← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Glupteba botnet
WHITE BITSecurity 2022-12-20 Modified: 2022-12-20
117
IOCs
HIGH VOLUME
The malware, which is distributed through fraudulent ads or software cracks, is also equipped to retrieve additional payloads that enable it to steal credentials, mine cryptocurrencies, and expand its reach by exploiting vulnerabilities in IoT devices from MikroTik and Netgear. It's also an instance of an unusual malware that leverages blockchain as a mechanism for command-and-control (C2) since at least 2019, rendering its infrastructure resistant to takedown efforts as in the case of a traditional server.
recent sha256block explorerbitcoin explorerblockchain explorertransaction searchbitcoin addressethereum addressetherethereum blockchainethereum transactionethereum unconfirmed transactionethereum exploreretherscanhome pricescharts nftsbuy moredefi academycash btctestnet bchtestnet englishespaol portuguspycc franaisdeutsch usdopreturnbitcoinutxobitcoin coreopreturn changeutxo databaseecdh addressgluptebacyber threatsmalwareresearchnetworksocks proxyc servertrend microglupteba botnetmikrotikwindowshkeyuserspost requestdownloadverifyenumerategooglecampaignxyzc2 domainnovemberfigureaddressfirstnozomi networksjuneevolutionvirustotalfebruaryapril
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Glupteba
Indicators of Compromise (7 / 117 total)
All BitcoinAddress FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain URL CVE
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 e2aad08f11d13fcb4fcd6ddedcb716e9 MD5 of c6d4ce67dd25764f571a84caa19fa6c2b067cae6 2022-12-20
FileHash-MD5 099ad37ceccdfa74229d976b10973736 MD5 of df84d3e83b4105f9178e518ca69e1a2ec3116d3223003857d892b8a6f64b05ba 2022-12-20
FileHash-MD5 22f9011e012624191c18756bdb98f875 MD5 of a2fd759ee5c470da57d8348985dc34348ccaff3a8b1f5fa4a87e549970eeb406 2022-12-20
FileHash-MD5 3703953d2a171175f92dd1acd5a85747 MD5 of db84d13d7dbba245736c9a74fc41a64e6bd66a16c1b44055bd0447d2ae30b614 2022-12-20
FileHash-MD5 4706e484cbe32957e889a835657f58fd MD5 of d8a54d4b9035c95b8178d25df0c8012cf0eedc118089001ac21b8803bb8311f4 2022-12-20
FileHash-MD5 553abd7d17ea06b3f355bed99ad7cd7c MD5 of 03d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025 MD5 of 03d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025 2022-12-20
FileHash-MD5 636860683ca1c437326251e197bb6b4f MD5 of e673ce1112ee159960f1b7fed124c108b218d6e5aacbcb76f93d29d61bd820ed 2022-12-20
References (3)
↗ https://www.nozominetworks.com/blog/tracking-malicious-glupteba-activity-through-the-blockchain/ ↗ https://www.trendmicro.com/en_us/research/19/i/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions.html ↗ https://www.blockchain.com/explorer/addresses/btc/1KfLXEveeDEi58wvuBBxuywUA1V66F5QXK