ioc[.]one - OSINT Cyber Threat Intelligence Database

Bulbature, beneath the waves of GobRAT

Tags

country:	Australia Canada China Germany France Hong Kong Italy Japan South Korea Sweden Singapore Taiwan United Kingdom United States Of America
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Vulnerabilities - T1588.006 Brute Force - T1110 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	cbd79e6b-573c-4498-8384-c81a0639dec5
Fingerprint	bea1d6d685b1e7cf
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 2, 2024, 7:07 a.m.
Added to db	Oct. 2, 2024, 10:57 a.m.
Last updated	Nov. 17, 2024, 5:55 p.m.
Headline	Bulbature, beneath the waves of GobRAT
Title	Bulbature, beneath the waves of GobRAT
Detected Hints/Tags/Attributes	118/2/215

Source URLs

	Redirection	Url
Details	Source	https://blog.sekoia.io/bulbature-beneath-the-waves-of-gobrat/

URL Provider

Details	Provider	Source level domain
Details	sekoia.io	blog.sekoia.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	59	✔	Sekoia.io Blog	https://blog.sekoia.io/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	1	AS138915
Details	Autonomous System Number	12	AS37963
Details	Autonomous System Number	30	AS14061
Details	Autonomous System Number	14	AS9009
Details	CVE	5	cve-2019-9082
Details	CVE	1	cve-2019-13956
Details	CVE	122	cve-2017-5638
Details	Domain	1	sshdeny1.sh
Details	Domain	1	zonecontroller.sh
Details	Domain	1	zonedelete.sh
Details	Domain	1	zonesetup.sh
Details	Domain	1	zoneupdate.sh
Details	Domain	1	zonerestart.sh
Details	Domain	2	nbt201.dynamic-dns.net
Details	Domain	2	eyh.ocry.com
Details	Domain	1	asuscomm.com
Details	Domain	118	sekoia.io
Details	File	1	zone.tar
Details	File	1	thinkphp5.txt
Details	File	1	mlv3.txt
Details	File	1	远程代码执行漏洞2.txt
Details	File	1	1705313101_1.txt
Details	File	1	telnetlinux.txt
Details	File	1	tw_ssh.txt
Details	File	1	own-0209-7.txt
Details	File	1	own-0209-10.txt
Details	File	1	own-0209-11.txt
Details	File	1	own-0209-41.txt
Details	File	1	own-shiz-0214-0.txt
Details	File	1	own-telnet-0222-0.txt
Details	File	1	own-telnet-sz-02.txt
Details	File	1	ssdaf0222.txt
Details	File	1	test_ip_range1.txt
Details	File	1	test_range_ip.txt
Details	File	1	wys_test_range_ip.txt
Details	File	1	lilin-38w-ip.txt
Details	File	1	ssh-ip-500k.txt
Details	File	1	dlink-20221208.txt
Details	File	1	draytek1.txt
Details	File	1	drapal7-30w.txt
Details	File	1	ssh-ip.txt
Details	File	1	iot-telnet-50k.txt
Details	File	1	tw-telnet-60w-quchong.txt
Details	File	1	qnap-all-fofa.txt
Details	File	1	drupal-ip-60w.txt
Details	File	1	0321-000.txt
Details	File	1	0321-etest.txt
Details	File	1	own-telnet-0320-5.txt
Details	md5	2	af4ad0bd9221ffc63ae5acff4034834a
Details	md5	2	e4b7b3a2610ad706a83667a5bac7cd31
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd32
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd33
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd34
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd35
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd36
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd37
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd38
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd39
