EwDoor Botnet Is Attacking AT&T Customers
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Indirect Model Botnet - T1583.005 Botnet - T1584.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | d383579e-5c9b-4367-ad7d-489242e5584c |
| Fingerprint | ed905c530de183c1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 30, 2021, midnight |
| Added to db | Sept. 11, 2022, 12:32 p.m. |
| Last updated | Sept. 5, 2024, 3:55 p.m. |
| Headline | EwDoor Botnet Is Attacking AT&T Customers |
| Title | EwDoor Botnet Is Attacking AT&T Customers |
| Detected Hints/Tags/Attributes | 65/2/61 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 4 | AS7018 |
|
| Details | CVE | 3 | cve-2017-6079 |
|
| Details | Domain | 1 | iunno.se |
|
| Details | Domain | 8 | ld-uclibc.so |
|
| Details | Domain | 1 | tracker.birkenwald.de |
|
| Details | Domain | 1 | ipv6.tracker.zerobytes.xyz |
|
| Details | Domain | 1 | fe.dealclub.de |
|
| Details | Domain | 1 | wassermann.online |
|
| Details | Domain | 1 | mail.realliferpg.de |
|
| Details | Domain | 1 | movies.zsw.ca |
|
| Details | Domain | 1 | tracker.blacksparrowmedia.net |
|
| Details | Domain | 1 | code2chicken.nl |
|
| Details | Domain | 1 | abufinzio.monocul.us |
|
| Details | Domain | 1 | tracker.0x.tf |
|
| Details | Domain | 1 | tracker.altrosky.nl |
|
| Details | Domain | 1 | rtmxvd.iunno.se |
|
| Details | Domain | 1 | hhqnyy.zapto.org |
|
| Details | Domain | 1 | besthatsite.mooo.com |
|
| Details | Domain | 1 | ekgmua.zapto.org |
|
| Details | Domain | 1 | rtmxvdio.ne |
|
| Details | Domain | 1 | boatreviews.xpresit.net |
|
| Details | Domain | 1 | hatbowlu3hf.ru |
|
| Details | Domain | 1 | rtmxvdio.net |
|
| Details | Domain | 1 | hatbowlrtx.su |
|
| Details | Domain | 1 | ew-new.sh |
|
| Details | Domain | 1 | ew.sh |
|
| Details | Domain | 1 | 859b6cfa.sh |
|
| Details | File | 1 | pk_verify.exe |
|
| Details | File | 5 | img.gz |
|
| Details | md5 | 1 | 7d4937e27d0fd75dd6159ffe53ebb505 |
|
| Details | md5 | 1 | 5d653e9a5b1093ef8408c3884fbd9217 |
|
| Details | md5 | 1 | 6c553db88e4cd52a2ed4795ec1710421 |
|
| Details | md5 | 1 | 5a6d3b1018b5e7543ee6f73d6c9df727 |
|
| Details | md5 | 1 | 10acc6e0e0447d900d6d46c66c8f4406 |
|
| Details | md5 | 1 | eef0035f971622cc5f48e164ca28a95f |
|
| Details | md5 | 1 | fbbacfb20e487265c7fdb30817717f26 |
|
| Details | md5 | 1 | 007c28d9a0ccfb10c478689fd63e0de0 |
|
| Details | md5 | 1 | 128331f1c808ee385375dd54d0609ebc |
|
| Details | md5 | 1 | 46c18a8e93a863053952985a39bd7d63 |
|
| Details | md5 | 1 | 4f0841ac08a27d8b3d56cbd03fb68ad8 |
|
| Details | md5 | 1 | 5c4390e1668856cc7f72499a72f935d6 |
|
| Details | md5 | 1 | 62bc8899a353921ac685cabb63de97b3 |
|
| Details | md5 | 1 | 67ccb3cf1f4f57f5a0ded4d20bc91d73 |
|
| Details | md5 | 1 | 84b3df62ed45bea57d0dd85e80f0dc07 |
|
| Details | md5 | 1 | 8794d23cad330de803294a2a1adb128b |
|
| Details | md5 | 1 | abaed830fe09e92ee434236d3db01e08 |
|
| Details | md5 | 1 | b81ade4f18c2df58adef301f401e8a02 |
|
| Details | md5 | 1 | ca6eb890853434ab9a0f8cdbab0965ea |
|
| Details | md5 | 1 | ddf96434bdb7b449ddcc925e6a5b3095 |
|
| Details | IPv4 | 1 | 185.10.68.20 |
|
| Details | IPv4 | 1 | 45.141.157.217 |
|
| Details | IPv4 | 1 | 45.141.155.217 |
|
| Details | IPv4 | 1 | 62.77.156.103 |
|
| Details | IPv4 | 1 | 212.192.241.158 |
|
| Details | IPv4 | 1 | 212.193.30.209 |
|
| Details | Url | 1 | http://185.10.68.20:1234/ew-new.sh |
|
| Details | Url | 1 | http://185.10.68.20:1234/ew.sh |
|
| Details | Url | 1 | http://185.10.68.20:1234/prod/mips |
|
| Details | Url | 1 | http://185.10.68.20:1234/ramdisk.img.gz |
|
| Details | Url | 1 | http://212.193.30.209/61501e55/mips |
|
| Details | Url | 1 | http://212.193.30.209/859b6cfa.sh |