Trusted Design

Rovnix Downloader Updated with SinkHole and Time Checks

概要

McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively new technique makes it difficult to detect the malware—especially on behavior-based malware detection systems. The malware checks for sinkholing of its control servers before each network communication session and does not initiate its malicious activities—such as downloading and running the malicious payload(s)—if it thinks the Domain Name Service (DNS) records have been sinkholed. The downloader also uses an uncommon technique to perform a timing check to decide whether it should perform its malicious activities.

Created: 2026-02-23

Indicators

• domain - srvdexpress5.com -
• domain - elorfans4.com -
• domain - elorfans6.com -
• domain - tornishineynarkkek3.org -
• domain - srvdexpress4.com -
• domain - srvdexpress6.com -
• domain - transliteraturniefabriki.com -
• domain - tornishineynarkkek2.org -
• domain - ecloud91.com -
• FileHash-MD5 - 19f14a5d5610e51f4985444f3f0e59ed -
• FileHash-MD5 - 7ce075e3063782f710d47c77ddfa1261 -
• domain - ecloud90.com -
• FileHash-MD5 - 0131d46686c66e6a4c8d89c3aa03534c -
• YARA - 0cfa65d2d0fece885d995520c6551adc7d1c5a55 -
• domain - mediacontent.us -
• domain - mediacontent2.us -
• FileHash-MD5 - 5ea867f5f7c24e0939013faf3ed78535 -
• FileHash-MD5 - b7d63dcb586ec9a54a91379990dcd804 -
• domain - lastooooomene2ie2e.com -
• FileHash-MD5 - 7123a117c44e8c454f482b675544d1a9 -
• domain - srvdexpress3.com -
• domain - ecloud88.com -
• FileHash-MD5 - b0bce8bd66a005eff775099563232e64 -
• FileHash-MD5 - 11f61c60ce548e2148c2f7a2e5f7103c -
• FileHash-MD5 - e0bc0503ccc831c07d6cc4c394b5a409 -
• domain - srvdexpress7.com -
• domain - ecloud87.com -
• domain - mediacontent3.us -
• FileHash-MD5 - fdef7dd0b7cece42042a7baca3859e41 -
• domain - elorfans3.com -
• domain - tornishineynarkkek.org -
• domain - ecloud86.com -
• FileHash-MD5 - a6fd6661c6ac950263ba9a3d4fc55354 -
• domain - romnsiebabanahujtr.org -
• domain - upmisterfliremsnk.net -
• domain - elorfans2.com -
• FileHash-MD5 - 29ef765145f6dd76cec5cc89c75b44de -
• domain - elorfans5.com -
• domain - romnsiebabanahujtr2.org -
• domain - ecloud89.com -
• domain - romnsiebabanahujtr3.org -
• FileHash-MD5 - e8a94f1df66587abd7c91bfcbe5af5d5 -

類似Pulses

• A .NET malware abusing legitimate ffmpeg - Malwarebytes Labs | Malwarebytes Labs (score: 0.60)
• Zscaler's Spymel - signed malware (score: 0.59)
• Graftor malware on Metadefender.com (score: 0.58)
• malware-traffic-analysis.net BIZCN GATE NUCLEAR EK indicators (score: 0.58)
• Razy malware on Metadefender.com (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る