sLoad and Ramnit pairing in sustained campaigns against UK and Italy | Proofpoint US
Tags
cmtmf-attack-pattern: Geofencing
country: Canada Italy United Kingdom
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Geofencing - T1627.001 Geofencing - T1581 Link Target - T1608.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID f8ba29ad-6ac9-4c0c-a052-a534e18081e5
Fingerprint a4ef18ff0924a681
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 23, 2018, 2 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 4:38 a.m.
Headline sLoad and Ramnit pairing in sustained campaigns against UK and Italy
Title sLoad and Ramnit pairing in sustained campaigns against UK and Italy | Proofpoint US
Detected Hints/Tags/Attributes 74/4/51
Source URLs
Redirection Url
Details Source https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy
URL Provider
Details Provider Source level domain
Details proofpoint.com www.proofpoint.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
invasivespecies.us
Details Domain 1 
hotline.com
Details Domain 2 
lookper.eu
Details Domain 3 
nwolb.com
Details Domain 3 
barclays.co.uk
Details Domain 13 
asert.arbornetworks.com
Details Domain 427 
isc.sans.edu
Details Domain 8 
myonlinesecurity.co.uk
Details Domain 5 
blog.dynamoo.com
Details Domain 201 
msdn.microsoft.com
Details Domain 3 
www.uperesia.com
Details Domain 1 
lifeinhex.com
Details Domain 1 
davidharvill.org
Details Domain 1 
schwerdt.org
Details Domain 1 
ticket-t559658356711702.zip
Details Domain 1 
hotkine.com
Details Domain 2 
maleass.eu
Details Domain 1 
informanetwork.com
Details Domain 1 
xohrikvjhiu.eu
Details File 1 
p2.txt
Details File 1 
h2.txt
Details File 68 
config.ini
Details File 3 
web.ini
Details File 6 
img.php
Details File 6 
captcha.php
Details File 20 
p.php
Details File 2 
highly-personalised-malspam-making.html
Details File 1 
dd871305.aspx
Details File 1 
ticket-t559658356711702.zip
Details File 1 
thrthh.txt
Details sha256 1 
5ea968cdefd2faabb3b4380a3ff7cb9ad21e03277bcd327d85eb87aaeecda282
Details sha256 1 
a446afb6df85ad7819b90026849a72de495f2beed1da7dcd55c09cd33669d416
Details sha256 1 
79233b83115161065e51c6630634213644f97008c4da28673e7159d1b4f50dc2
Details sha256 1 
245c12a6d3d43420883a688f7e68e7164b3dda16d6b7979b1794cafd58a34d6d
Details sha256 1 
b1032db65464a1c5a18714ce3541fca3c82d0a47fb2e01c31d7d4c3d5ed60040
Details IPv4 1 
185.197.75.35
Details Url 1 
https://asert.arbornetworks.com/snatchloader-reloaded
Details Url 3 
https://isc.sans.edu/forums/diary/malicious
Details Url 1 
https://myonlinesecurity.co.uk/your-order-no-8194788-has-been-processed-malspam-delivers-malware
Details Url 1 
http://blog.dynamoo.com/2017/02/highly-personalised-malspam-making.html
Details Url 1 
https://msdn.microsoft.com/en-us/library/dd871305.aspx
Details Url 1 
https://www.uperesia.com/booby-trapped-shortcut-generator
Details Url 1 
https://lifeinhex.com/analyzing-malicious-lnk-file
Details Url 1 
https://invasivespecies.us/htmlticket-access/ticket-t559658356711702
Details Url 1 
https://davidharvill.org/htmlticket-access/ticket-v081650502356
Details Url 1 
https://schwerdt.org/htmlticket-access/ticket-823624156690858
Details Url 1 
https://hotkine.com/otki2/kine
Details Url 1 
https://lookper.eu/userfiles/p2.txt
Details Url 1 
https://lookper.eu/userfiles/h2.txt
Details Url 1 
https://maleass.eu/images//img.php?ch=1
Details Url 1 
https://informanetwork.com/update/thrthh.txt