ioc[.]one - OSINT Cyber Threat Intelligence Database

Operation Buhtrap, the trap for Russian accountants | WeLiveSecurity

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Keylogging - T1056.001 Keylogging - T1417.001 Local Account - T1087.001 Local Account - T1136.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Trap - T1546.005 Tool - T1588.002 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	fa8589a7-df98-4d18-a7c5-6c35c5d053a8
Fingerprint	e31438390d31a3d1
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 9, 2015, 12:44 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	Operation Buhtrap, the trap for Russian accountants
Title	Operation Buhtrap, the trap for Russian accountants \| WeLiveSecurity
Detected Hints/Tags/Attributes	89/3/186

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2015/04/09/operation-buhtrap/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	CVE	176	cve-2012-0158
Details	CVE	12	cve-2013-3660
Details	Domain	1	sib.taatta.net
Details	Domain	1	clbank.minbank.ru
Details	Domain	1	isfront.priovtb.com
Details	Domain	1	chelindbank.ru
Details	Domain	1	e-plat.mdmbank.com
Details	Domain	1	sberweb.zubsb.ru
Details	Domain	1	beta.mcb.ru
Details	Domain	1	spy.agent.one
Details	Domain	1	store.kontur-expres.com
Details	Domain	1	balans2w.balans2.com
Details	Domain	1	forum.buhonline.info
Details	Domain	1	rss.mercurynews.biz
Details	Domain	1	topic.buhgalter-info.com
Details	Domain	1	help.b-kontur.org
Details	Domain	3	playback.savefrom.biz
Details	Domain	1	video1.cab
Details	Domain	3	download.sendspace.biz
Details	Domain	4	install.cab
Details	Domain	1	library.source-forge.info
Details	Domain	1	cabinstal.cab
Details	Domain	1	cabinstal3.cab
Details	Domain	3	new.pikabu-story.com
Details	Domain	1	file1.cab
Details	Domain	1	getdownloadsfile.com
Details	Domain	1	new1.cab
Details	Domain	1	mega.cab
Details	File	1	522375-флорл-14-115.doc
Details	File	1	kontrakt87.doc
Details	File	1	isapigate.dll
Details	File	3	bsi.dll
Details	File	1	iis-gate.dll
Details	File	5	ip-client.exe
Details	File	3	pkimonitor.exe
Details	File	3	bc_loader.exe
Details	File	3	cbshell.exe
Details	File	3	bankline.exe
Details	File	3	prclient.exe
Details	File	3	pmodule.exe
Details	File	3	client2008.exe
Details	File	3	clb.exe
Details	File	3	geminiclientstation.exe
Details	File	4	rclient.exe
Details	File	3	pn.exe
Details	File	3	ibcremote31.exe
Details	File	3	clibank.exe
Details	File	1	_clientbank.exe
Details	File	3	saclient.exe
Details	File	3	postmove.exe
Details	File	4	_ftcgpk.exe
Details	File	3	clibankonlineen.exe
Details	File	5	isclient.exe
Details	File	3	srclbclient.exe
Details	File	3	productprototype.exe
Details	File	3	scardsvr.exe
Details	File	3	clibankonlineru.exe
Details	File	3	cws.exe
Details	File	3	twawebclient.exe
Details	File	3	quickpay.exe
Details	File	3	cl_1070002.exe
Details	File	3	clibankonlineua.exe
Details	File	4	clbank.exe
Details	File	3	vegaclient.exe
Details	File	3	rclaunch.exe
Details	File	5	intpro.exe
Details	File	3	client2.exe
Details	File	3	imblink32.exe
Details	File	3	dsstart.exe
Details	File	3	retail.exe
Details	File	3	upmaster.exe
Details	File	3	client6.exe
Details	File	5	cbsmain.dll
Details	File	3	dtpaydesk.exe
Details	File	3	retail32.exe
Details	File	4	sgbclient.exe
Details	File	3	clientbk.exe
