SOC Incident Toolkit
Back to Campaigns
Glupteba: The Blockchain-Enabled Modular Malware

Glupteba: The Blockchain-Enabled Modular Malware

GluptebaBlockchain

Glupteba is a complex and advanced form of malware that has been affecting Windows devices globally since 2019. It utilizes blockchain technology and has multiple modules that can be used for various malicious activities,

Indicators of Compromise

Domains (109)

trumops.comgetfixed.xyzlimeprime.orgmordo.ruleappoach.info7owe32rodnp3vnx2ekqncoegxolkmb3m2fex5zu6i2bg7ktivhwvczqd.onionall-smart-green.comcdneurops.shoptyturu.comnahbleiben.atcheckpos.netduniadekho.barwww.sxhxrj.comspaldingcompanies.comherscan.ioanuanage.infodg2sz7pxs7llf2t25fsbutlvvrjij4pmojugn75cmxnvoshmju6dzcad.onionnameiusr.comgetyourgift.lifedll1.stdcdn.com+89 more

Hashes (122)

883403c940b477cee083efeea8c252c6b123fe42bed02d6a2e7bf2eaf4c808301e2d8fb1d79af42a3168037057ab491f8c6ab7a051eedf9f119778bdc71cd96a40f52101657881e84262237083ba4a51d5e43aba460c06169d402d74407dc779ff7539b8d2bf73de99afedd4b6c6da2dbe76c7896bd565d6f825780677d0afd232dd14486be22e2b9f2e29d28ef882a44344497ef5b784965b36272a27f8eabbcbcea90274518870b13007a086b08cc3e45469e2be8f0e5bfac49f5bf31522c02042acdc065cc084ae49dc13eeaf3f80e04400fa8e097fef2c84d5e32ff8c5e0cd0f46549c8651cf145ba7804dd3f638d4c370abeb3ebf59cad8ed2f325f216d2297ca37dcbd050e3a9c34229e47f5dce30f7f6442d4b20ff7940f5b95cba00443a1e709507fbaeb51205b88c204f3011686868c2b48512cde732db603d2771d83c50cc5cdcbf530f81cffc918b71111b1492ccfdcefb355fb62e025fbd3940d1ad28166d8539eae23d44d5b553abd7d17ea06b3f355bed99ad7cd7cc2faa947ea2ef8b300840323379ee0f72ddb2c4f32e2f98ec6272c81987fdbed8c3ce47cf1554f8e79400b1fd740d9cb7ec7c2c2e9a7d618aec2f9310c8db40173b9ba1daf8d7c7f254f7d47896f00154c112a7f5f7c7a1841d35b0ff7eeacc3101c4ab4879cdb4b10f7689679ed310aaf85e75ea87c2e69+102 more

IPv4 (26)

45.11.183.15231.14.40.11631.14.40.173185.186.142.166195.123.212.1731.14.40.207212.193.30.21212.193.30.455.9.224.21745.89.125.25377.247.110.57185.244.150.26137.184.159.42185.38.142.132185.212.170.25031.14.40.10723.106.124.76103.145.13.3192.255.57.115104.168.215.231+6 more

CVEs (12)

CVE-2021-44207CVE-2018-14847CVE-2021-26084CVE-2021-34523CVE-2017-9841CVE-2021-44228CVE-2021-34473CVE-2022-26134CVE-2021-31207CVE-2022-1388CVE-2022-22965CVE-2017-5638

Notes

<br>

Mitigation

<div>To reduce the risk of a Glupteba infection and protect against other forms of malware, it is recommended to follow these best practices:</div><div><br></div><div><ul><li>Keep your operating system and software up to date: Software updates often include security fixes and patches to address vulnerabilities that can be exploited by malware.</li></ul></div><div><br></div><div><ul><li>Use reputable security software: Antivirus and anti-malware software can help detect and remove Glupteba and other forms of malware from your system.</li></ul></div><div><br></div><div><ul><li>Practice safe browsing habits: Avoid clicking on suspicious links or downloading attachments from unknown sources, and be cautious of clicking on ads.</li></ul></div><div><br></div><div><ul><li>Enable firewalls: Firewalls can help prevent unauthorized access to your devices and network.</li></ul></div><div><br></div><div><ul><li>Regularly backup your important data: Regular backups can help you recover from a malware infection by restoring your data from a previous point in time.</li></ul></div><div><br></div><div><ul><li>Be wary of phishing attempts: Be cautious of emails or messages that ask for sensitive information, and do not enter login credentials or financial information into websites unless you are confident that they are legitimate.</li></ul></div><div><br></div><div><ul><li>Use strong and unique passwords: Use strong, unique passwords for all of your online accounts, and consider using a password manager to help keep track of them.</li></ul></div>