ioc[.]one - OSINT Cyber Threat Intelligence Database

Nicht so goot - breaking down gootkit and jasper (+ ftcode)

Tags

country:	Belarus China Romania Ukraine
attack-pattern:	Data Model Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 Third-Party Software - T1072

Show in Graph

Common Information

Type	Value
UUID	e570b8d7-79f5-4bd6-bc1f-6610f97a4b45
Fingerprint	84128163213d02b6
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 2, 2019, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 4:35 a.m.
Headline	Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)
Title	Nicht so goot - breaking down gootkit and jasper (+ ftcode)
Detected Hints/Tags/Attributes	66/2/64

Source URLs

	Redirection	Url
Details	Source	https://dissectingmalwa.re/nicht-so-goot-breaking-down-gootkit-and-jasper-ftcode.html

URL Provider

Details	Provider	Source level domain
Details	dissectingmalwa.re	dissectingmalwa.re

Attributes

Details	Type	#Events	Value
Details	Domain	1	bolp.cab
Details	Domain	538	pic.twitter.com
Details	Domain	912	any.run
Details	Domain	1	aweb.theshotboard.info
Details	Domain	339	system.net
Details	Domain	179	www.torproject.org
Details	Domain	1	qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion
Details	Domain	1	getpdfreader.13stripesbrewery.com
Details	Domain	1	rejoiner.com
Details	Domain	1	ont.carolinabeercompany.com
Details	Domain	1	wws.tkgventures.com
Details	Domain	1	z2g3mtkwotm4.top
Details	Domain	2	adp.reevesandcompany.com
Details	Domain	2	picturecrafting.site
Details	Domain	1	ogy5mtkwotm4.top
Details	Domain	1	mjvjmtkwotm4.top
Details	Domain	1	otnhmtkwotm4.top
Details	Domain	1	zgzimtkwotm4.top
Details	Domain	1	cofee.theshotboard.net
Details	Domain	1	home.tith.in
Details	Domain	2	connect.simplebutmatters.com
Details	Domain	1	home.isdes.com
Details	Domain	2	home.southerntransitions.net
Details	File	1	bolp.cab
Details	File	4	read_me_now.htm
Details	File	1209	powershell.exe
Details	File	2	w00log03.tmp
Details	File	1	%public%\oraclekit the ransomware will create a new file called good_day.log
Details	File	1	feat-chewy-shipping-confirmation.jpg
Details	File	174	index.js
Details	File	1	invoice_confirmation_534678238865.vbs
Details	File	9	pdf.php
Details	sha256	1	3e846a7316dbc15a38cfd522b14ad3f1a72d79959cbae9fd14621400d77cbc37
Details	sha256	1	bf1fae0bca74eb3e788985734c750e33949e24f44f4c6e76c615aa70a80ea175
Details	sha256	1	93aef539b491ecd4f3e3bfad2b226e8026d3335e457f5d8ba903e1d76686633e
Details	sha256	1	3721af6150db2082e6f8342c450070b835a46311c2fade9e1cd5598727d7db4f
Details	sha256	1	e6c58e32c151f2e9e44cd8bc98cdf12373a7f8fc40262e1c4402f2eb6d191d1e
Details	IPv4	1	194.76.224.108
Details	IPv4	1	35.187.36.248
Details	IPv4	1	176.10.125.87
Details	IPv4	4	208.91.197.91
Details	IPv4	1	185.158.248.151
Details	IPv4	1	31.214.157.3
Details	Url	1	http://aweb.theshotboard.info/?page=xing&vid=dc1:load
Details	Url	1	https://www.torproject.org/download/'>https://www.torproject.org/download
Details	Url	1	http://qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion/?guid=
Details	Url	1	http://getpdfreader.13stripesbrewery.com/pdf.php?mto7njc2ndk3
Details	Url	1	http://rejoiner.com/resources/wp-content/uploads/2017/04/feat-chewy-shipping-confirmation.jpg
Details	Url	1	http://ont.carolinabeercompany.com/bolp.cab
Details	Url	1	http://wws.tkgventures.com
Details	Url	1	http://z2g3mtkwotm4.top
Details	Url	1	https://adp.reevesandcompany.com/rbody320
Details	Url	1	http://picturecrafting.site
Details	Url	1	http://ogy5mtkwotm4.top
Details	Url	1	http://mjvjmtkwotm4.top
Details	Url	1	http://otnhmtkwotm4.top
Details	Url	1	http://zgzimtkwotm4.top
Details	Url	1	http://cofee.theshotboard.net/?need=uuid&vid=dc1:loadjs&
Details	Url	1	http://aweb.theshotboard.info/ver=926.3
Details	Url	1	http://qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion/?guid=victim
Details	Url	1	http://home.tith.in/seven.sat
Details	Url	1	http://connect.simplebutmatters.com
Details	Url	1	http://home.isdes.com
Details	Url	1	http://home.southerntransitions.net