ioc[.]one - OSINT Cyber Threat Intelligence Database

DBatLoader Actively Distributing Malwares Targeting Europea

Tags

cmtmf-attack-pattern:	Application Layer Protocol Masquerading Obfuscated Files Or Information Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Cloud Services - T1021.007 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Encrypted Channel - T1521 Encrypted Channel - T1573 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Javascript - T1059.007 System Network Configuration Discovery - T1422 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Remote Access Software - T1663 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Timestomp - T1070.006 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 File And Directory Discovery - T1083 File Deletion - T1107 Masquerading - T1036 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Remote Access Tools - T1219 Remote System Discovery - T1018 Scripting - T1064 Security Software Discovery - T1063 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Time Discovery - T1124 Timestomp - T1099 Masquerading Remote System Discovery Scripting

Show in Graph

Common Information

Type	Value
UUID	ee36a37b-8097-435d-b9b8-ff68ec8ec756
Fingerprint	8090911a18fcba8
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 27, 2023, midnight
Added to db	March 27, 2023, 6:56 p.m.
Last updated	Nov. 17, 2024, 6:50 p.m.
Headline	DBatLoader: Actively Distributing Malwares Targeting European Businesses
Title	DBatLoader Actively Distributing Malwares Targeting Europea
Detected Hints/Tags/Attributes	97/3/90

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	silverline.com.sg
Details	Domain	2	hallowed247.duckdns.org
Details	Domain	2	sleda.sleda.eu
Details	Domain	2	a0034372876rfq021423.cab
Details	Domain	2	thesquirrelgame.net
Details	Domain	2	b-yy.xyz
Details	Domain	2	property.one
Details	Domain	2	constructiondocuments.one
Details	File	5	quotation.pdf
Details	File	2	revised_order_document.pdf
Details	File	2	'xdfiifago.bat
Details	File	2	'kdeco.bat
Details	File	3	'netutils.dll
Details	File	3	'easinvoker.exe
Details	File	10	easinvoker.exe
Details	File	12	netutils.dll
Details	File	10	kdeco.bat
Details	File	2	gafiifdx.url
Details	File	2	'gafiifdx.url
Details	File	2	c:\\users\\public\\libraries\\xdfiifag.exe
Details	File	2	sz5-9-020.msg
Details	File	21	document.pdf
Details	File	2	revised_order_document.cab
Details	File	2	revised_order_quotation.pdf
Details	File	2	xdfiifagcwrbrg.exe
Details	File	2	sz59020_jf_korea_co_ltd_sales_order.pdf
Details	File	2	sz59020_jf_korea_co_ltd_sales_order.cab
Details	File	2	fsofwcqmhvvgna.exe
Details	File	2	dvicvwxfouxvgm.exe
Details	File	2	eyeqkzxtfeyxwr.exe
Details	File	2	23.msg
Details	File	2	a0034372876rfq021423.cab
Details	File	2	a0034372876rfq.pdf
Details	File	2	a0034372876rfq021423.exe
Details	File	24	document.html
Details	File	6	attachment.iso
Details	File	2	document874559_pdf.exe
Details	File	2	8748859gdte.html
Details	File	2	neue_anfrage.iso
Details	File	2	sale.msg
Details	File	2	xnsheycoorkeea.exe
Details	File	2	f3232e7b-fb3b-34f3-51bd-249570f678de.eml
Details	File	2	yokzgytdjocuus.exe
Details	File	2	xdfiifago.bat
Details	File	2	my_file.dll
Details	md5	2	d51576e2e216292a72ce16821f9696d3
Details	md5	2	0e8aefd1dade4f059c2881c6e05f689f
Details	md5	2	ef02ba99d974787a70085537918117c4
Details	md5	2	4c39cdd2bfb2c7dde761a6e5b8c01321
Details	md5	2	85b2a41e98412f2867715c9ae5ad27ac
Details	md5	2	c1d19535ded9e0ff8e293f6852b24b91
Details	md5	2	1d1f8534ee6dbe1dbeade30e912a9136
Details	md5	2	f0b7bad0eb081c6b7d3df74e733efd1c
Details	md5	2	00c168883239c13aa213a5337aca3dae
Details	md5	2	aa8836fa3879074748f6dca63476aba9
Details	md5	2	b2d368435d5896419751add4cc338fc4
Details	md5	2	be889f4ab5ce7e99c131463c58205ba0
Details	md5	2	d9844515b7d09d74de188856b60c88c0
Details	md5	2	10904cb6103086d04ba0d76bcf7a65dc
Details	md5	2	1978b12cacb91b0d0f77a9979db9e671
Details	md5	2	3dde7b13d4736c11a67bc8fbad976d37
Details	md5	2	fb7dbeea12e4729cf11d6de8588f2b7e
Details	md5	2	cdac8ab69c92d012de0650c64be1c335
Details	md5	2	eb4f0ea5aea6a1cab3d257cfb04023e2
Details	md5	2	d9bfe352512b49e002a2744f9d80879a
Details	md5	2	42d872a2eae6e4f0d171d1f291846e30
Details	md5	2	9e7212a41b4885094008bfe2c5e1b54e
Details	md5	2	e7ab3b74689203a229a62b87865f1e7c
Details	md5	2	35e8d4c313c7e793a5cc92995147a310
Details	md5	2	1d177fccdcc51ad5d20545bd65d9c352
Details	md5	2	cac32da3ef6d2c4551e73ebfafef4393
Details	md5	2	1c19601797e347b2c70c0cd48f7ccd9d
Details	md5	2	b11db475600ad34d68ad26fb30abe498
Details	md5	2	bc701846e84feb25a355f34194e2a957
Details	md5	2	04ecfc3fa0c53151d976f2d6fbd65c31
Details	md5	2	b1b76651c4db6ab4742722ce54e38789
Details	md5	2	55aba243e88f6a6813c117ffe1fa5979
Details	md5	2	213c60adf1c9ef88dc3c9b2d579959d2
Details	md5	2	231ce1e1d7d98b44371ffff407d68b59
Details	md5	2	b375e74a145c45d07190212e9157e5f8
Details	IPv4	1441	127.0.0.1
Details	IPv4	2	185.246.220.63
Details	Url	2	https://silverline.com.sg/new/revised_order_document.cab
Details	Url	2	https://silverline.com.sg/admin/xdfiifagcwrbrg.exe
Details	Url	2	https://silverline.com.sg/private/sz59020_jf_korea_co_ltd_sales_order.cab
Details	Url	2	https://silverline.com.sg/admin/fsofwcqmhvvgna.exe
Details	Url	2	https://silverline.com.sg/new/dvicvwxfouxvgm.exe
Details	Url	2	https://silverline.com.sg/new/eyeqkzxtfeyxwr.exe
Details	Url	2	https://sleda.sleda.eu/wp-content/themes/a0034372876rfq021423.cab
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run