraturniefabriki.com |
|
| Details | Domain | 1 | tornishineynarkkek2.org |
|
| Details | Domain | 1 | upmisterfliremsnk.net |
|
| Details | Domain | 1 | itnhi4vg6cktylw2.onion |
|
| Details | Domain | 2 | lastooooomene2ie2e.com |
|
| Details | Domain | 1 | ecloud86.com |
|
| Details | Domain | 1 | ecloud87.com |
|
| Details | Domain | 1 | ecloud88.com |
|
| Details | Domain | 1 | ecloud89.com |
|
| Details | Domain | 1 | ecloud90.com |
|
| Details | Domain | 1 | ecloud91.com |
|
| Details | Domain | 1 | srvdexpress3.com |
|
| Details | Domain | 1 | srvdexpress4.com |
|
| Details | Domain | 1 | srvdexpress5.com |
|
| Details | Domain | 1 | srvdexpress6.com |
|
| Details | Domain | 1 | srvdexpress7.com |
|
| Details | Domain | 1 | elorfans2.com |
|
| Details | Domain | 1 | elorfans3.com |
|
| Details | Domain | 1 | elorfans4.com |
|
| Details | Domain | 1 | elorfans5.com |
|
| Details | Domain | 1 | elorfans6.com |
|
| Details | Domain | 1 | tornishineynarkkek.org |
|
| Details | Domain | 1 | tornishineynarkkek3.org |
|
| Details | Domain | 1 | mediacontent.us |
|
| Details | Domain | 1 | mediacontent2.us |
|
| Details | Domain | 1 | mediacontent3.us |
|
| Details | Domain | 1 | romnsiebabanahujtr.org |
|
| Details | Domain | 1 | romnsiebabanahujtr2.org |
|
| Details | Domain | 1 | romnsiebabanahujtr3.org |
|
| Details | Domain | 1 | pg7iuaqu5b7fq36o.onion |
|
| Details | Domain | 1 | j7t4lg23tdhag3fn.onion |
|
| Details | Domain | 1 | c2bbagrsvbs2v6a7.onion |
|
| Details | Domain | 1 | hbs63zj7mwj5g6w7.onion |
|
| Details | File | 1 | bootkit_dll.dll |
|
| Details | md5 | 1 | 7ce075e3063782f710d47c77ddfa1261 |
|
| Details | md5 | 1 | 11f61c60ce548e2148c2f7a2e5f7103c |
|
| Details | md5 | 1 | e8a94f1df66587abd7c91bfcbe5af5d5 |
|
| Details | md5 | 1 | fdef7dd0b7cece42042a7baca3859e41 |
|
| Details | md5 | 1 | b7d63dcb586ec9a54a91379990dcd804 |
|
| Details | md5 | 1 | 7123a117c44e8c454f482b675544d1a9 |
|
| Details | md5 | 1 | 5ea867f5f7c24e0939013faf3ed78535 |
|
| Details | md5 | 1 | 0131d46686c66e6a4c8d89c3aa03534c |
|
| Details | md5 | 1 | b0bce8bd66a005eff775099563232e64 |
|
| Details | md5 | 1 | e0bc0503ccc831c07d6cc4c394b5a409 |
|
| Details | md5 | 1 | 29ef765145f6dd76cec5cc89c75b44de |
|
| Details | md5 | 1 | a6fd6661c6ac950263ba9a3d4fc55354 |
|
| Details | md5 | 1 | 19f14a5d5610e51f4985444f3f0e59ed |
|
| Details | Yara rule | 1 | rule rovnix_downloader {
meta:
author = "McAfee"
description = "Rovnix downloader with sinkhole checks"
strings:
$sink1 = "control"
$sink2 = "sink"
$sink3 = "hole"
$sink4 = "dynadot"
$sink5 = "block"
$sink6 = "malw"
$sink7 = "anti"
$sink8 = "googl"
$sink9 = "hack"
$sink10 = "trojan"
$sink11 = "abuse"
$sink12 = "virus"
$sink13 = "black"
$sink14 = "spam"
$boot = "BOOTKIT_DLL.dll"
$mz = { 4D 5A }
condition:
$mz in (0 .. 2) and all of ($sink*) and $boot
} |