ioc[.]one - OSINT Cyber Threat Intelligence Database

Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection | FortiGurad Labs

Tags

cmtmf-attack-pattern:

Application Layer Protocol Boot Or Logon Autostart Execution Obfuscated Files Or Information Process Injection

attack-pattern:

Data Application Layer Protocol - T1437 Asymmetric Cryptography - T1521.002 Asymmetric Cryptography - T1573.002 Boot Or Logon Autostart Execution - T1547 Code Signing - T1553.002 Create Or Modify System Process - T1543 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Web Protocols - T1071.001 Web Protocols - T1437.001 Windows Service - T1543.003 Whois - T1596.002 Standard Application Layer Protocol - T1071 Code Signing - T1116 Connection Proxy - T1090 New Service - T1050 Obfuscated Files Or Information - T1027 Process Hollowing - T1093 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Software Packing - T1045

Show in Graph

Common Information

Type	Value
UUID	cbb747c3-f39e-467f-a262-4b71c03ff878
Fingerprint	a561899b873a87c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 11, 2021, midnight
Added to db	Jan. 18, 2023, 11:19 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection
Title	Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection \| FortiGurad Labs
Detected Hints/Tags/Attributes	95/2/181

Source URLs

	Redirection	Url
Details	Source	https://www.fortinet.com/blog/threat-research/netbounce-threat-actor-tries-bold-approach-to-evade-detection
Details	Source	https://www.fortinet.com/blog/threat-research/netbounce-threat-actor-tries-bold-approach-to-evade-detection?utm_source=feedburner