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd40
Details	md5	1	e4b7b3a2610ad706a83667a5bac7cd41
Details	md5	2	e988b0adfc9d606dba66e839394c01a0
Details	md5	2	d16a8d41950cd226240072fe1cb2b43f
Details	md5	2	fc0521c22cef4423e9fd440d1f788d4c
Details	md5	2	ea9c445106d86372849b522f4aeae193
Details	md5	2	4a8462db712c05190b2741b36567fc4e
Details	md5	2	9e5870fc5fadd943307eecaef74bbf69
Details	md5	2	31ced0d01855ce9b66a9fb786edc8d90
Details	md5	2	dabdabcdd97652c9175a18b3ee8847f8
Details	md5	2	0c417d9d857aff511cb0d9713a511126
Details	md5	2	f501977e0b01d0a9c7a737ad0e197223
Details	md5	2	a034dd3eac327bd318b2e5f22aa24385
Details	md5	2	7e5ea306574e2237dc5b3902fba2d173
Details	md5	2	f75d14bcc6d67dc7a03f734eff951b35
Details	md5	2	71b5c7a5ae58129bffadda3cc42dbcd1
Details	md5	2	855856f0d98cb3500acd524cde3f966f
Details	sha1	2	d0d3975b5b900b3af2dce973428475f022b16f60
Details	sha1	2	74fe94844a337da4bdc2988609fb3c4df3f3b78d
Details	sha1	2	b7328e89017b9c56e9a77150bcd9e01f023590b3
Details	sha1	2	44f2f951fdcf2b88c1f6565fae4c806019fe397c
Details	sha1	2	a6ad4538b145567ded3e7df723e9777944bd3b45
Details	sha1	2	c049cdaf68906e280ce6e99ffe046caa13e4369f
Details	sha1	2	b8788656c6c8bca00abb2d83672fde546ac2bf3e
Details	sha1	2	30a3b3ffaf025d93850402de323387f1ebc5ca7a
Details	sha1	2	2a596d8db43e35951fb820588eed43872606f154
Details	sha1	2	48a2a15803ca7784e61dccc9435786d4203ce48b
Details	sha1	2	97d79325e0ffc55ff277bc24cc1f91b5c518c82c
Details	sha1	2	181d629ed8faad17c5548e05fdcd48e24969a0bd
Details	sha1	2	88094c3907cb4a69bc25fe9feb1867dfbca33437
Details	sha1	2	8197abcad20e2d14bde93d5af0199c3ebdd9b77f
Details	sha1	2	a860a33f8ec6f0f4d91a413ef3fe3b0aab45f232
Details	sha1	2	b41466642674365e73428f9899a36986ced18c5d
Details	sha1	2	5e85de2e35f1fccb66cb92f7d9efc59c7cd25ac2
Details	sha256	2	3ab014dd8cc7878c4e840be84b111e6fa71de221c42c14b0becaf3827a744ab9
Details	sha256	2	27b6567f260dd689200bbda0794341b1edcf6039cfc1ae7adf0bc6477a16a1f9
Details	sha256	2	41e189a5b68f305ab6251a06475b76777bda0d035ea06cd569306ed5c98bdc98
Details	sha256	2	48b243fd7ed8bc0b7ce663f0b3fc34f07fcf9fb04bf8bceaff8b7453ab4e5318
Details	sha256	2	91eaa94223c12ddc89eca5220a8c57f0254f587f73c9edc161fc161a56e2c2f0
Details	sha256	2	b1c21264a60edb64895c8c61507211a829f13068541f875b615e6c1c363122ba
Details	sha256	2	726ac8f88c4585ccb2ce2e3325726230dc7bd2c7f6667085ac2f665c4ce3fb46
Details	sha256	2	676cf55076127dab1403c3322d38bf72b62f8aaff25534e5af7b02fc1474a9c0
Details	sha256	2	a6d184715cbb596edac024089ae493785ba3c4519b493946c8f850b4bd08836c
Details	sha256	2	141bc0c7413665970cc33ba7b31f8e2ab0d1f9fb0363478aa6d3fd444e6745a4
Details	sha256	2	869a6cd8205af5ec1bf04e6abf0ff79f12e62a8eeae129b9e219e1179520bac3
Details	sha256	2	0858c36ed2cf29d9f7de3d7b8d595e45d888da422e76bc9c9115a8f25027d5e7
Details	sha256	2	6632fe263bf687fb8d46dd29eaf90601350681aa1930a14e2aba2a16f6c3e040
Details	sha256	2	743e15f8cfd54077406635bea803b26c574b1b5c3862b132779a8cf52d9ef903
Details	sha256	2	1f3a0144e717e7d93fe65877b4945a25c03b0722b6761e8fc96c8b5e62be3e46
Details	sha256	2	173e2f90de78f8288e0172e900693d228ae1071cc80a4fe02a09af6cd37358e9
