ioc[.]one - OSINT Cyber Threat Intelligence Database

Gozi-ISFB:Darktrace’s Detection of the Malware with a Thousand Faces - Darktrace Blog

Tags

cmtmf-attack-pattern:	Application Layer Protocol
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Models Application Layer Protocol - T1437 Credentials - T1589.001 Domain Generation Algorithms (Dga) - T1323 Domains - T1583.001 Domains - T1584.001 Drive-By Compromise - T1456 Email Accounts - T1585.002 Email Accounts - T1586.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Tool - T1588.002 Standard Application Layer Protocol - T1071 Drive-By Compromise - T1189 Spearphishing Link - T1192 Drive-By Compromise

Show in Graph

Common Information

Type	Value
UUID	e857fd72-fc4c-41d0-90c7-44519f528be1
Fingerprint	2f352d19b927d463
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 26, 2023, midnight
Added to db	April 26, 2023, 10:14 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Gozi-ISFB:Darktrace’s Detection of the Malware with a Thousand Faces
Title	Gozi-ISFB:Darktrace’s Detection of the Malware with a Thousand Faces - Darktrace Blog
Detected Hints/Tags/Attributes	61/3/28

Source URLs

	Redirection	Url
Details	Source	https://darktrace.com/blog/gozi-isfb-darktraces-detection-of-the-malware-with-a-thousand-faces

URL Provider

Details	Provider	Source level domain
Details	darktrace.com	darktrace.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	101	✔	—	https://de.darktrace.com/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	8	AS197695
Details	Domain	5	gameindikdowd.ru
Details	Domain	5	jhgfdlkjhaoiu.su
Details	Domain	51	reg.ru
Details	Domain	5	iujdhsndjfks.ru
Details	Domain	3	reggy505.ru
Details	Domain	2	apr.intoolkom.at
Details	Domain	2	chnkdgpopupser.at
Details	Domain	3	denterdrigx.com
Details	Domain	11	threatfox.abuse.ch
Details	Domain	469	www.cisa.gov
Details	File	2	entrat.exe
Details	IPv4	3	62.173.138.28
Details	IPv4	2	134.0.118.203
Details	IPv4	2	45.130.147.89
Details	IPv4	3	94.198.54.97
Details	IPv4	2	91.241.93.111
Details	IPv4	2	89.108.76.56
Details	IPv4	5	87.106.18.141
Details	IPv4	22	35.205.61.67
Details	IPv4	2	91.241.93.98
Details	IPv4	2	62.173.147.64
Details	IPv4	2	146.70.113.161
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	Url	2	https://threatfox.abuse.ch/browse/malware/win.isfb
Details	Url	4	https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-216a