URL Provider

Details	Provider	Source level domain
Details	fortinet.com	www.fortinet.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	packity.com
Details	Domain	1	www.packity.com
Details	Domain	5	me.com
Details	Domain	1	update.netbounce.net
Details	Domain	1	boostfever.com
Details	Domain	1	0857a813-72ca-4a70-883a-3b555f6bf3c1.boostfever.com
Details	Domain	1	cdn.boostfever.com
Details	Domain	1	update.equinox.io
Details	Domain	1	connect.netbounce.net
Details	Domain	1	netbounce.net
Details	Domain	1	t1.xofinity.com
Details	Domain	1	installcdn-aws.com
Details	Domain	1	jumpernode.com
Details	Domain	1	uptime66.com
Details	Domain	1	c1.boostfever.com
Details	Domain	1	u1.boostfever.com
Details	Domain	2	m1.uptime66.com
Details	Domain	1	dl.installcdn-aws.com
Details	Domain	1	cdn.netbounce.net
Details	Domain	1	proxy.netbounce.net
Details	Domain	1	proxy.jumpernode.com
Details	Domain	1	connect.jumpernode.com
Details	Domain	1	xofinity.com
Details	Domain	1	p1.boostfever.com
Details	Domain	1	bin.netbounce.net
Details	Domain	1	newurl.netbounce.net
Details	Domain	1	file.netbounce.net
Details	Domain	1	notif.jumpernode.com
Details	Domain	1	download.jumpernode.com
Details	Domain	1	uploadhub.io
Details	Domain	1	applemart.biz
Details	Domain	1	demian.biz
Details	Domain	1	download.netbounce.net
Details	Email	1	session123@me.com
Details	File	208	setup.exe
Details	File	1	packity-latest.exe
Details	File	1	c:\windows\net helper\net-helper.exe
Details	File	3	gui.exe
Details	File	1	%windir%\net helper\ net-helper.exe
Details	File	1	progwrapper.exe
Details	File	1	manage.json
Details	File	1	ex.json
Details	File	1	output40.exe
Details	File	4	start.txt
Details	File	1	outtput213.exe
Details	File	1	pwrap.exe
Details	File	1	p3wrapper.exe
Details	File	3	launch.json
Details	File	3	p3.exe
Details	File	1	fetch.json
Details	sha1	1	ed165d2ab91538a8fb399fa543151b7767f471c3
Details	sha1	1	9083948fd75b63d15229b413546332adfe5507b4
Details	sha1	1	bcc2a3f7c9d57807895104b0d40e869407c98b6b
Details	sha256	1	6733a81c321b5dedc6dc33d3e4dcf82ec15caef172dab86954e1a664c5ad0973
Details	sha256	1	9034f7dd8d9ad1c49372412bf33d48d725087c52504ac8512c9d1d31816a3607
Details	sha256	1	1762738638ce472f7fed23003bec41d6c1debc414dca966439f853a8cee7119d
Details	sha256	1	66ba544e9493621b9594e3d4604c47ef4244c22c80e60c28f0bdfa8025f94d3f
Details	sha256	1	b71038f63ab7f2ca5e2c80b7f0a5977b31cf6406b29dc28ab7f0ec118d98ba8c
Details	sha256	1	cb2c56f85623d64f4bc788d77b1163bb0b8bfbd6d451dc976d390f7e7cd0f279
Details	sha256	1	e0954bf1de9f4afc60357d49c5e973a8d0dde1f84b65bd2930296004fa762188
Details	sha256	1	fddcdcdc2802454ed3641efdb9d86f334c61b52d90533c96f2b46302c28580a3
Details	sha256	1	b913ab61afd82fb6560f51beecf339b43aa7d310de3a572efa18d7ee256c92da
Details	sha256	1	fe96c4e912886584598ffd7ba5cf933776b6c53bbee572ed7c4bed81856bd7eb
Details	sha256	1	988b991f3b33da069b112e743520fe986be9bf16cd8d442339582844f56c053e
Details	sha256	1	e03258d7c29798610cdf9eb3a7cd0a0337ee83a936a31157cfddca9d13d725cc
Details	sha256	1	a183d902ba43f10f2edb7c3153393665261b201dc3fb7cb8a94d58780eac5500
Details	sha256	1	0298de2853407a54bcbf264234bd562321c2fdde155567f587504bd62b077fe0
Details	sha256	1	8424b4c0dd16de41e0f0c92ca4ddbd192eab225cc09544c7315f40f1ba76710b
Details	sha256	1	85b916180f6bc0cb63b4113b1684dcae53408198615b3d24412d669de90aafbd
Details	sha256	1	12749b43d88a34c3a43c3fc60e29a678f6e220556a52be80993eec5d944eeb87
Details	sha256	1	31227a18b873cf14689b1e82b4f6d8c2e8ba59d1943fe94fd28cde7b29a335d2
Details	sha256	1	c5654ff65d13c67e7d2499f5d67480caae65d29a8e08cda71367a1707ae6021b
Details	sha256	1	9587f5de22437d2f61385d98d289a73b4de2264c3a6030b7fd47a01b6963e14c
Details	sha256	1	dfa8f3e9a34d8f9f783c8f3d7de918f026605b304840abf856767b45396f1440