Details	sha256	2	667dd21bc252eb7d7415fc13ab996575bbe451062d82c94b14d6ba750d95ab64
Details	IPv4	2	38.54.56.5
Details	IPv4	2	38.54.85.246
Details	IPv4	2	38.60.134.236
Details	IPv4	2	38.60.221.32
Details	IPv4	2	38.60.221.63
Details	IPv4	2	38.60.221.174
Details	IPv4	2	38.60.223.51
Details	IPv4	2	38.60.223.81
Details	IPv4	2	38.60.221.145
Details	IPv4	2	47.96.119.186
Details	IPv4	2	178.128.96.236
Details	IPv4	2	38.54.85.70
Details	IPv4	2	38.54.85.164
Details	IPv4	2	38.54.85.178
Details	IPv4	2	38.60.203.167
Details	IPv4	2	103.57.248.40
Details	IPv4	2	176.97.73.171
Details	IPv4	2	38.60.203.21
Details	IPv4	2	38.54.85.21
Details	IPv4	2	38.60.203.141
Details	IPv4	2	2.0.7.2
Details	IPv4	2	38.180.29.229
Details	IPv4	2	38.180.128.52
Details	IPv4	2	38.60.223.208
Details	IPv4	2	139.84.230.198
Details	IPv4	2	38.180.74.173
Details	IPv4	2	45.32.33.92
Details	IPv4	2	139.84.147.229
Details	IPv4	2	64.176.56.252
Details	IPv4	2	139.84.177.244
Details	IPv4	2	139.84.163.73
Details	IPv4	2	38.180.191.118
Details	IPv4	2	38.60.212.233
Details	IPv4	2	38.180.74.14
Details	IPv4	2	45.77.34.148
Details	IPv4	2	38.54.50.163
Details	IPv4	2	139.84.170.90
Details	IPv4	2	154.205.128.210
Details	IPv4	2	139.180.139.12
Details	IPv4	2	38.60.212.167
Details	IPv4	2	5.34.176.150
Details	IPv4	2	38.180.106.167
Details	IPv4	2	154.223.21.160
Details	IPv4	2	5.34.178.144
Details	IPv4	2	38.60.203.83
Details	IPv4	2	176.97.73.215
Details	IPv4	2	38.54.50.253
Details	IPv4	2	38.180.29.5
Details	IPv4	2	38.180.188.92
Details	IPv4	2	154.90.63.156
Details	IPv4	2	64.176.228.78
Details	IPv4	2	45.76.177.40
Details	IPv4	2	139.59.43.67
Details	IPv4	2	154.90.62.247
Details	IPv4	2	154.223.21.80
Details	IPv4	2	38.180.106.179
Details	IPv4	2	154.90.62.201
Details	IPv4	2	188.116.22.59
Details	IPv4	2	154.223.21.181
Details	IPv4	2	38.60.206.78
Details	IPv4	2	154.223.20.215
Details	IPv4	2	64.176.47.133
Details	IPv4	2	38.60.196.86
Details	IPv4	2	139.84.174.102
Details	IPv4	2	64.227.130.48
Details	IPv4	2	38.180.189.108
Details	IPv4	2	38.180.106.12
Details	IPv4	2	67.219.101.151
Details	IPv4	2	158.247.223.125
Details	IPv4	2	38.60.203.61
Details	IPv4	2	139.180.200.78
Details	IPv4	2	154.90.63.215
Details	IPv4	2	38.60.212.13
Details	IPv4	2	207.148.125.75
Details	IPv4	2	108.61.127.186
Details	IPv4	2	38.180.9.2
Details	IPv4	2	141.164.47.248
Details	IPv4	2	154.223.21.16
Details	IPv4	2	66.42.34.87
Details	IPv4	2	154.205.136.160
Details	IPv4	2	91.196.70.165
Details	IPv4	5	207.148.69.74
Details	IPv4	2	139.180.212.224
Details	IPv4	2	140.82.38.225
Details	IPv4	2	139.84.227.52
Details	IPv4	2	154.205.155.3
Details	IPv4	2	38.180.74.236
Details	IPv4	2	38.54.56.45
Details	IPv4	2	38.180.74.180
Details	IPv4	2	176.97.73.199
Details	IPv4	2	104.238.176.171
Details	IPv4	2	38.54.88.248
Details	IPv4	2	64.176.49.89
Details	IPv4	2	139.84.167.48
Details	IPv4	2	139.59.80.77
Details	IPv4	2	195.80.148.142
Details	IPv4	2	154.205.128.194
Details	IPv4	2	154.205.137.248
Details	IPv4	2	68.183.89.48
Details	IPv4	2	38.180.74.228
Details	IPv4	2	45.76.154.241
Details	IPv4	2	78.141.218.239
Details	IPv4	2	38.54.50.120
Details	IPv4	2	38.54.85.244
Details	Threat Actor Identifier - APT	166	APT31
Details	Url	2	https://38.60.221.145/static