ioc[.]one - OSINT Cyber Threat Intelligence Database

Reviewing the spam filters: Malspam pushing Gozi-ISFB - SANS Internet Storm Center

Tags

attack-pattern:

Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	df84dde4-fa5a-4e4c-b895-cd0f70825eeb
Fingerprint	ecf5391be6f252d3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 17, 2018, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Internet Storm Center
Title	Reviewing the spam filters: Malspam pushing Gozi-ISFB - SANS Internet Storm Center
Detected Hints/Tags/Attributes	44/1/65

Source URLs

	Redirection	Url
Details	Source	https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245

URL Provider

Details	Provider	Source level domain
Details	sans.edu	isc.sans.edu

Attributes

Details	Type	#Events	Value
Details	Domain	9	malwarebreakdown.com
Details	Domain	1	ijqdjqnwiduqujqiuezxc.com
Details	Domain	1	adistributedmean.net
Details	Domain	1	fyibc.com
Details	Domain	1	dtybgsb.com
Details	Domain	2	zepter.com
Details	Domain	2	carfax.com
Details	Domain	1	fortrunernaskdneazxd.com
Details	Domain	1	bithedistributedlicense.net
Details	Domain	1	fyicreative.ca
Details	Domain	21	www.msftncsi.com
Details	File	39	winmm.dll
Details	File	6	presentationsettings.exe
Details	File	4	request.doc
Details	File	1	52a8081a.exe
Details	File	1	crppport.exe
Details	File	1	molarity-12.exe
Details	File	1	c:\programdata\wedge-46\wedge-6.exe
Details	File	1260	explorer.exe
Details	File	1	aliasing-2.exe
Details	File	1	nbs_request.doc
Details	File	1	6d9be056.exe
Details	File	1	efsuvoas.exe
Details	File	1	sof.php
Details	File	1	baw.pfx
Details	File	17	s.php
Details	File	1	vvv.bin
Details	File	1	nori3.bin
Details	File	1	nori6.bin
Details	File	1206	index.php
Details	File	1	kur.pfx
Details	File	1	dih.bin
Details	sha256	1	febb37762a92bedad337d0489ac482e356e2787533d65a757c3375fb147ff0a8
Details	sha256	1	14284152d53c119ad04c986a2a115485ae480d8012603679bf28ec27e3869929
Details	sha256	1	d254e82bdbfd16aa9f0037e2c536c3b9dddd6ec559d26a5af005d3a1f8199d59
Details	sha256	1	f1c9544e8f1de92f60f13e29403fc459811b93a7a316d957cb30c1b4a61ba61d
Details	sha256	1	6e5faf4c3eb47a5218f173564fc1e5a8afc65a8126ff7f602e8dbfe98a2ba695
Details	sha256	1	044e86936bfc30cd0c07186b6e270650f896f6a42e9b8015abc184d161880090
Details	sha256	1	f8bdb65d54ccab04a506e84f14bdbeef15f6266a7bd6e4e7dfde69de424dd10a
Details	sha256	1	208b94fd66a6ce266c3195f87029a41a0622fff47f2a5112552cb087adbb1258
Details	sha256	1	018084df00799387be61c5f849af8fce093aab8f73420a2ece7b47d0f45fa07e
Details	IPv4	1	188.25.175.38
Details	IPv4	1	109.166.237.170
Details	IPv4	2	212.98.131.181
Details	IPv4	1	86.120.77.221
Details	IPv4	1	80.80.165.93
Details	IPv4	1	186.73.245.226
Details	IPv4	2	188.237.190.24
Details	IPv4	1	184.168.187.1
Details	IPv4	1	86.120.168.154
Details	IPv4	2	203.91.116.53
Details	IPv4	1	155.133.93.30
Details	IPv4	1	85.105.167.110
Details	IPv4	1	84.54.187.24
Details	IPv4	1	213.6.121.106
Details	IPv4	1	90.180.1.23
Details	IPv4	2	41.193.159.41
Details	IPv4	1	69.90.132.196
Details	IPv4	2	69.75.114.66
Details	IPv4	2	74.50.133.9
Details	IPv4	2	95.150.74.40
Details	IPv4	3	179.108.87.11
Details	IPv4	2	190.208.42.36
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon