An inside view of a password stealer campaign
Tags
| country: | China South Korea |
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | d91f6e69-8b50-4349-ad08-c8c87380bdeb |
| Fingerprint | 1124871da38214f1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 10, 2017, 8:40 a.m. |
| Added to db | Feb. 17, 2023, 11:24 p.m. |
| Last updated | Nov. 17, 2024, 12:58 p.m. |
| Headline | benkow_ |
| Title | An inside view of a password stealer campaign |
| Detected Hints/Tags/Attributes | 32/2/101 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | fav.al |
|
| Details | Domain | 1 | t4st.fav.al |
|
| Details | Domain | 1 | t2st.fav.al |
|
| Details | Domain | 1 | post.phpfav.al |
|
| Details | Domain | 1 | kns1.al |
|
| Details | Domain | 1 | ddf.al |
|
| Details | Domain | 1 | dff.al |
|
| Details | Domain | 1 | files1.ddf.al |
|
| Details | Domain | 1 | 401.fav.al |
|
| Details | Domain | 1 | d1.ddf.al |
|
| Details | Domain | 1 | bin1.kns1.al |
|
| Details | Domain | 1 | 402.fav.al |
|
| Details | Domain | 1 | dbr.ddf.al |
|
| Details | Domain | 1 | bon1.kns1.al |
|
| Details | Domain | 1 | 403.fav.al |
|
| Details | Domain | 1 | f1.ddf.al |
|
| Details | Domain | 1 | byn1.kns1.al |
|
| Details | Domain | 1 | 404.fav.al |
|
| Details | Domain | 1 | files.ddf.al |
|
| Details | Domain | 1 | dan1.kns1.al |
|
| Details | Domain | 1 | ali1st.fav.al |
|
| Details | Domain | 1 | dan1-d.kns1.al |
|
| Details | Domain | 1 | cent1.fav.al |
|
| Details | Domain | 1 | frank1.ddf.al |
|
| Details | Domain | 1 | dave1.kns1.al |
|
| Details | Domain | 1 | char2.fav.al |
|
| Details | Domain | 1 | 111.dff.al |
|
| Details | Domain | 1 | denko1.kns1.al |
|
| Details | Domain | 1 | charles1.fav.al |
|
| Details | Domain | 1 | owe1.ddf.al |
|
| Details | Domain | 1 | dinu1.kns1.al |
|
| Details | Domain | 1 | charles1-s.fav.al |
|
| Details | Domain | 1 | owe2.ddf.al |
|
| Details | Domain | 1 | gt1.kns1.al |
|
| Details | Domain | 1 | daniel1.fav.al |
|
| Details | Domain | 1 | owe3.ddf.al |
|
| Details | Domain | 1 | jeff1.kns1.al |
|
| Details | Domain | 1 | dave1.fav.al |
|
| Details | Domain | 1 | legend1.ddf.al |
|
| Details | Domain | 1 | jones1.kns1.al |
|
| Details | Domain | 1 | db.fav.al |
|
| Details | Domain | 1 | s1.ddf.al |
|
| Details | Domain | 1 | ld1.kns1.al |
|
| Details | Domain | 1 | dfg2.fav.al |
|
| Details | Domain | 1 | ld1files.kns1.al |
|
| Details | Domain | 1 | dfg3.fav.al |
|
| Details | Domain | 1 | nasty1.kns1.al |
|
| Details | Domain | 1 | dfg2-s.fav.al |
|
| Details | Domain | 1 | sailheats2.kns1.al |
|
| Details | Domain | 1 | dino1.fav.al |
|
| Details | Domain | 1 | sheats1.kns1.al |
|
| Details | Domain | 1 | ebu1.fav.al |
|
| Details | Domain | 1 | swain1.kns1.al |
|
| Details | Domain | 1 | gabriel1-st.fav.al |
|
| Details | Domain | 1 | swain2.kns1.al |
|
| Details | Domain | 1 | g1.fav.al |
|
| Details | Domain | 1 | tunapy1.kns1.al |
|
| Details | Domain | 1 | g2.fav.al |
|
| Details | Domain | 1 | wal1.kns1.al |
|
| Details | Domain | 1 | g3.fav.al |
|
| Details | Domain | 1 | wal2.kns1.al |
|
| Details | Domain | 1 | gr2-s.fav.al |
|
| Details | Domain | 1 | wal3.kns1.al |
|
| Details | Domain | 1 | heat1.fav.al |
|
| Details | Domain | 1 | wal4.kns1.al |
|
| Details | Domain | 1 | idino2.fav.al |
|
| Details | Domain | 1 | wal5.kns1.al |
|
| Details | Domain | 1 | ll1.fav.al |
|
| Details | Domain | 1 | nwam1.fav.al |
|
| Details | Domain | 1 | oct1.fav.al |
|
| Details | Domain | 1 | oct3-st.fav.al |
|
| Details | Domain | 1 | oct4-st.fav.al |
|
| Details | Domain | 1 | pat1st.fav.al |
|
| Details | Domain | 1 | patrick1.fav.al |
|
| Details | Domain | 1 | riv1.fav.al |
|
| Details | Domain | 1 | sail1st.fav.al |
|
| Details | Domain | 1 | sail2st.fav.al |
|
| Details | Domain | 1 | senator1st.fav.al |
|
| Details | Domain | 1 | skadams1.fav.al |
|
| Details | Domain | 1 | swaindino1.fav.al |
|
| Details | Domain | 1 | t3st.fav.al |
|
| Details | Domain | 1 | upd1.fav.al |
|
| Details | Domain | 1 | upd3.fav.al |
|
| Details | Domain | 3 | desktop.zip |
|
| Details | Domain | 1 | t1st.fav.al |
|
| Details | File | 59 | post.php |
|
| Details | File | 101 | gate.php |
|
| Details | File | 94 | config.php |
|
| Details | File | 1 | bin1.exe |
|
| Details | File | 1 | rbl-5019.jpg |
|
| Details | File | 1 | rpm.jpg |
|
| Details | File | 2 | desktop.zip |
|
| Details | sha256 | 1 | 1eb54cd95709b62ebafa50b5dc051a41225b1de236bf8d269ceeac1087f9fbb1 |
|
| Details | sha256 | 1 | 78ca1db4616ac10d6ae34a9f8b85b63966fad43fed0f40cf61d9fcde74892d94 |
|
| Details | sha256 | 1 | bd1e28f55b2b335e27762425ebc70ffe17d468d7896bf2869bc0e5fa3e4220e2 |
|
| Details | sha256 | 1 | 81962cbfd51b64b51eeb4110ef139fd3c2791965621bf7ee65a422974a6ec4a1 |
|
| Details | sha256 | 1 | dfdc0b9e2cffead30a77bfffad6fb621f6eccaf6f5ace4b1d46bfe7b141a6028 |
|
| Details | sha256 | 1 | 15775abe5573192d8abe6fc03240ef8d0afc94bbae22df5f940a789146295ebb |
|
| Details | sha256 | 1 | f1b15760d728dc24cd87339be20cc4fe14359bf810f6866b3e21d7ade25846ed |
|
| Details | IPv4 | 2 | 1.9.2.3 |
|
| Details | Url | 1 | http://files1.ddf.al/bin1.exe |