← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Glupteba: Hidden Malware Delivery in Plain Sight
WHITE AlienVault 2020-06-24 Modified: 2020-06-24
58
IOCs
HIGH VOLUME
This morning, SophosLabs is publishing a report on a malware family whose infection numbers have been steadily growing since the beginning of the year. This malware, with its hard-to-pronounce name, has been getting regular updates and feature enhancements that seem to be focused on its ability to conceal itself from detection on infected computers. In our report, we’ve taken a deep dive into what makes the Glupteba malware distinctive. The core malware is, in essence, a dropper with extensive backdoor functionality, but it is a dropper that goes to great efforts to keep itself, and its various components, hidden from view by the human operator of an infected computer, or the security software charged with its protection.
Glupteba
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Glupteba Trojan:Win32/Glupteba VirTool:Win64/Glupteba
Indicators of Compromise (10 / 58 total)
All domain FileHash-SHA256 URL hostname BitcoinAddress FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL http://myonetime.top/w.php 2020-06-24
URL http://hotaction.online/ru53332/ 2020-06-24
URL https://hotbooks.xyz/ru5555/ 2020-06-24
URL https://maxbook.site/ru5555/ 2020-06-24
URL http://1.podcast.best/ru53332/ 2020-06-24
URL https://setbird.website/ru53332/ 2020-06-24
URL http://fundbook.xyz/ru53332/ 2020-06-24
URL http://netoftime.com/ru53332/ 2020-06-24
URL https://infocarnames.ru/ru53332/ 2020-06-24
URL http://capmusic.ru/ru53332/ 2020-06-24
References (3)
↗ https://github.com/sophoslabs/IoCs/blob/master/Trojan-Glupteba ↗ https://news.sophos.com/wp-content/uploads/2020/06/glupteba_final-1.pdf ↗ https://news.sophos.com/en-us/2020/06/24/glupteba-report/