← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Glupteba: Hidden Malware Delivery in Plain Sight
WHITE AlienVault 2020-06-24 Modified: 2020-06-24
58
IOCs
HIGH VOLUME
This morning, SophosLabs is publishing a report on a malware family whose infection numbers have been steadily growing since the beginning of the year. This malware, with its hard-to-pronounce name, has been getting regular updates and feature enhancements that seem to be focused on its ability to conceal itself from detection on infected computers. In our report, we’ve taken a deep dive into what makes the Glupteba malware distinctive. The core malware is, in essence, a dropper with extensive backdoor functionality, but it is a dropper that goes to great efforts to keep itself, and its various components, hidden from view by the human operator of an infected computer, or the security software charged with its protection.
Glupteba
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Glupteba Trojan:Win32/Glupteba VirTool:Win64/Glupteba
Indicators of Compromise (58)
All domain FileHash-SHA256 URL hostname BitcoinAddress FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
domain bestblues.tech 2020-06-24
domain easywbdesign.com 2020-06-24
domain hotbooks.xyz 2020-06-24
domain sndvoices.com 2020-06-24
domain whitecontroller.com 2020-06-24
domain maxbook.space 2020-06-24
domain getfixed.xyz 2020-06-24
domain myonetime.top 2020-06-24
domain netoftime.com 2020-06-24
domain capmusic.ru 2020-06-24
domain hotaction.online 2020-06-24
domain gfixprice.xyz 2020-06-24
domain venoxcontrol.com 2020-06-24
domain fundbook.xyz 2020-06-24
domain anotheronedom.com 2020-06-24
domain gamedate.xyz 2020-06-24
domain sleepingcontrol.com 2020-06-24
domain setbird.website 2020-06-24
domain robotatten.com 2020-06-24
domain maxbook.site 2020-06-24
domain infocarnames.ru 2020-06-24
FileHash-SHA256 eb35bb221de38f5953f923cd349b4c85a50145329152a8aaa01e4cd8602a560e 2020-06-24
FileHash-SHA256 6b0d90a0571ec870fa26372a1c5d83d06e8febca130a8f710e0c389a3054e05c 2020-06-24
FileHash-SHA256 73fddd441a764e808ed6d6b8f3d0d13713e61221aa3cfef7da91cdaf112fe061 2020-06-24
FileHash-SHA256 83bbe9e7b7967ecbc493f8ea40947184c6c7346c6084431fceea0401a6279d29 2020-06-24
FileHash-SHA256 dec11036bca8384f81c0c1d534e1f37fd2864c974dad020f32b835af3c7c4e28 2020-06-24
FileHash-SHA256 20e983e90144c385996eeb2edb584d654d898c34725e149682170f870ee12870 2020-06-24
FileHash-SHA256 04d71e8af8b5cbec912b82b6ebef7c19c5b888873dfd4609b1e38b2a6c398b2e 2020-06-24
FileHash-SHA256 407c70f0c1a1e34503dae74dd973cf037d607e3c4deb8f063d33f2142f1baf71 2020-06-24
FileHash-SHA256 0b2a84359501923d1aa6ccd4e03b3f1b619e01d978efae45feea34a4d0ffed04 2020-06-24
FileHash-SHA256 8d19c59db26a3e0a3251c5f05e143558bf009ed0b46fb9b6151f98441407ae8b 2020-06-24
URL http://myonetime.top/w.php 2020-06-24
URL http://hotaction.online/ru53332/ 2020-06-24
URL https://hotbooks.xyz/ru5555/ 2020-06-24
URL https://maxbook.site/ru5555/ 2020-06-24
URL http://1.podcast.best/ru53332/ 2020-06-24
URL https://setbird.website/ru53332/ 2020-06-24
URL http://fundbook.xyz/ru53332/ 2020-06-24
URL http://netoftime.com/ru53332/ 2020-06-24
URL https://infocarnames.ru/ru53332/ 2020-06-24
URL http://capmusic.ru/ru53332/ 2020-06-24
hostname 1.podcast.best 2020-06-24
BitcoinAddress 1CgPCp3E9399ZFodMnTSSvaf5TpGiym2N1 2020-06-24
BitcoinAddress 15y7dskU5TqNHXRtu5wzBpXdY5mT4RZNC6 2020-06-24
FileHash-MD5 89c47e27bec5a374476ffaf92ab2b6d2 MD5 of 407c70f0c1a1e34503dae74dd973cf037d607e3c4deb8f063d33f2142f1baf71 2020-06-24
FileHash-MD5 705e482bbc7e2352ea1d3752a1717bb3 MD5 of 6b0d90a0571ec870fa26372a1c5d83d06e8febca130a8f710e0c389a3054e05c 2020-06-24
FileHash-MD5 10260f22b1d86f816a9680e0f620cf7c MD5 of eb35bb221de38f5953f923cd349b4c85a50145329152a8aaa01e4cd8602a560e 2020-06-24
FileHash-MD5 24e0013035473ba9d9af84f606340d51 MD5 of 04d71e8af8b5cbec912b82b6ebef7c19c5b888873dfd4609b1e38b2a6c398b2e 2020-06-24
FileHash-MD5 9155e8dbc4ee97b39f9977f4100a39b6 MD5 of dec11036bca8384f81c0c1d534e1f37fd2864c974dad020f32b835af3c7c4e28 2020-06-24
FileHash-MD5 e5c9a456e3646af493e694d7640a93b6 MD5 of 20e983e90144c385996eeb2edb584d654d898c34725e149682170f870ee12870 2020-06-24
FileHash-MD5 6130078138001184cb492a1472b677f5 MD5 of 8d19c59db26a3e0a3251c5f05e143558bf009ed0b46fb9b6151f98441407ae8b 2020-06-24
FileHash-SHA1 6486a7db83b1be2ed5ef7239262d22508d3e075a SHA1 of 407c70f0c1a1e34503dae74dd973cf037d607e3c4deb8f063d33f2142f1baf71 2020-06-24
FileHash-SHA1 687e062f904c32366aeed7c1dd1c42539470a027 SHA1 of 6b0d90a0571ec870fa26372a1c5d83d06e8febca130a8f710e0c389a3054e05c 2020-06-24
FileHash-SHA1 23f4059d15d91e19dc524dd966a8324f7e5ad525 SHA1 of eb35bb221de38f5953f923cd349b4c85a50145329152a8aaa01e4cd8602a560e 2020-06-24
FileHash-SHA1 1f3f38ef239e745726609ff1a73fab9547bb7925 SHA1 of 04d71e8af8b5cbec912b82b6ebef7c19c5b888873dfd4609b1e38b2a6c398b2e 2020-06-24
FileHash-SHA1 bf018fcd38e0bea69735b9f07b09a75f8cf45b4a SHA1 of dec11036bca8384f81c0c1d534e1f37fd2864c974dad020f32b835af3c7c4e28 2020-06-24
FileHash-SHA1 ef5d785570e2dbd6d4a22a41e6a93b300fd9f73e SHA1 of 20e983e90144c385996eeb2edb584d654d898c34725e149682170f870ee12870 2020-06-24
FileHash-SHA1 40b8a75b073794537248da8e86d354dbd35c6bb3 SHA1 of 8d19c59db26a3e0a3251c5f05e143558bf009ed0b46fb9b6151f98441407ae8b 2020-06-24
References (3)
↗ https://github.com/sophoslabs/IoCs/blob/master/Trojan-Glupteba ↗ https://news.sophos.com/wp-content/uploads/2020/06/glupteba_final-1.pdf ↗ https://news.sophos.com/en-us/2020/06/24/glupteba-report/