ioc[.]one - OSINT Cyber Threat Intelligence Database

Home Routers Under Attack via DNSChanger Malware | Proofpoint US

Tags

maec-delivery-vectors:

attack-pattern:

Data Model Models Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Vulnerabilities - T1588.006 Default Credentials

Show in Graph

Common Information

Type	Value
UUID	e55216d9-8f05-4537-8565-a359946a50a0
Fingerprint	d0a50d53f49013c3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 13, 2016, 7 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 10:49 a.m.
Headline	Home Routers Under Attack via DNSChanger Malware on Windows, Android Devices
Title	Home Routers Under Attack via DNSChanger Malware \| Proofpoint US
Detected Hints/Tags/Attributes	72/2/162

Source URLs

	Redirection	Url
Details	Source	https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices

URL Provider

Details	Provider	Source level domain
Details	proofpoint.com	www.proofpoint.com

Attributes

Details	Type	#Events	Value
Details	CVE	1	cve-2016-582384
Details	Domain	1	stun.services.mozilla.com
Details	Domain	3	onclickads.net
Details	Domain	4	popcash.net
Details	Domain	4	cdn.taboola.com
Details	Domain	5	widgets.outbrain.com
Details	Domain	2	cdn.engine.4dsply.com
Details	Domain	2	cdn.engine.phn.doublepimp.com
Details	Domain	1	rfgsi.com
Details	Domain	41	malware.dontneedcoffee.com
Details	Domain	21	www.malwaretech.com
Details	Domain	36	www.kb.cert.org
Details	Domain	281	thehackernews.com
Details	Domain	1	kalypto.org
Details	Domain	1	www.sj-vs.net
Details	Domain	370	www.proofpoint.com
Details	Domain	5	kb.netgear.com
Details	Domain	1	modificationserver.com
Details	Domain	1	expensiveserver.com
Details	Domain	1	immediatelyserver.com
Details	Domain	1	respectsserver.com
Details	Domain	1	ad.reverencegserver.com
Details	Domain	1	parametersserver.com
Details	Domain	1	phosphateserver.com
Details	Domain	1	cigaretteinserver.com
Details	Domain	1	pix1.payswithservers.com
Details	Domain	1	pix2.payswithservers.com
Details	Domain	1	pix3.payswithservers.com
Details	Domain	1	pix4.payswithservers.com
Details	Domain	1	pix5.payswithservers.com
Details	Domain	1	pix6.payswithservers.com
Details	Domain	1	pix7.payswithservers.com
Details	Domain	1	pix8.payswithservers.com
Details	Domain	1	pix9.payswithservers.com
Details	Domain	1	pix10.payswithservers.com
Details	Domain	1	pix11.payswithservers.com
Details	Domain	1	pix12.payswithservers.com
Details	Domain	1	pix13.payswithservers.com
Details	Domain	1	pix14.payswithservers.com
Details	Domain	1	domain254.com
Details	Domain	1	sub16.domain.com
Details	Domain	1	sub17.domain.com
Details	File	4	cdn.tab
Details	File	1	an-exploit-kit-dedicated-to-csrf.html
Details	File	3	mapping-mirai-a-botnet-case-study.html
Details	File	38	kb.cer
Details	File	1	netgear-router-hacking.html
Details	File	1	netgeargenie.png
Details	File	1	uilinksys.gif
Details	File	1	redbull.gif
Details	File	1	settings.gif
Details	File	1	img_masthead.jpg
Details	File	44	logo.png
Details	File	1	top1_1.jpg
Details	File	1	headlogoa.gif
Details	File	1	logo_gn.gif
Details	File	1	bg_logo.jpg
Details	File	1	tops.gif
Details	File	3	banner.png
Details	File	5	loading.gif
Details	File	1	logo_corp.gif
Details	File	1	banner.gif
Details	File	1	down_02.jpg
Details	File	1	head_01.gif
