Nitol Botnet makes a resurgence with evasive sandbox analysis technique
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID d610c8e3-8eef-4f41-b93b-54786e279a3f
Fingerprint ac060ddb893a07ca
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 14, 2016, 3:42 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 14, 2024, 7:54 p.m.
Headline Nitol Botnet makes a resurgence with evasive sandbox analysis technique
Title Nitol Botnet makes a resurgence with evasive sandbox analysis technique
Detected Hints/Tags/Attributes 33/2/13
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique
Details Source https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique/
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
doktrine.fr
Details Domain 3 
googlex.me
Details File 2 
mg.txt
Details sha256 1 
5866c53bd16a15d88f51415fde254b8edac9bc22495ad3ac2f12f5e5ef025923
Details sha256 1 
4d977327390a13a2660da4f65872810245b57b34d990c22c547410fe3b7f3511
Details sha256 1 
e88f5c562bb894e452c88ac1c8f4fa2aea9e14275ca5a2e25655cb95491cc37f
Details sha256 1 
2e42ca6c471ef2894ea407d482b0b6419afbd2e550a8688932064caabd48dfb6
Details sha256 1 
d76cf03299107defbb6270bbe0118aa2ceaa1197d7a0499bdb869ed02401b756
Details sha256 1 
e65b5b57f3dd913e24bb65bfb7f0a9f60fb53f2b12460b537d6b21a6d5a14eb8
Details sha256 1 
b14f8b2b8b82267be787b4b844a17554e5b6fa34ea0af197176c29dcbba60b52
Details sha256 1 
5041bf99f3010fd88ec0a37557cb2ee51aba5cb49fac5bb0aec120f2cc893128
Details IPv4 295 
8.8.8.8
Details Url 2 
http://doktrine.fr/mg.txt