ioc[.]one - OSINT Cyber Threat Intelligence Database

Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa

Tags

country:	Canada Cuba France
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Windows Service - T1543.003 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	f9b11e71-fbed-4993-8004-f64e8405a1cf
Fingerprint	9431dd2fe8b5962d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 5, 2023, midnight
Added to db	Dec. 19, 2024, 12:04 a.m.
Last updated	Dec. 21, 2024, 4:01 p.m.
Headline	Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
Title	Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
Detected Hints/Tags/Attributes	92/3/68

Source URLs

	Redirection	Url
Details	Redirection	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa
Details	Redirection	https://symantec-enterprise-blogs.security.com/threat-intelligence/bluebottle-banks-targeted-africa
Details	Source	https://www.security.com/threat-intelligence/bluebottle-banks-targeted-africa

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com
Details	security.com	www.security.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	personnel.bdm-sa.fr
Details	Domain	448	asp.net
Details	Domain	74	transfer.sh
Details	Domain	4	files.ddrive.online
Details	Domain	2	transmissive-basin.000webhostapp.com
Details	Domain	2	udapte.adesy.in
Details	Domain	5	banqueislamik.ddrive.online
Details	File	1	poste.exe
Details	File	1	candidature.exe
Details	File	1	candidature.pdf
Details	File	18	ieinstal.exe
Details	File	6	aspnet_regbrowsers.exe
Details	File	2	ca1.exe
Details	File	135	sc.exe
Details	File	1	%temp%\fgt.sys
Details	File	2	xwo_unbkj213.bin
Details	File	2	nhmzju.rtf
Details	File	2	oisxup.rtf
Details	File	2	ca3.exe
Details	sha256	1	117c66c0aa3f7a5208b3872806d481fd8d682950573c2a7acaf7c7c7945fe10d
Details	sha256	1	c56c915cd0bc528bdb21d6037917d2e4cde18b2ef27a4b74a0420a5f205869e6
Details	sha256	1	91b3546dde60776ae3ed84fdf4f6b5fba7d39620f0a6307280265cde3a33206b
Details	sha256	1	9c4c9fa4d8935df811cae0ce067de54ffdb5cfb4f99b4bc36c5aa2a1ac6f9c8f
Details	sha256	1	1f6be4c29dfb50f924377444e5ca579d3020985a357533fc052226f0091febf6
Details	sha256	1	d5b8009dcb50aac8a889e24f038a52fe09721d142a3f1eaa74ac37fff45e9ba2
Details	sha256	1	ae4ff662c959cf24df621a2c0b934ed1fa1c26a270a180f695cd5295579afbbd
Details	sha256	1	0612ef9d2239edeab05f421e3188e2cfcadacbaeafbc9b8e35e778f7234aaa3b
Details	sha256	1	4acd4335ca43783ff52c0ccbb7e757ea14fb261c33d08268e85ed0ac34e0abec
Details	sha256	1	47718762dc043f84fb641b1e0a8c65401160cc2e558fd38c14d5d35a114b93cb
Details	sha256	1	a539961f80feb689546a2e334b03aed81252a04fae032e2d28ed9a7000b3afff
Details	sha256	1	07ca6122fde46d48f71bcde356d5eeb89040e4a6e83441968a9dade98dc36fe5
Details	sha256	1	938f50cb2e2d670497209e8cef5bf1042f752b6bf76d1547d68040b5a27f618b
Details	sha256	1	a257eeebba15afecf76b89a379e066e5ed79a2bb9da349c1fdb5a24316abc753
Details	sha256	1	f276c6a25d6b865c6202978f1d409e8b74e063263eab517f249cf6d3ad3fae4a
Details	sha256	1	3d0fd0444a9e295135ecfdc8c87ddc6dcdff63969c745e0218469332aef18dfe
Details	sha256	1	ac98e6bf6d16904355b1c706bc2b79761a8b09044da40f2c8bce35142ef8bcc8
Details	sha256	1	ca75b0864d8308efe94eb0822de55eb7f5cfd482d2190100dfd00d433ee790a0
Details	sha256	1	088110b0ee3588a4822049cf60fff31c67323a9b5993eae3104cc9737a47ce0c
Details	sha256	1	b4adbb5d017d6452c2e1700584261cd3170ee5a14ac658424945f15177494ba1
Details	sha256	1	818284e7ea0a4bd64ba0eda664f51877ed8c6d35bf052898559dbf4ad8030968
Details	sha256	1	fa6ca0a168f3400a00dc43f1be07296f4111d7ad9b275809217a9269dd613ae8
Details	sha256	1	d5b3b1304739986298ba9b7c3ff8b40b3740233d6bb02437ce61a20ee87468bc
Details	sha256	1	8495a328fdd4afd33c3336e964802018d44c1dda15b804560743d6276e926218
Details	sha256	1	ce2ea1807d984e1392599d05f7ab742bae4f20f8ef80c5a514fbdeede2ff7e55
Details	sha256	1	e933ec0f52cbc60b92134d48b08661b1af25c7d93ff5041fc704559b45bd85b8
Details	sha256	1	6db5e2bb146b11182f29d03b036af4e195044f0ef7a8f7c4429f5d4201756b8f
Details	sha256	1	f4fba2181668f766fdfbd1362420a53ac0b987f999c95baf5dbe235fd3bad4b8
Details	sha256	1	ec2146655e2c04bf87b8db754dd2e92b8c48c4df47b64a9adc1252efd8618e62
Details	sha256	1	e5633d656dea530a62f5ad2792f253e74453712be34d2eadfb49190f7a9ee10b
Details	sha256	2	0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc
Details	sha256	1	5090f311b37309767fb41fa9839d2770ab382326f38bab8c976b83ec727e6796
Details	sha256	1	5e245281f4924c139dd90c581fc79105ea19980baa68eeccf5bf36ae613399b9
Details	sha256	4	31eb1de7e840a342fd468e558e5ab627bcb4c542a8fe01aec4d5ba01d539a0fc
Details	IPv4	2	178.73.192.15
Details	IPv4	2	85.239.34.152
Details	IPv4	2	46.246.86.12
Details	IPv4	3	185.225.73.165
Details	Mandiant Uncategorized Groups	124	UNC3944
Details	Url	2	http://178.73.192.15/ca1.exe
Details	Url	2	http://files.ddrive.online:444/load
Details	Url	2	http://85.239.34.152/download/xwo_unbkj213.bin
Details	Url	2	https://transmissive-basin.000webhostapp.com
Details	Url	2	https://udapte.adesy.in
Details	Url	2	https://transfer.sh/get/mkwvwi/nhmzju.rtf
Details	Url	2	https://transfer.sh/get/rtplqa/oisxup.rtf
Details	Url	2	http://files.ddrive.online:4448/a
Details	Url	2	http://banqueislamik.ddrive.online:4448/zpjh
Details	Url	2	http://46.246.86.12/ca3.exe