ioc[.]one - OSINT Cyber Threat Intelligence Database

Incident Response Guide

Show in Graph

Common Information

Type	Value
UUID	2c9b93f7-b222-4fc7-9da7-046c54f2538b
Fingerprint	e958a55a42fa7ec4277a56ade2988812a82c52b9d5b2895a25dda42d7bf3700c
Analysis status	DONE
Considered CTI value	-2
Text language
Published	April 14, 2021, 1:55 p.m.
Added to db	Oct. 1, 2024, 2:43 p.m.
Last updated	Oct. 1, 2024, 2:46 p.m.
Headline	Incident Response Guide
Title	Incident Response Guide
Detected Hints/Tags/Attributes	202/4/84

Source URLs

	Redirection	Url
Details	Redirection	http://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/04/30140707/Incident_Response_Guide_eng.pdf
Details	Source	https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/04/30140707/Incident_Response_Guide_eng.pdf

URL Provider

Details	Provider	Source level domain
Details	kasperskycontenthub.com	media.kasperskycontenthub.com

Attributes

Details	Type	#Events	Value
Details	Domain	122	www.kaspersky.com
Details	Domain	2	help.kaspersky.com
Details	Domain	16	support.kaspersky.com
Details	Domain	1	botnet-domain.example.com
Details	Domain	212	technet.microsoft.com
Details	Domain	2	www.z-oleg.com
Details	Domain	6	www.gmer.net
Details	Domain	15	virustotal.github.io
Details	Domain	4127	github.com
Details	Domain	3	accessdata.com
Details	Domain	2	cygwin.com
Details	Domain	3	belkasoft.com
Details	Domain	3	tip.kaspersky.com
Details	Domain	338	kaspersky.com
Details	Domain	89	vol.py
Details	Domain	12	www.volatilityfoundation.org
Details	Domain	2	www.rekall-forensic.com
Details	Domain	5	www.sleuthkit.org
Details	Domain	403	securelist.com
Details	Domain	1	virusdesk.kaspersky.com
Details	Domain	1	community.kaspersky.com
Details	Email	9	intelligence@kaspersky.com
Details	File	478	lsass.exe
Details	File	4	volatility.exe
Details	File	119	smss.exe
Details	File	165	csrss.exe
Details	File	89	wininit.exe
Details	File	212	winlogon.exe
Details	File	306	services.exe
Details	File	31	lsm.exe
Details	File	1260	explorer.exe
Details	File	1122	svchost.exe
Details	File	6	'lsass.exe
Details	File	82	default.aspx
Details	File	98	download.php
Details	File	85	vol.py
Details	File	2	48580000.dll
Details	File	3	csrsrv.dll
Details	File	2	75b40000.dll
Details	File	76	gdi32.dll
Details	File	3	winsrv.dll
Details	File	2	75b60000.dll
Details	File	3	1000000.dll
Details	File	6	tutorial.html
Details	File	533	ntdll.dll
Details	File	6	rip.exe
Details	File	1	c:\case\ntuser.dat
Details	Github username	30	google
Details	Github username	2	keydet89
Details	IPv4	8	192.168.0.3
Details	Url	5	https://www.kaspersky.com
Details	Url	1	https://help.kaspersky.com
Details	Url	1	https://support.kaspersky.com
Details	Url	1	https://www.kaspersky.com/about/company
Details	Url	1	http://www.kaspersky.com/enterprise-
Details	Url	1	http://www.kaspersky.com/enterprise-security.
Details	Url	1	http://subbotnet-domain_19.botnet-domain.example.com/page/c
Details	Url	2	https://technet.microsoft.com/en-us/sysinternals/default.aspx
Details	Url	1	http://www.z-oleg.com/secur/avz/download.php
Details	Url	4	http://www.gmer.net
Details	Url	1	http://virustotal.github.io/yara.
Details	Url	1	https://github.com/google/grr.
Details	Url	1	http://accessdata.com/solutions/digital-forensics/forensic-toolkit-
Details	Url	1	https://cygwin.com
Details	Url	1	http://belkasoft.com/ram-capturer.
Details	Url	1	https://tip.kaspersky.com/aptreporting
Details	Url	1	https://tip.kaspersky.com/cnctracking.
Details	Url	1	https://tip.kaspersky.com/finreporting.
Details	Url	1	https://tip.kaspersky.com/icsreporting.
Details	Url	1	https://tip.kaspersky.com/dfi/threats.
Details	Url	1	http://www.kaspersky.com/enterprise-security/intelligence-services.
Details	Url	3	http://www.volatilityfoundation.org
Details	Url	1	http://www.rekall-forensic.com/docs/manual/tutorial.html
Details	Url	2	http://www.rekall-forensic.com
Details	Url	1	http://www.sleuthkit.org/sleuthkit/.
Details	Url	1	http://www.sleuthkit.org/autopsy/.
Details	Url	1	https://github.com/keydet89/regripper2.8
Details	Url	1	https://www.kaspersky.com/downloads/thank-you/free-
Details	Url	1	http://support.kaspersky.com/viruses/utility?cid=acq-freekasp-usa&_ga=1.198229483.571661967.1434556259
Details	Url	1	https://support.kaspersky.com/viruses/rescuedisk.
Details	Url	13	https://securelist.com
Details	Url	1	https://virusdesk.kaspersky.com
Details	Url	1	https://community.kaspersky.com
Details	Yara rule	2	rule silent_banker : banker { meta: description = "This is just an example" thread_level = 3 in_the_wild = true strings: $a = { 6A 40 68 00 30 00 00 6A 14 8D 91 } $b = { 8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9 } $c = "UVODFRYSIHLNWPEJXQZAKCBGMT" condition: $a or $b or $c }