Details	File	1	linksys_logo.png
Details	File	1	comtrend_banner.jpg
Details	File	5	logo.gif
Details	File	1	netgear_genie.png
Details	File	1	tmp.gif
Details	File	1	wlan_masthead.gif
Details	File	1	button_log_in.gif
Details	File	1	ui_linksys.gif
Details	File	1	smclg.gif
Details	File	1	drift-logo.png
Details	File	1	topbar.jpg
Details	File	1	young.png
Details	File	1	bg_stripes.png
Details	File	1	tenda-logo-big.png
Details	File	1	main_welcome.gif
Details	File	1	img_masthead_red.gif
Details	File	1	top-02.gif
Details	File	1	set_bt.gif
Details	File	1	head_logo.gif
Details	File	1	router_logo.jpg
Details	File	1	gui_admin_login.jpg
Details	File	1	ag_logo.jpg
Details	File	1	spin.gif
Details	File	1	top_left.png
Details	File	1	headlogo.gif
Details	File	5	home.jpg
Details	File	1	new_qanner.gif
Details	File	1	zyxellg.gif
Details	File	1	vlogo_blk.jpg
Details	File	1	asustitle.png
Details	File	1	asustitle_changed.png
Details	File	1	date_bg.png
Details	File	1	head_04.gif
Details	File	1	data_1_voda.gif
Details	File	1	logo_wind.gif
Details	File	1	banner_s.gif
Details	File	1	logo_320x23.png
Details	File	1	int_logo_4_firmware.gif
Details	File	3	header.jpg
Details	File	1	btn_apply.png
Details	File	1	tendalogo.gif
Details	File	14	logo.jpg
Details	File	1	head_logo_p1_encore.jpg
Details	File	1	title_2.gif
Details	File	1	home_01.gif
Details	File	1	settingsdgnd3300.jpg
Details	File	1	bannertxt.gif
Details	File	1	dsl604.jpg
Details	File	1	logo_netis.png
Details	File	1	icon-change_pencil.png
Details	File	1	logo1.gif
Details	File	1	icon_now.gif
Details	File	1	topbg.gif
Details	File	1	n704bcm.gif
Details	File	1	n704a3.gif
Details	File	1	login_title_n104t.gif
Details	File	1	title_rp614v4.gif
Details	File	1	img_masthead.gif
Details	File	1	logo_transparent.gif
Details	File	1	bg_a1.gif
Details	File	1	index_wrapper_bg_3347.png
Details	File	1	vz_logo.gif
Details	File	1	manhattan_banner.png
Details	File	1	corp_logo.gif
Details	File	1	cornerartd241.jpg
Details	IPv4	1	193.238.153.10
Details	IPv4	1	46.166.160.187
Details	IPv4	1	93.115.28.248
Details	IPv4	1	46.28.67.21
Details	IPv4	1	217.12.220.127
Details	IPv4	1	93.115.28.249
Details	IPv4	1	46.17.102.10
Details	IPv4	1	5.39.220.117
Details	IPv4	1	217.12.218.114
Details	IPv4	1	93.115.31.194
Details	IPv4	262	192.168.1.1
Details	IPv4	6	192.168.8.1
Details	IPv4	4	192.168.178.1
Details	IPv4	142	192.168.0.1
Details	IPv4	7	192.168.10.1
Details	IPv4	3	192.168.137.1
Details	IPv4	18	10.10.10.1
Details	IPv4	21	192.168.100.1
Details	IPv4	18	10.1.1.1
Details	IPv4	97	10.0.0.1
Details	IPv4	32	192.168.2.1
Details	IPv4	2	192.168.254.1
Details	IPv4	5	192.168.11.1
Details	IPv4	6	192.168.3.1
Details	IPv4	1	66.96.162.92
Details	Url	1	http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html
Details	Url	3	https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html
Details	Url	1	https://www.kb.cert.org/vuls/id/582384
Details	Url	1	http://thehackernews.com/2016/12/netgear-router-hacking.html
Details	Url	1	https://kalypto.org/research/netgear-vulnerability-expanded
Details	Url	1	http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers
Details	Url	2	https://www.proofpoint.com/us/threat-insight/post/phish-pharm
Details	Url	1	http://kb.netgear.com/000036386/cve-2016-582384