Details	sha256	1	3d8f6d3315ce87f0278879b0eb67de9d5da636f2e3da1f49567575f1f2f150f4
Details	sha256	1	d38ec57079e8f913d4493bc88c82efb08afb79c245c4637ac4a6e07ed351c060
Details	sha256	1	2d72a008bfdfcd3284f926348cebb7a459872174c645029b87b5b868ff89f6c0
Details	sha256	1	b6d6ddbc9119380be5945175eb218c4dd6994bb6ca25eaec7024bbf354d33011
Details	sha256	1	7d06bfc310ad39d79898c6b2949ab3e747fe282ba1c35e6ec8e6c5962f10c3da
Details	sha256	1	80aeb6af074c151efa0e32693b1e3cf8ea2d700e29a1c39d371fdf0cf3f101da
Details	sha256	1	51326a0c585532f8ad872a195bb90f06161660026cddc6ef84b4c07ff9b281cd
Details	sha256	1	1e57676cf5946502ef27d7c08bc9afcf8f4fb058a722bde849250def9d1d42a6
Details	sha256	1	90954e568e8645e68a5c56a38d817e553c2e256f9f692ca008578f6d77e5bfef
Details	sha256	1	2147356098721f8003a1f94c08fb8cbaa754059b5019960cd47c354f5accc412
Details	sha256	1	22403f3f045ca8c29b1bb7f9d0ca195d2c15f3d0d70e990607ccbc65f070bfef
Details	sha256	1	89ebcd8aed0574684e320ad14cbd4b59a5423c4db28786993bb37431a30aea27
Details	sha256	1	2f26dc5c71df628cedc4dbf60fa1d3d695ecb60f0b38572850974ea4ee081b80
Details	sha256	1	d54f390ecc9dc73a4ab2aad6af0e36eb8bac68f8168079b9956366c929903912
Details	sha256	1	ea03ef2fb38f6677c41949b3ab45c973457ceef2a1cc090ad250045b120e2b9c
Details	sha256	1	72225670febdbb21262d6f54f93d518843dc51363a827bf256377c2354a08b7e
Details	sha256	1	62a7e6b1cf4d4af7430f62c8859e26ccf2446d92cc7caf2cd86fcc8a731d413a
Details	sha256	1	5771123bf3eb4560f53a072b6011ac990f584e99928366be7a98b47e310b642a
Details	sha256	1	da2a50653bdbbb6871dd4790ea95bda4c183b1cf05aba8fa0f3205602ac7d65b
Details	sha256	1	e570c83c7b852cbd0fad6e0a72017f4a93e5e0c0db3d076950341bc6dcaabd40
Details	sha256	1	6194f7f3c0f9ff9789975b6aaaa5d252c06a88b9ac5d5a69e907c939fb33eba0
Details	sha256	1	77a0bd4fb38fac1f0cb280983a87697dbbaa1268f9c4c59b3f714cbd2d23f184
Details	sha256	1	b3402c8b86dbd9a2349b6486abe0f3502bf7450ea8180feb924a0785a7a0e203
Details	sha256	1	d473fbe34df054354f56d1edfa99fb8bfe6e1e41b2f7dcbce9bada48cafb3b24
Details	sha256	1	6f0c77ecdce1b8dad35b073454f01f39ea7e160f7f1439ac9287bc157b6f37a2
Details	sha256	1	77ca624ebce09dc6a480f91e7cf1d69a2dde43e7cd5603fd8f058cf239a011fe
Details	sha256	1	8b5bf607ad7cb81fb799acecf6bd503585d59eced3d84b853ba0a1a7d98200b2
Details	sha256	1	f9d2a6933f0ca86321d2c857d537eeb623d9081fe6d883bc44d09e96b57def56
Details	sha256	1	a6d9ab9ae6e659fc124ecb6f18e746a0327339784bb14ea401c664b9dc38b693
Details	sha256	1	f6466773c7d24c2609504622e1f2acfb6a912a6aff7a97f7aa82760cf9b62b09
Details	sha256	1	ea5a7051b52fa0e6a91f88ae3c1dac6a1e77c1a849a9835ebcb432bdacd475ef
Details	sha256	1	1abb54ae68d00a146f2775dd54a6249d344fb4032459f7637bc04dbbed0789b9
Details	sha256	1	5fbe8928becdabcbb98dd08502b7d50f85313cc7dc463c4b98d88ce33882db07
Details	sha256	1	a0f1050ae5f427dc6e3911f4091b9e8463d3ca780ff322841f5a61972dc03e01
Details	sha256	1	3dffef8bcccfe4b87133cb55475bd756e6ef26697128d250f3f3d9f6d23e8cc1
Details	sha256	2	3aa52ee7f7183009188dedb4d1a8913a297d78a0735d70756813ce93bfcbbb90
Details	sha256	1	9f1bbfa89ebfca776751f86bd6ef9999ddb6fc9382b904a4f871682457485ad4
Details	sha256	1	a217fddc29ea3011b344b271070ef945686ed2ad9a1fbddde8a7580145fac52d
Details	sha256	1	a6ffa5eb6194c9cb47d128276b46c937abf99e3e5093490eaa8ca735fec40d36
Details	sha256	1	b9b53b6c25008e99fbbc42b17c2659ca5d94c5d1564394a21cc18f0f7739dab5
Details	sha256	1	738c287cabbf34311100d79d495243cf5ac9953d6127429c326b2b4f95543bdf
Details	sha256	1	4f05cea5b58a5584ee1bfa5edc2782b90a94980d0ac6e6095aff7b8d5eeb08a0
Details	sha256	1	2692907ef6069b08b160b3c5ff96cde9befe967f4738739743585d2bec522aeb
Details	sha256	1	19436558180291e8efe93a8d80650a088514a383d91c2349d23a669295e68a73
Details	sha256	1	4dfcb42d7d9175767c6b1bf7815b16c0b5fb19abc74f5c679aad6a18b45c7272
