otx.alienvault.com
Open in
urlscan Pro
143.204.98.80
Public Scan
URL:
https://otx.alienvault.com/pulse/61dc1f38a5b5b90adf7775d0?scan=1&utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=ot...
Submission: On January 10 via api from US — Scanned from DE
Submission: On January 10 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form _ngcontent-rwb-c132="" novalidate="" class="login ng-untouched ng-pristine ng-invalid" id="welcomeLoginForm-pulse-detail" __bizdiag="-695151727" __biza="WJ__">
<div _ngcontent-rwb-c132="" class="form-group"><label _ngcontent-rwb-c132="" for="id_login">Username</label><input _ngcontent-rwb-c132="" container="body" formcontrolname="login" id="id_login" name="login" placement="right" type="text"
class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div>
<div _ngcontent-rwb-c132="" class="form-group"><label _ngcontent-rwb-c132="" for="id_password">Password</label><input _ngcontent-rwb-c132="" container="body" formcontrolname="password" id="id_password" name="password" placement="right"
type="password" class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div><button _ngcontent-rwb-c132="" id="loginBtn" type="submit" class="btn btn-att disabled" disabled=""> Log in
<i _ngcontent-rwb-c132="" aria-hidden="true" class="fa fa-chevron-right smaller"></i></button>
<div _ngcontent-rwb-c132="" class="remember-checkbox"><label _ngcontent-rwb-c132=""><input _ngcontent-rwb-c132="" id="id_remember" name="remember" type="checkbox"> REMEMBER ME</label></div>
</form>Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (170929) Suggest Edit Clone Embed Download Report Spam FLUBOT’S AUTHORS EMPLOY CREATIVE AND SOPHISTICATED TECHNIQUES TO ACHIEVE THEIR GOALS * Created 32 minutes ago by AlienVault * Public * TLP: White In early 2020, a new sophisticated malware for Android called FluBot began to appear. On infected devices, the malware can take full remote control of the device; access victim’s contact lists; send, intercept, and hide SMS messages; log the victim’s keystrokes; steal one-time passcodes; collect personal information; carry out overlay attacks and more. Originally, the malware authors mainly targeted Spanish banks but later expanded their targets to include Australian, German, Polish, and UK banks (HSBC, Santander, Lloyds, Halifax, and others). Reference: https://www.f5.com/labs/articles/threat-intelligence/flubots-authors-employ-creative-and-sophisticated-techniques-to-achieve-their-goals-in-version-50-and-beyond Tags: FluBot, Android, SMS messages Industries: Banking, Banks Targeted Countries: Spain , Australia , Germany , Poland , United Kingdom of Great Britain and Northern Ireland Malware Families: Attack , MultiDex Att&ck IDs: T1568 - Dynamic Resolution , T1562 - Impair Defenses , T1030 - Data Transfer Size Limits , T1566 - Phishing , T1056 - Input Capture , T1055 - Process Injection , T1573 - Encrypted Channel , T1071 - Application Layer Protocol , T1027 - Obfuscated Files or Information , T1070 - Indicator Removal on Host Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (126) * Related Pulses (4) * Comments (0) * History (0) FileHash-MD5 (3)Domain (116)FileHash-SHA1 (3)FileHash-SHA256 (4) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses domainywtujyrngdkskqb.suJan 10, 2022, 11:57:45 AM3 domainyrpbnuvmijunhui.spaceJan 10, 2022, 11:57:45 AM3 domainylnokptsqwyhcfl.cnJan 10, 2022, 11:57:45 AM3 domainydcsrogydrbaark.orgJan 10, 2022, 11:57:45 AM3 domainxwjguoqsrctyqhg.workJan 10, 2022, 11:57:45 AM3 domainxumeqlosslyghxa.mdJan 10, 2022, 11:57:45 AM3 domainxtxhdknafhfxvjc.suJan 10, 2022, 11:57:45 AM3 domainxpvxfyfllbmttff.icuJan 10, 2022, 11:57:45 AM3 domainxjsounhyqtwansr.ruJan 10, 2022, 11:57:45 AM3 domainxbweworkhtydyfu.cnJan 10, 2022, 11:57:45 AM3 SHOWING 1 TO 10 OF 126 ENTRIES 1 2 3 4 5 ... 13 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status Login to Initiate Scan × * Sign Up * Log In or Username Password Log in REMEMBER ME Recover Your Password | Resend Verification Email