Rewterz Threat Alert – Malspam campaign dropping LokiBot Malware - Rewterz
Tags
attack-pattern: | Malware - T1587.001 Malware - T1588.001 Vulnerabilities - T1588.006 |
Common Information
Type | Value |
---|---|
UUID | e84264ea-c1da-454d-9188-bd145e431048 |
Fingerprint | 85d4ac417d5dee4b |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Jan. 4, 2019, 5:34 p.m. |
Added to db | Dec. 19, 2024, 3:35 a.m. |
Last updated | Dec. 19, 2024, 10:50 a.m. |
Headline | Rewterz Threat Alert – Malspam campaign dropping LokiBot Malware |
Title | Rewterz Threat Alert – Malspam campaign dropping LokiBot Malware - Rewterz |
Detected Hints/Tags/Attributes | 11/1/18 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 68 | cve-2018-15982 |
|
Details | CVE | 4 | cve-2018-19725 |
|
Details | CVE | 4 | cve-2018-16011 |
|
Details | Domain | 1 | admin.snzadm.ru |
|
Details | Domain | 1 | impactspur.com |
|
Details | 1 | adib@impactspur.com |
||
Details | File | 83 | fre.php |
|
Details | md5 | 1 | 6c1f2700eda668b3e912c3a6ac0bdcec |
|
Details | md5 | 1 | 20eb496e1487e739567d294570c3654f |
|
Details | md5 | 1 | ccdc5204c92640beb9735bb38adbfa85 |
|
Details | sha1 | 1 | 6e7716f1f1dd4caac37aa6f8274b413f48bdb6f2 |
|
Details | sha1 | 1 | 52c5adfb146f873a72cbe52011ba57465021d16f |
|
Details | sha256 | 1 | a9879832b75061e7cfc6ed363fa7055c3931bfe9c7fd84257d5d62e936e87b9a |
|
Details | sha256 | 1 | f450d6a4eadea4b11e29d493c399ed3cf247a04444afec84a89572a7f41bf14a |
|
Details | sha256 | 1 | e032a06a791dcf2971cbed8ce4f8c7d8ce1e844f0468343ed6b503de4438ee5c |
|
Details | IPv4 | 1 | 213.183.51.235 |
|
Details | Url | 1 | http://admin.snzadm.ru/js/?cliente= |
|
Details | Url | 1 | http://213.183.51.235/lawd/panel/fre.php |