EvilGnome: Rare Malware Spying on Desktop Users - Intezer
Tags
country: Russia
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Browser Extensions - T1176 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID d584250b-367c-4835-a043-3de38089fb06
Fingerprint bd169d5bcdb32389
Analysis status DONE
Considered CTI value 2
Text language
Published July 17, 2019, 1:19 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 4, 2024, 8:13 a.m.
Headline EvilGnome: Rare Malware Spying on Linux Desktop Users
Title EvilGnome: Rare Malware Spying on Desktop Users - Intezer
Detected Hints/Tags/Attributes 64/2/17
Source URLs
Redirection Url
Details Source https://intezer.com/blog/linux/evilgnome-rare-malware-spying-on-linux-desktop-users/
Details Source https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
URL Provider
Details Provider Source level domain
Details intezer.com www.intezer.com
Details intezer.com intezer.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
gamework.ddns.net
Details Domain 1 
workan.ddns.net
Details Domain 1 
rnbo-ua.ddns.net
Details Domain 1 
kotl.space
Details Domain 1 
clsass.ddns.net
Details Domain 1 
makeself.sh
Details Domain 43 
setup.sh
Details Domain 2 
gnome-shell-ext.sh
Details Domain 1 
webhamster.ru
Details File 1 
rtp.dat
Details sha256 1 
a21acbe7ee77c721f1adc76e7a7799c936e74348d32b4c38f3bf6357ed7e8032
Details sha256 1 
82b69954410c83315dfe769eed4b6cfc7d11f0f62e26ff546542e35dcd7106b7
Details sha256 1 
7ffab36b2fa68d0708c82f01a70c8d10614ca742d838b69007f5104337a4b869
Details IPv4 1 
195.62.52.101
Details IPv4 1 
185.158.115.44
Details IPv4 1 
185.158.115.154
Details Url 1 
https://webhamster.ru/site/page/index/articles/projectcode/157