Details	sha256	1	c7276383b758459ab66e65eea4cbbfd08c1bc11788c041aad7f262e43a7831cf
Details	sha256	1	88e95d786946f5c40d2647745e228397ef913abd725d6772f57e5e614ab06aeb
Details	sha256	1	b8883a545b304e514cbabfc798ecd1fef7e6183fef5f302cb87f3ecbd95138be
Details	sha256	1	47b2e429d6ba71db0bc6d9eb88f424c2b56a7617edcd0c9c55f2700958ede705
Details	sha256	1	89e71c1e3c5a8d4296dfad8ddf988ccb249c774897d30ba8ee2f81d9b3a407e3
Details	sha256	1	928eab32cbf6792d33cf4ff4e27979e97ccc2db7169b9ccc712e950d99fa8a20
Details	sha256	1	0859161ae696e7cfd8b27e65486225a80807b5de96f1c6bc1e7060d66efc778b
Details	sha256	1	28625fad27118be2fabc898d82deff88bd47d547ecaeb183af0b2f34c8c517ae
Details	sha256	1	342695cfc7250cf7df7ff24347ecb0ca1032a6c8e3274ad2777b652589b7ec79
Details	sha256	1	bd4cdc7832ed1e4132978072af5d1ea46541bb89bcdc8d3153ff82dd0525c9c6
Details	sha256	1	3d3d4cbe87d8a3f39970211626a71a23a966bc01d9bdb02cef45eeb7e79fa2d8
Details	sha256	1	c3f3623af38306139f2ce4b223ab927f25673fb47f9a464b4df90cc1bdf5def8
Details	sha256	1	98ed42b0a59297ba96f2333d06664a531ed9c17a79de855f037fa1e3900b40d7
Details	sha256	1	d39bf5430c25f74f110514e5b06b62623e0d2bde7edc700098fe930d09144c3d
Details	sha256	1	743d808788076e551695512fd8fbc9515513fa99aa966bf310063bcb35bc439d
Details	sha256	1	820131766d56d33c58937bd339cc5de48a36bd994b10dcf4052a9dbcd5e55aab
Details	sha256	1	7f9baee2d74b8bb2f3046fef0caa4bf6ef595c4993e004901ba543ed60ebfc80
Details	sha256	1	b0441ddcb5c5c2c06b879fd73afeaa4b0861b5c404e144cac5ec902c2cf38f6a
Details	sha256	1	d74a306e0eb4a7dcfd43305b1d964c383afd0bfec9ded1829ce9ac5c32a27cfa
Details	sha256	1	47d6782fbb1d67e16384bee8dfbc2789c5338ee7100ca04196dd7eb13d9987dd
Details	sha256	1	1d83513ad0006007ba03163befded12d496858e99cf7ada0c7a2700c4edc67af
Details	sha256	1	c36c66968754a87ed98a717f77521c41a32458cd29348a289461ae96570b431a
Details	sha256	1	c412a306c940bba66211e87e32b7af572240188804054e3d38abd12cb9cbb112
Details	sha256	1	66beab1abc5bd6c491fea835f9f4c938973a2570eeda58e9171b0b47b329c5b2
Details	sha256	1	492ae093bc1c776dde5d3e18f679a7b0e662511332ae6fae570a349c1396b681
Details	sha256	1	8557c08c2da5d075e454a46b1ae6f3cad8982b0712889e80a57f6dd8aa6f8099
Details	sha256	1	068a61c5c6589b7b582d21aecee7811dae197f3f946936ec5df54fd405dec20d
Details	sha256	1	810d7c7212a984b614b360e692b48da631ebeb4ecc63d7ac6243c074fcd436b1
Details	sha256	1	f45c7d3aa1eaf5b550698007165e8fd077769b859fce4f7161f0051b382125d5
Details	IPv4	1	195.181.160.0
Details	IPv4	2	195.181.169.92
Details	IPv4	1	195.181.164.195
Details	IPv4	1	195.181.164.212
Details	IPv4	2	195.181.169.68
Details	IPv4	1	185.59.222.228
Details	MITRE ATT&CK Techniques	55	T1553.002
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	74	T1573.002
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	86	T1055.012
Details	Url	1	https://packity.com/setup.exe
Details	Url	1	https://www.packity.com/pub/desktop/packity-latest.exe
Details	Url	1	https://update.netbounce.net/check
Details	Url	1	http://0857a813-72ca-4a70-883a-3b555f6bf3c1.boostfever.com/progwrapper.exe
Details	Url	1	http://cdn.boostfever.com/progwrapper.exe
Details	Url	1	https://update.equinox.io/check
Details	Url	1	http://connect.netbounce.net/manage.json
Details	Url	1	http://cdn.boostfever.com/ex.json
Details	Url	1	https://uploadhub.io/manager-macos
Details	Url	1	http://newurl.netbounce.net/ex.json
Details	Url	1	http://file.netbounce.net/p3wrapper.exe
Details	Url	1	http://download.netbounce.net/p3wrapper.exe
Details	Url	1	http://proxy.netbounce.net/launch.json
Details	Url	1	http://notif.jumpernode.com/launch.json
Details	Url	1	http://u1.boostfever.com/check
Details	Url	1	http://dl.installcdn-aws.com/pwrap.exe
Details	Url	1	https://m1.uptime66.com/fetch.json
Details	Windows Registry Key	1	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net-helper