Details	File	3	gpbclientsftcws.exe
Details	File	3	eelclnt.exe
Details	File	3	translink.exe
Details	File	3	el_cli.exe
Details	File	3	clntstr.exe
Details	File	15	run.exe
Details	File	3	elbank.exe
Details	File	3	unistream.exe
Details	File	3	mwclient32.exe
Details	File	3	clntw32.exe
Details	File	3	etprops.exe
Details	File	3	uralprom.exe
Details	File	3	adirect.exe
Details	File	3	contactng.exe
Details	File	3	sx_doc_ni.exe
Details	File	3	etsrv.exe
Details	File	3	w32mkde.exe
Details	File	3	bclient.exe
Details	File	12	core.exe
Details	File	3	icb_c.exe
Details	File	3	ibconsole.exe
Details	File	6	wclnt.exe
Details	File	4	bc.exe
Details	File	3	cshell.exe
Details	File	27	client32.exe
Details	File	3	kb_cli.exe
Details	File	3	wfinist.exe
Details	File	3	ant.exe
Details	File	3	cyberterm.exe
Details	File	3	bankcl.exe
Details	File	3	klbs.exe
Details	File	4	winpost.exe
Details	File	3	arm.exe
Details	File	69	client.exe
Details	File	3	icltransportsystem.exe
Details	File	3	klientbnk.exe
Details	File	3	wupostagent.exe
Details	File	3	arm_mt.exe
Details	File	3	cncclient.exe
Details	File	3	gpbclient.exe
Details	File	3	lfcpaymentais.exe
Details	File	3	zvit1df.exe
Details	File	3	armsh95.exe
Details	File	3	bbclient.exe
Details	File	3	clmain.exe
Details	File	3	loadmain.exe
Details	File	1	budget.exe
Details	File	3	asbank_lite.exe
Details	File	3	eximclient.exe
Details	File	3	oncbcli.exe
Details	File	3	lpbos.exe
Details	File	8	cb.exe
Details	File	5	bank.exe
Details	File	3	fcclient.exe
Details	File	3	clbank3.exe
Details	File	3	mebiusbankxp.exe
Details	File	3	cb193w.exe
Details	File	3	bank32.exe
Details	File	4	iscc.exe
Details	File	4	rmclient.exe
Details	File	3	mmbank.exe
Details	File	3	cbank.exe
Details	File	4	bbms.exe
Details	File	3	kabinet.exe
Details	File	3	fcolseow.exe
Details	File	3	pcbank.exe
Details	File	6	bk.exe
Details	File	3	srclbstart.exe
Details	File	3	rkcloader.exe
Details	File	3	pinpayr.exe
Details	File	3	cbsmain.exe
Details	File	3	bk_kw32.exe
Details	File	3	srcbclient.exe
Details	File	2	uarm.exe
Details	File	3	pionner.exe
Details	File	3	bnk.exe
Details	File	3	upp_4.exe
Details	File	2	nlnotes.exe
Details	File	1	l1.exe
Details	File	1	cc1.exe
Details	File	40	cryptbase.dll
Details	File	41	wusa.exe
Details	File	10	mimi.exe
Details	File	3	xtm.exe
Details	File	1	lmpack.exe
Details	File	3	pn_pack.exe
Details	File	1	buhonline.inf
Details	File	1	video1.cab
Details	File	3	video_1.cab
Details	File	3	install.cab
Details	File	1	l.cab
Details	File	1	source-forge.inf
Details	File	1	cabinstal.cab
Details	File	1	cabinstal3.cab
Details	File	1	file1.cab
Details	File	1	new1.cab
Details	File	1	mega.cab
Details	sha1	1	cf5a43d14c6ad0c7fdbcbe632ab7c789e39443ee
Details	sha1	1	e9af1f9af597a9330c52a7686bf70b0094ad7616
Details	sha1	1	3e1a6e52a1756017dd8f03ff85ec353273b20c66
Details	sha1	1	efad94fc87b2b3a652f1a98901204ea8fbeef474
Details	sha1	1	64b79c92388244a8145bb786ba5f6b7d168fe620
Details	sha1	1	9d081716e83c3075b2c80bb8806a257eed35929c
Details	sha1	1	cac0b41ef7eedcd3a8a5f83f7424c426ca05925c
Details	sha1	1	b29e9611f081197f273c475c5d185d774b2ca3d2
Details	sha1	1	81b15a774c2fe146aeebaf9c10a5b907e38cdd26
Details	sha1	1	3a643be0cea73084c6e4e6fe5dd3626e7f54e9ce
Details	sha1	1	ba8168c0b69d345098ebc1c3b7c90ca28097e4ff
Details	IPv4	1	91.218.231.79