← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kraken's two Domain Generation Algorithms | Oderoor aka: Bobax, Kraken
WHITE mohdrennis 2022-01-31 Modified: 2022-03-03
107
IOCs
HIGH VOLUME
The Kraken botnet features two different versions of the same algorithm that makes it impossible to identify the exact domains from a single infected sample, as shown in this blog post. and here is the full text.
krakenprngmalware analystcookbooknoticewin32algorithmjulyddnsdgasoderoorbobaxmalwarevobfus
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (107)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 04966960f3f5ed32ae479079a1bcf6e9 MD5 of e83bc2ec7975885424668171c2e106f7982bd409e01ce6281fb0e6e722e98810 2022-01-31
FileHash-MD5 0bfd909d651a11e3d3cdf5b091ee12a1 2022-01-31
FileHash-MD5 10fd78f9681d66d2dd39816b5f7f6ea6 MD5 of 5f004bd36715225c22ddb27d109a2b5f1c5215a6ce2df2e111c5fb49bc7161f9 MD5 of 5f004bd36715225c22ddb27d109a2b5f1c5215a6ce2df2e111c5fb49bc7161f9 2022-01-31
FileHash-MD5 1598723f88c6432e8ceee68336a08b01 2022-01-31
FileHash-MD5 15993254499407fd7cbe701be11106f1 2022-01-31
FileHash-MD5 17d4b6b618f7576023dd3b983416a180 2022-01-31
FileHash-MD5 1bfac857a733ec498fc1efc0ebb6a236 2022-01-31
FileHash-MD5 1cfb3882d79b42f2f881ea20cca0f780 2022-01-31
FileHash-MD5 1e291e57c007acd5aecbcddd156c46e6 2022-01-31
FileHash-MD5 1ec55311a564f8272d62ccb621a8b513 2022-01-31
FileHash-MD5 1fafa36c436af003b28fd9d7befddf01 2022-01-31
FileHash-MD5 20ff4c7b6265bc2b7e9b66bbfe4c8ee6 2022-01-31
FileHash-MD5 22a5ce2602e8a0f76e4ab1db713098c6 2022-01-31
FileHash-MD5 26e7996626da3fbf66b78c0b5969efc1 2022-01-31
FileHash-MD5 272577cdcd11389a4b95d5eae8f3c5b1 2022-01-31
FileHash-MD5 27549feb774b058fde65bc3936a0bf36 2022-01-31
FileHash-MD5 2807aafab5a799ff261b3f614aecbf91 2022-01-31
FileHash-MD5 2812ce13236087c1a5b30f63ae33c7a0 2022-01-31
FileHash-MD5 2825b9e636ad7a9304ea97981b68bf20 2022-01-31
FileHash-MD5 28d89ceb348459fd7d1468e130b1a706 2022-01-31
FileHash-MD5 292028779b7c4c2e525ccbad0e0f5161 2022-01-31
FileHash-MD5 2bc4df2819c8983b1511814809c2c641 2022-01-31
FileHash-MD5 2c3b96ca3a18140dfcd42434f3e03020 2022-01-31
FileHash-MD5 2c931871fef3b50c0bd2b4961419a311 2022-01-31
FileHash-MD5 2cae6bd4e939b318726eebb347db0a26 2022-01-31
FileHash-MD5 2cc5ad6770250338bd5844904fb18181 2022-01-31
FileHash-MD5 2d07ba427df9cd2c4af815015a484391 2022-01-31
FileHash-MD5 2d321324e9a28c834a750860122233c6 2022-01-31
FileHash-MD5 2db1a991aea1664e3dcbc5e75e108131 2022-01-31
FileHash-MD5 2f2a752f96ecb251efdc275f0ec8ea80 2022-01-31
FileHash-MD5 2fab042f7b482e8aa2c5ecd413f2eff1 2022-01-31
FileHash-MD5 2fcae2e2a9ed2f36bd399c77da2470c6 2022-01-31
FileHash-MD5 302471280652d2d1817757ef0f8ad656 2022-01-31
FileHash-MD5 30cc569d95b4401aa0681b8e01299981 2022-01-31
FileHash-MD5 30cf2bf448db73c75e153216d4cd4fc0 2022-01-31
FileHash-MD5 3127e3127a2a206a8dc6bc21f4693386 2022-01-31
FileHash-MD5 32d5e945a82fb6fb511e7bdd32cf8c21 2022-01-31
FileHash-MD5 33bf61ebeb41d157b45d3180d1f71b76 2022-01-31
FileHash-MD5 33c739e7d6aa599c05ff9f94a5768921 2022-01-31
FileHash-MD5 34defe58f6d305960fff8c295bd9b851 2022-01-31
FileHash-MD5 383977446a2a42bd1427703974265606 2022-01-31
FileHash-MD5 38ab4d2cda29c4ba1346da4b85c81800 2022-01-31
FileHash-MD5 39408e199dd996cbe915c5c32261c490 2022-01-31
FileHash-MD5 395df008604e98e228ed41ce67f213b1 2022-01-31
FileHash-MD5 3bc39b3af9f13317744fd0548503baa6 2022-01-31
FileHash-MD5 3ca13a5648d4f2573f28b37638333701 2022-01-31
FileHash-MD5 3d6d6bbe37b37be79c43dc6a7b052a46 2022-01-31
FileHash-MD5 60838eeb3f8cd311de0faef80909632d MD5 of 4606a621922b28be1ff7f4621713aaafd988b8c5f1153720200c5e6dad0c5416 MD5 of 4606a621922b28be1ff7f4621713aaafd988b8c5f1153720200c5e6dad0c5416 2022-01-31
FileHash-MD5 675d97e5cdd3b7e07c7945fa5398e599 2022-01-31
FileHash-MD5 c13abb6be8a1c7fc9b18c8fd0a9488b7 2022-01-31
FileHash-MD5 c413f1a0738a3b475db2ed44aecbf3ba 2022-01-31
FileHash-MD5 c7ec51ac3b9d91a483f1860c3d965f16 2022-01-31
FileHash-MD5 f2ae73d866bb4edd14ee96cf74fbb423 MD5 of 0fed48972c9b5c7fc6735db2b8764c45c95d45bde3764933b4a4909656c1ed47 2022-01-31
FileHash-SHA1 2a160214e2ac2fd530f0eb53a68d2a2b9ee3c334 SHA1 of 17d4b6b618f7576023dd3b983416a180 2022-01-31
FileHash-SHA1 42107f8b2a2bec75de082193e4f2e406b9b1f185 SHA1 of 5f004bd36715225c22ddb27d109a2b5f1c5215a6ce2df2e111c5fb49bc7161f9 SHA1 of 5f004bd36715225c22ddb27d109a2b5f1c5215a6ce2df2e111c5fb49bc7161f9 2022-01-31
FileHash-SHA1 5c8638756c8b21e4b0bbd937143e110cf8492090 SHA1 of 2cc5ad6770250338bd5844904fb18181 2022-01-31
FileHash-SHA1 80f909259e5ab044c24cbcde93aa7a718f36350f SHA1 of 1ec55311a564f8272d62ccb621a8b513 2022-01-31
FileHash-SHA1 9d25144509a88cef2bc28b8df73048f611c5bc87 SHA1 of e83bc2ec7975885424668171c2e106f7982bd409e01ce6281fb0e6e722e98810 2022-01-31
FileHash-SHA1 9ee387aac6fdbadcce191dc35a57443e3d2edb89 SHA1 of c413f1a0738a3b475db2ed44aecbf3ba 2022-01-31
FileHash-SHA1 a802e9db0ecd96fc07a7dc9f313e377055849fc9 SHA1 of 4606a621922b28be1ff7f4621713aaafd988b8c5f1153720200c5e6dad0c5416 SHA1 of 4606a621922b28be1ff7f4621713aaafd988b8c5f1153720200c5e6dad0c5416 2022-01-31
FileHash-SHA1 ba0b8662a76830bfe088dac3b92a835371c2c160 SHA1 of 0fed48972c9b5c7fc6735db2b8764c45c95d45bde3764933b4a4909656c1ed47 2022-01-31
FileHash-SHA256 0fed48972c9b5c7fc6735db2b8764c45c95d45bde3764933b4a4909656c1ed47 2022-01-31
FileHash-SHA256 4606a621922b28be1ff7f4621713aaafd988b8c5f1153720200c5e6dad0c5416 2022-01-31
FileHash-SHA256 5f004bd36715225c22ddb27d109a2b5f1c5215a6ce2df2e111c5fb49bc7161f9 2022-01-31
FileHash-SHA256 82d5278c02a44bf9c69eda34a57193b9bac22444116e620b786a92f5b9cb6e46 SHA256 of 17d4b6b618f7576023dd3b983416a180 2022-01-31
FileHash-SHA256 a97ba73a76df83ca934700b1f3f61851beee3a9af21272323408a4fa3424a64b SHA256 of 1ec55311a564f8272d62ccb621a8b513 2022-01-31
FileHash-SHA256 e4be651384098636cc9fa322ef938a0e079949983858a3420af09047ffa586af SHA256 of c413f1a0738a3b475db2ed44aecbf3ba 2022-01-31
FileHash-SHA256 e83bc2ec7975885424668171c2e106f7982bd409e01ce6281fb0e6e722e98810 2022-01-31
FileHash-SHA256 fdc3698937271d915c71b1ad4bb1d5b6e3914ed592b04d3f89b19350f011fda8 SHA256 of 2cc5ad6770250338bd5844904fb18181 2022-01-31
domain args.date 2022-01-31
domain bizyssylscs.com 2022-01-31
domain datetime.now 2022-01-31
domain dynserv.com 2022-01-31
domain egbmbdey.cc 2022-01-31
domain egbmbdey.net 2022-01-31
domain gktdtghza.com 2022-01-31
domain glmvhcm.tv 2022-01-31
domain gwbgmsmhgsp.com 2022-01-31
domain iuhqhbmq.net 2022-01-31
domain iuhqhbmq.tv 2022-01-31
domain lvctmusxcyz.net 2022-01-31
domain ogoqxbevdeqm.net 2022-01-31
domain oxfjukumll.net 2022-01-31
domain pgmryukdb.cc 2022-01-31
domain toogdpdiekwh.com 2022-01-31
domain vsdvzwt.com 2022-01-31
domain vwmlcid.tv 2022-01-31
domain wedlgyvplmt.cc 2022-01-31
domain wixcaiktigew.com 2022-01-31
domain xewokii.net 2022-01-31
domain zoipmnwr.cc 2022-01-31
hostname adrcgmzrm.dyndns.org 2022-01-31
hostname csukibyyt.mooo.com 2022-01-31
hostname dcdkfq.mooo.com 2022-01-31
hostname dljemwae.dynserv.com 2022-01-31
hostname ghcxncadnj.dyndns.org 2022-01-31
hostname gyuzohut.dyndns.org 2022-01-31
hostname hmhxnupkc.mooo.com 2022-01-31
hostname hovdworcxd.dynserv.com 2022-01-31
hostname hshfmrobfjr.dynserv.com 2022-01-31
hostname iskqszufrft.dyndns.org 2022-01-31
hostname lfiavsbyntu.dyndns.org 2022-01-31
hostname nlnylxvrbel.mooo.com 2022-01-31
hostname prifhjstv.mooo.com 2022-01-31
hostname quowesuqbbb.mooo.com 2022-01-31
hostname rffcteo.dyndns.org 2022-01-31
hostname uaqjtycx.dynserv.com 2022-01-31
References (1)
↗ https://web.archive.org/web/20160324035554/https://www.johannesbader.ch/2015/12/krakens-two-domain-generation-algorithms//