Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
Tags
attack-pattern: Data Artificial Intelligence - T1588.007 Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID ce6efdc3-5d41-4bb4-9623-f85a8920daab
Fingerprint 84e419c8a17b2e69
Analysis status DONE
Considered CTI value 2
Text language
Published May 21, 2020, midnight
Added to db Oct. 15, 2024, 5:32 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
Title Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
Detected Hints/Tags/Attributes 49/1/33
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_ca/research/20/e/backdoor-devil-shadow-botnet-hidden-in-fake-zoom-installers.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 25 
zoom.us
Details Domain 1 
madleets.ddns.net
Details Domain 1 
hosting303.000wenhostapp.com
Details Domain 1 
hosting303.000webhostapp.com
Details File 208 
setup.exe
Details File 1 
cmd_shell.exe
Details File 1 
new_script.txt
Details File 5 
shell.bat
Details File 13 
zoom.exe
Details File 1 
botnet_start.vbs
Details File 1 
boot-startup.vbs
Details File 27 
node.exe
Details File 1 
screenshot.exe
Details File 4 
webcam.exe
Details File 2 
svchîst.exe
Details File 54 
install.exe
Details File 165 
reg.exe
Details File 2 
eng.exe
Details File 57 
installer.exe
Details File 48 
trojan.bat
Details File 52 
trojan.js
Details sha256 1 
4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe
Details sha256 1 
57bf83837c18a75d2e7327cdf5bfdcc906ccf78d82237ec961a4f1bee85473cf
Details sha256 1 
9b6b1807f886bb9eccdc170988d6e419e4301c96817f362aca3d01df17c352fd
Details sha256 1 
90728a5b2f22460e1b28e3dc350a95b993a185a6170b4aa5e45b57834b90bcee
Details sha256 1 
a26f3981ed3784bb86f5223bf14fb0047ff3fd86b8fc94753ce5a3f1702ebb56
Details sha256 1 
93bf084daddb10b3760f4e4424b1bc4d5d5590c30064045d01c8658a6fe50d3a
Details sha256 1 
f01da52509792a52c6def452b3ee9b0b78acaca399341926fbe4f3212c42a55e
Details sha256 1 
5b7804919d437688c8811e85c54cb36efba72652bac8093833ca04b811ea87b7
Details sha256 1 
628928fe61e86d3b246a7822b1d1505d3694becc4a73e373f73653851d22f1a5
Details sha256 1 
65f725f380c9b90d409539b74bfbd8a57f0fa48843ee79838fa57ad28240feb5
Details Url 2 
https://zoom.us/download.
Details Url 1 
https://hosting303.000wenhostapp.com