ioc[.]one - OSINT Cyber Threat Intelligence Database

Raccoon Stealer Announce Return After Hiatus

Tags

country:	Netherlands Russia United States Of America
attack-pattern:	Data Datasets Control Panel - T1218.002 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Hardware - T1592.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Automated Collection - T1119 Connection Proxy - T1090 Automated Collection

Show in Graph

Common Information

Type	Value
UUID	e202d532-7b33-4cd0-b279-3b81153ee9db
Fingerprint	ac0589d80c3fbf89
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 15, 2023, 9:16 a.m.
Added to db	Oct. 24, 2023, 1:15 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Raccoon Stealer Announce Return After Hiatus
Title	Raccoon Stealer Announce Return After Hiatus
Detected Hints/Tags/Attributes	127/2/45

Source URLs

	Redirection	Url
Details	Source	https://cyberint.com/blog/financial-services/raccoon-stealer/

URL Provider

Details	Provider	Source level domain
Details	cyberint.com	cyberint.com

Attributes

Details	Type	#Events	Value
Details	Domain	9	log.zip
Details	Domain	15	telete.in
Details	Domain	2	telecut.in
Details	Domain	2	tgraph.io
Details	Domain	5	tttttt.me
Details	Domain	2	telegram.cat
Details	Domain	2	telegram.services
Details	Domain	2	tlgr.org
Details	Domain	2	xn--r1a.click
Details	Domain	2	xn--r1a.link
Details	Domain	2	xn--r1a.live
Details	Domain	2	xn--r1a.site
Details	Domain	2	xn--r1a.website
Details	Domain	25	www.cyberark.com
Details	File	9	log.zip
Details	File	13	file.doc
Details	File	33	log.php
Details	File	104	sqlite3.dll
Details	File	96	wallet.dat
Details	File	5	machineinfo.txt
Details	File	2	%userprofile%\appdata\locallow\ using the configuration _id value followed by .zip
Details	sha256	4	012e382049b88808e2d0b26e016dc189f608deea9b6cc993ce24a57c99dd93d1
Details	sha256	2	18c27b85f26566dd782171e00ea5b5872546b23526cca0ebb185caca35fdec93
Details	sha256	2	24499fbfd8a2b2663899841f3cf424b60d60c26351b5d491fd475adf9e301256
Details	sha256	2	3c5120a6e894b64924dc44f3cdc0da65f277b32870f73019cefeacf492663c0e
Details	sha256	2	40175d0027919244b6b56fe5276c44aba846d532501e562da37831403c9ed44e
Details	sha256	2	624b7ae8befcf91dbf768d9703147ac8f9bd46b08ffe14a75c77e88736bf07d0
Details	sha256	2	75c3a83073d9b15d4f47308b5d688f1ec07422419e3bd54e78f6ef8683d42e5c
Details	sha256	2	8815b21c44c22aec31f7fa6e69dcb83a60c572f8365ff02b5c6f12154e01a4c2
Details	sha256	2	97e95e99fd499ec45a7c1d8683d5731ce5e7a8fb8b710622e578cd169a00d8d9
Details	sha256	2	a2420c7f0c7bf5d3c0893aff6b7440a09c0531632434d2bbb6f8ed98b04317b9
Details	sha256	2	bfb37c9adc809e880f56dd10898b5425242330d6e2fa69e014a98e6dc18ce416
Details	sha256	2	caf3eca514de58e215b5e9f568f748293be64a3c82e15c2f905903cd9bfacc1c
Details	sha256	2	de7ccff53ca27db1ed1e3e0d0df07f2e3364ec6b7e60622dc7726cba56831eb7
Details	IPv4	7	195.201.225.248
Details	IPv4	4	95.216.186.40
Details	Url	8	https://t.me
Details	Url	2	https://telete.in/jiocacossa
Details	Url	2	https://tttttt.me/kokajakprozak
Details	Url	2	https://tttttt.me/antitantief3
Details	Url	2	https://telete.in/baudemars
Details	Url	2	https://telete.in/bpa1010100102
Details	Url	2	https://tttttt.me/brikitiki
Details	Url	2	https://tttttt.me/ch0koalpengold
Details	Url	2	https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer