← Back to Pulse Feed
PULSE DETAIL
The malware, which is distributed through fraudulent ads or software cracks, is also equipped to retrieve additional payloads that enable it to steal credentials, mine cryptocurrencies, and expand its reach by exploiting vulnerabilities in IoT devices from MikroTik and Netgear.
It's also an instance of an unusual malware that leverages blockchain as a mechanism for command-and-control (C2) since at least 2019, rendering its infrastructure resistant to takedown efforts as in the case of a traditional server.
MITRE ATT&CK & Malware Families
Indicators of Compromise (117)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| BitcoinAddress | 12EfzLra6LttQ8RWvBTDzJUjYE6eRxx4TY | — | 2022-12-20 | |
| BitcoinAddress | 14XZhcCJDguZuZF4p13tfLXJ6puudY7gqs | — | 2022-12-20 | |
| BitcoinAddress | 15nWGFaodg3efVKATgsaaSPU2TxSbiMHcP | — | 2022-12-20 | |
| BitcoinAddress | 15y7dskU5TqNHXRtu5wzBpXdY5mT4RZNC6 | — | 2022-12-20 | |
| BitcoinAddress | 19RzEN3pqHvgRHGMjjtYCqjVTXt8bnHkK3 | — | 2022-12-20 | |
| BitcoinAddress | 1AuWUMtjPo7Cc1Ji2pz7DWVvVJ5EjiUaHh | — | 2022-12-20 | |
| BitcoinAddress | 1BL6NZSoXtMSdquRmePDUCQxFaXtLLSVWG | — | 2022-12-20 | |
| BitcoinAddress | 1BqY56No1LR64AGcog4mF54UTPnjrPAPHz | — | 2022-12-20 | |
| BitcoinAddress | 1BrEshrz6gVbVuHGBgJ5GuHBvC2sdoeTAJ | — | 2022-12-20 | |
| BitcoinAddress | 1CUhaTe3AiP9Tdr4B6wedoe9vNsymLiD97 | — | 2022-12-20 | |
| BitcoinAddress | 1CfevVPC8cSpFf7QKQwShrFgQYfyQaoXhc | — | 2022-12-20 | |
| BitcoinAddress | 1CgPCp3E9399ZFodMnTSSvaf5TpGiym2N1 | — | 2022-12-20 | |
| BitcoinAddress | 1Cxy9e6KtHtBJrQwCwpKgcyp6dhncx6eNh | — | 2022-12-20 | |
| BitcoinAddress | 1CzetoTU29WbhNy1UozrQpxuFuCVxffbTd | — | 2022-12-20 | |
| BitcoinAddress | 1GLjCyG3fDf7vT3SxwtEUx7Z2w2UQrR3FU | — | 2022-12-20 | |
| BitcoinAddress | 1HSC8Yt2yjuFUSGpUfJnwLMr4HzNxV3dvP | — | 2022-12-20 | |
| BitcoinAddress | 1HjoomvzjtvZdbznoEijTNAkMjmsFba9fY | — | 2022-12-20 | |
| BitcoinAddress | 1HzJkTn6Z5nDrgbR6dHVBDVtsRYqwDmGzN | — | 2022-12-20 | |
| BitcoinAddress | 1KfLXEveeDEi58wvuBBxuywUA1V66F5QXK | — | 2022-12-20 | |
| BitcoinAddress | 1LQ2EPBwPqdbmXwN6RodPS4xqcm8EtPcaB | — | 2022-12-20 | |
| BitcoinAddress | 1MuJwQKLQKt1VCBQ9u1RtepW7sDD3AwRE6 | — | 2022-12-20 | |
| BitcoinAddress | 1Mz2b2onxnAYhJTJQoGHdSBy6wu2HpufVR | — | 2022-12-20 | |
| BitcoinAddress | 1NX7zTP6C4oGj2y3DaJTrg26AGFWExvYnr | — | 2022-12-20 | |
| BitcoinAddress | 1bRfcRZVws98j3QQEZxrgRVd15vVF6zSU | — | 2022-12-20 | |
| BitcoinAddress | 34RqywhujsHGVPNMedvGawFufFW9wWtbXC | — | 2022-12-20 | |
| FileHash-MD5 | e2aad08f11d13fcb4fcd6ddedcb716e9 | MD5 of c6d4ce67dd25764f571a84caa19fa6c2b067cae6 | 2022-12-20 | |
| FileHash-SHA1 | c6d4ce67dd25764f571a84caa19fa6c2b067cae6 | — | 2022-12-20 | |
| FileHash-SHA256 | c59a234f3a71d3f177cacf704bd25bfea6ce41c549651638d8ee4ed120ff90b2 | SHA256 of c6d4ce67dd25764f571a84caa19fa6c2b067cae6 | 2022-12-20 | |
| domain | 2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onion | — | 2022-12-20 | |
| domain | 3ebu257qh2dlauxqj7cgv3i55e4orb55mwgqf4tq7eicsa3dfhr4aaid.onion | — | 2022-12-20 | |
| domain | 7owe32rodnp3vnx2ekqncoegxolkmb3m2fex5zu6i2bg7ktivhwvczqd.onion | — | 2022-12-20 | |
| domain | anotheronedom.com | — | 2022-12-20 | |
| domain | bihgkrr546ctjdn4mwr7x4bhvwz55sftx6xir6cwlfo6rhppd2eu7syd.onion | — | 2022-12-20 | |
| domain | c43tnmrkzfmkjyd3j4v6xbyrd67q6pskzy67dwkzj36uoqwpoju2loyd.onion | — | 2022-12-20 | |
| domain | cdneurop.cloud | — | 2022-12-20 | |
| domain | cdneurops.buzz | — | 2022-12-20 | |
| domain | cdneurops.health | — | 2022-12-20 | |
| domain | cdneurops.pics | — | 2022-12-20 | |
| domain | cdneurops.shop | — | 2022-12-20 | |
| domain | cdntokiog.studio | — | 2022-12-20 | |
| domain | checkpos.net | — | 2022-12-20 | |
| domain | dafflash.com | — | 2022-12-20 | |
| domain | deepsound.live | — | 2022-12-20 | |
| domain | dg2sz7pxs7llf2t25fsbutlvvrjij4pmojugn75cmxnvoshmju6dzcad.onion | — | 2022-12-20 | |
| domain | duniadekho.bar | — | 2022-12-20 | |
| domain | easywbdesign.com | — | 2022-12-20 | |
| domain | filimaik.com | — | 2022-12-20 | |
| domain | getfixed.xyz | — | 2022-12-20 | |
| domain | getyourgift.life | — | 2022-12-20 | |
| domain | gfixprice.xyz | — | 2022-12-20 | |
| domain | godespra.com | — | 2022-12-20 | |
| domain | greenphoenix.xyz | — | 2022-12-20 | |
| domain | limeprime.com | — | 2022-12-20 | |
| domain | limeprime.org | — | 2022-12-20 | |
| domain | maesvpovrwqfaqjw44bbeb2w62h6n7eyosbeit7rfrrdbyjymqaxfryd.onion | — | 2022-12-20 | |
| domain | mastiakele.cyou | — | 2022-12-20 | |
| domain | mastiakele.icu | — | 2022-12-20 | |
| domain | mastiakele.xyz | — | 2022-12-20 | |
| domain | maxbook.space | — | 2022-12-20 | |
| domain | mydomelem.com | — | 2022-12-20 | |
| domain | myinfoart.xyz | — | 2022-12-20 | |
| domain | nameiusr.com | — | 2022-12-20 | |
| domain | newcc.com | — | 2022-12-20 | |
| domain | nisdably.com | — | 2022-12-20 | |
| domain | papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion | — | 2022-12-20 | |
| domain | r5vg4h5rlwmo6oa3p3vlckuvf5na2wb2tnqbsbkivhrhlyze6czlpjad.onion | — | 2022-12-20 | |
| domain | revouninstaller.homes | — | 2022-12-20 | |
| domain | robotatten.com | — | 2022-12-20 | |
| domain | sleepingcontrol.com | — | 2022-12-20 | |
| domain | sndvoices.com | — | 2022-12-20 | |
| domain | tmetres.com | — | 2022-12-20 | |
| domain | tyturu.com | — | 2022-12-20 | |
| domain | venoxcontrol.com | — | 2022-12-20 | |
| domain | x4l2doee6uhhf3lqjvjodgqtxsjvwbkdqyldhwyhwkhf4y23aqq7jayd.onion | — | 2022-12-20 | |
| domain | yeug3c6mnwocixwlotka4nwo3fjtfic65o4psmpxvrdul5q7dgjmsvad.onion | — | 2022-12-20 | |
| domain | younghil.com | — | 2022-12-20 | |
| domain | zaoshang.moscow | — | 2022-12-20 | |
| domain | zaoshang.ooo | — | 2022-12-20 | |
| domain | zaoshang.ru | — | 2022-12-20 | |
| domain | zaoshanghao.su | — | 2022-12-20 | |
| domain | zaoshanghaoz.net | — | 2022-12-20 | |
| URL | http://nxtfdata.xyz/cl.exe | — | 2022-12-20 | |
| CVE | CVE-2018-14847 | — | 2022-12-20 | |
| FileHash-SHA256 | 0f8f7cd39e1a5231b49f986b877befce0c2f558f0c1a9844833ac702cb3eba6e | — | 2022-12-20 | |
| domain | nxtfdata.xyz | — | 2022-12-20 | |
| BitcoinAddress | 19eihBKk6e5YD2QXAe4SVUsxRLLnTDKsfv | — | 2022-12-20 | |
| FileHash-MD5 | 099ad37ceccdfa74229d976b10973736 | MD5 of df84d3e83b4105f9178e518ca69e1a2ec3116d3223003857d892b8a6f64b05ba | 2022-12-20 | |
| FileHash-MD5 | 22f9011e012624191c18756bdb98f875 | MD5 of a2fd759ee5c470da57d8348985dc34348ccaff3a8b1f5fa4a87e549970eeb406 | 2022-12-20 | |
| FileHash-MD5 | 3703953d2a171175f92dd1acd5a85747 | MD5 of db84d13d7dbba245736c9a74fc41a64e6bd66a16c1b44055bd0447d2ae30b614 | 2022-12-20 | |
| FileHash-MD5 | 4706e484cbe32957e889a835657f58fd | MD5 of d8a54d4b9035c95b8178d25df0c8012cf0eedc118089001ac21b8803bb8311f4 | 2022-12-20 | |
| FileHash-MD5 | 553abd7d17ea06b3f355bed99ad7cd7c | MD5 of 03d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025 MD5 of 03d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025 | 2022-12-20 | |
| FileHash-MD5 | 636860683ca1c437326251e197bb6b4f | MD5 of e673ce1112ee159960f1b7fed124c108b218d6e5aacbcb76f93d29d61bd820ed | 2022-12-20 | |
| FileHash-SHA1 | 1b6d65319dcb21fa94310c04bc3abd89b90b4699 | SHA1 of df84d3e83b4105f9178e518ca69e1a2ec3116d3223003857d892b8a6f64b05ba | 2022-12-20 | |
| FileHash-SHA1 | 2c653cbc442ae0d6a64e0bbfb3779baaf67c4cda | SHA1 of a2fd759ee5c470da57d8348985dc34348ccaff3a8b1f5fa4a87e549970eeb406 | 2022-12-20 | |
| FileHash-SHA1 | 32e2f98ec6272c81987fdbed8c3ce47cf1554f8e | SHA1 of 03d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025 SHA1 of 03d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025 | 2022-12-20 | |
| FileHash-SHA1 | 54d8ac95c4ac386529d0cfb986e167f08acf4e5e | SHA1 of e673ce1112ee159960f1b7fed124c108b218d6e5aacbcb76f93d29d61bd820ed | 2022-12-20 | |
| FileHash-SHA1 | e0c1a564c8c8815a386fa8cad18efc9c2062cf98 | SHA1 of d8a54d4b9035c95b8178d25df0c8012cf0eedc118089001ac21b8803bb8311f4 | 2022-12-20 | |
| FileHash-SHA1 | f825780677d0afd232dd14486be22e2b9f2e29d2 | SHA1 of db84d13d7dbba245736c9a74fc41a64e6bd66a16c1b44055bd0447d2ae30b614 | 2022-12-20 | |
| FileHash-SHA256 | 03d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025 | — | 2022-12-20 | |
| FileHash-SHA256 | 79616f9be5b583cefc8a48142f11ae8caf737be07306e196a83bb0c3537ccb3e | — | 2022-12-20 | |
| FileHash-SHA256 | 8632d2ac6e01b6e47f8168b8774a2c9b5fafaa2470d4e780f46b20422bc13047 | — | 2022-12-20 | |
| FileHash-SHA256 | 8ef882a44344497ef5b784965b36272a27f8eabbcbcea90274518870b13007a0 | — | 2022-12-20 | |
| FileHash-SHA256 | a2fd759ee5c470da57d8348985dc34348ccaff3a8b1f5fa4a87e549970eeb406 | — | 2022-12-20 | |
| FileHash-SHA256 | c3f257224049584bd80a37c5c22994e2f6facace7f7fb5c848a86be03b578ee8 | — | 2022-12-20 | |
| FileHash-SHA256 | d8a54d4b9035c95b8178d25df0c8012cf0eedc118089001ac21b8803bb8311f4 | — | 2022-12-20 | |
| FileHash-SHA256 | db84d13d7dbba245736c9a74fc41a64e6bd66a16c1b44055bd0447d2ae30b614 | — | 2022-12-20 | |
| FileHash-SHA256 | df84d3e83b4105f9178e518ca69e1a2ec3116d3223003857d892b8a6f64b05ba | — | 2022-12-20 | |
| FileHash-SHA256 | e673ce1112ee159960f1b7fed124c108b218d6e5aacbcb76f93d29d61bd820ed | — | 2022-12-20 | |
| FileHash-SHA256 | eae4968682064af4ae6caa7fff78954755537a348dce77998e52434ccf9258a2 | — | 2022-12-20 | |
| domain | anuanage.info | — | 2022-12-20 | |
| domain | evocterm.com | — | 2022-12-20 | |
| domain | iceanedy.com | — | 2022-12-20 | |
| domain | ninhaine.com | — | 2022-12-20 | |
| domain | retoti.com | — | 2022-12-20 | |
| domain | runmodes.com | — | 2022-12-20 | |
| domain | trumops.com | — | 2022-12-20 | |
| domain | yturu.com | — | 2022-12-20 |
References (3)
↗ https://www.nozominetworks.com/blog/tracking-malicious-glupteba-activity-through-the-blockchain/
↗ https://www.trendmicro.com/en_us/research/19/i/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions.html
↗ https://www.blockchain.com/explorer/addresses/btc/1KfLXEveeDEi58wvuBBxuywUA1V66F5QXK