← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Glupteba Expands Operation and Toolkit with Lolbins and Cryptominer
Thus far in 2019, the Cybereason Nocturnus team has encountered several variants of the trojan Glupteba. Glupteba was first spotted in 2011 as a malicious proxy generating spam and click-fraud traffic from a compromised machine. Since then, it has been distributed through several different methods and used in multiple attacks, including Operation Windigo until 2018. The majority of Glupteba’s history has revolved around Operation Windigo, though over the years the malware has matured significantly to be part of its own botnet and distributed via Adware.
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Trojan:Win32/Glupteba
Indicators of Compromise (16)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | okonewacon.com | — | 2019-09-16 | |
| domain | venoxcontrol.com | — | 2019-09-16 | |
| domain | blackempirebuild.com | — | 2019-09-16 | |
| domain | weekdanys.com | — | 2019-09-16 | |
| domain | postnews.club | — | 2019-09-16 | |
| domain | roundworld.club | — | 2019-09-16 | |
| domain | fstyline.xyz | — | 2019-09-16 | |
| FileHash-SHA1 | 3fd92c0224de69048fd8f7d06be85709f25d6573 | — | 2019-09-16 | |
| FileHash-SHA1 | e039dd924d12f264521b8e689426fb7ca95a0a7b | — | 2019-09-16 | |
| FileHash-SHA1 | becd31acf5ed0396433b7d836fe0d4c3fae29169 | — | 2019-09-16 | |
| FileHash-SHA1 | 9aee63e75d36fec78c98cf2d7ce5ef1bb5ed07b1 | — | 2019-09-16 | |
| FileHash-SHA1 | fc68e60898a6002f010cd5f64dc3b08376943942 | — | 2019-09-16 | |
| FileHash-SHA1 | 41152020a3b618745611e905336e033b648ab4eb | — | 2019-09-16 | |
| FileHash-SHA1 | c0619fa97488838522e23181b80dbe8b25bf45ab | — | 2019-09-16 | |
| FileHash-SHA1 | 3246cae15f576b3f35ed21d125d2cc0203291019 | — | 2019-09-16 | |
| FileHash-SHA1 | 1637f07b521ab147226d5ebdd245ef96eb53ad7a | — | 2019-09-16 |