Banking Botnet: Indicators of Compromise : Control Synergy Dev Site

7 December 2018

Banking Botnet: Indicators of Compromise

At the time of writing, these are the known URLS which are being sent out via SMS to Australian Banking customers with a view to installing the GUSTUFF Botnet Trojan onto Android devices:

hxxp://88.99.227[.]26/html2/2018/GrafKey/new-inj-135-3-dark.html
hxxp://88.99.227[.]26/html2/arc92/au483x.zip
hxxp://88.99.227[.]26/html2/new-inj-135-3-white.html
hxxp://94.130.106[.]117:8080/api/v1/report/records.php
hxxp://facebook-photos-au[.]su/ChristinaMorrow
hxxp://homevideo2-12l[.]ml/mms3/download_3.php

The Domains to be aware of include:

Facebook-photos-au.su
Homevideo2-12l.ml
videohosting1-5j.gq

The known IP addresses to be aware of at time of writing include:

78.46.201.36
88.99.170.84
88.99.227.26
94.130.106.117
88.99.174.200
88.99.189.31

For a link to the full CISCO TALOS analaysis of this Malware Trojan, please click here:

https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html

Categories:

Blog

Banking Botnet: Indicators of Compromise

Categories

Lastest Post

BEWARE – MLC NAND Memory Transition coming to Flash Card Near You

When High Reliability SLC NAND Flash becomes less reliable

Control Synergy signs Distribution Agreement with IntaCept

Control Synergy New Solutions for Mobile Phone Coverge

FOLLOW US

Get in contact with the team at
Control Synergy today!

Quick Links

CUSTOMER SERVICE

Banking Botnet: Indicators of Compromise

Categories

Lastest Post

BEWARE – MLC NAND Memory Transition coming to Flash Card Near You

When High Reliability SLC NAND Flash becomes less reliable

Control Synergy signs Distribution Agreement with IntaCept

Control Synergy New Solutions for Mobile Phone Coverge

FOLLOW US

Get in contact with the team at Control Synergy today!

Register

Get in contact with the team at
Control Synergy today!