UNKNOWN
Common Information
| Type | Value |
|---|---|
| UUID | 4609eabe-49db-47d6-b38f-9534a7aa8f6c |
| Fingerprint | 26f81f20435c067ce59238759627a138ed5d1517db75ca22eb3a77ec4e6e937b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 8, 2019, 7:19 p.m. |
| Added to db | May 19, 2024, 2:24 p.m. |
| Last updated | Aug. 31, 2024, 7:20 a.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 482/4/190 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 2 | cve-2018-4251 |
|
| Details | CVE | 34 | cve-2017-5754 |
|
| Details | CVE | 37 | cve-2017-5753 |
|
| Details | CVE | 41 | cve-2017-5715 |
|
| Details | CVE | 7 | cve-1999-0024 |
|
| Details | CVE | 57 | cve-2014-6271 |
|
| Details | CVE | 18 | cve-2017-8464 |
|
| Details | CVE | 8 | cve-2018-1038 |
|
| Details | CVE | 6 | cve-2016-8869 |
|
| Details | CVE | 6 | cve-2016-8870 |
|
| Details | CVE | 2 | cve-2017-17668 |
|
| Details | CVE | 2 | cve-2018-5717 |
|
| Details | CVE | 2 | cve-2010-3055 |
|
| Details | CVE | 6 | cve-2013-2618 |
|
| Details | CVE | 81 | cve-2017-10271 |
|
| Details | CVE | 16 | cve-2018-2628 |
|
| Details | CVE | 38 | cve-2017-7269 |
|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 3 | wapo.st |
|
| Details | Domain | 5 | zd.net |
|
| Details | Domain | 4 | nyti.ms |
|
| Details | Domain | 2 | symc.ly |
|
| Details | Domain | 3 | bbc.in |
|
| Details | Domain | 2 | armis.com |
|
| Details | Domain | 39 | ics-cert.us-cert.gov |
|
| Details | Domain | 641 | nvd.nist.gov |
|
| Details | Domain | 243 | cve.mitre.org |
|
| Details | Domain | 35 | first.org |
|
| Details | Domain | 134 | shodan.io |
|
| Details | Domain | 61 | censys.io |
|
| Details | Domain | 2 | launch4j.sourceforge.net |
|
| Details | Domain | 1 | command.properties |
|
| Details | Domain | 5 | jd.benow.ca |
|
| Details | Domain | 13 | hex-rays.com |
|
| Details | Domain | 8 | phdays.com |
|
| Details | Domain | 397 | asp.net |
|
| Details | Domain | 831 | example.com |
|
| Details | Domain | 2 | tf.to |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | stanford.io |
|
| Details | Domain | 154 | arxiv.org |
|
| Details | Domain | 1 | oemp.man |
|
| Details | Domain | 2 | intel.ly |
|
| Details | Domain | 3 | li.seek |
|
| Details | Domain | 3 | li.read |
|
| Details | Domain | 2 | idaapi.cvar.inf.af |
|
| Details | Domain | 2 | idaapi.af |
|
| Details | Domain | 2 | binfmthunk.py |
|
| Details | Domain | 2 | relocate.py |
|
| Details | Domain | 12 | self.data |
|
| Details | Domain | 6 | self.id |
|
| Details | Domain | 2 | blk.data |
|
| Details | Domain | 2 | bf.is |
|
| Details | Domain | 2 | seg.id |
|
| Details | Domain | 2 | relocate.read |
|
| Details | Domain | 2 | seg.data |
|
| Details | Domain | 6 | grsecurity.net |
|
| Details | Domain | 2 | linux-kernel-defence-map.dot |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 16 | scans.io |
|
| Details | Domain | 88 | secretsdump.py |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 12 | shell.run |
|
| Details | Domain | 454 | www.google.com |
|
| Details | Domain | 5 | authrootstl.cab |
|
| Details | Domain | 8 | safebrowsing.google.com |
|
| Details | Domain | 2 | aus3.mozilla.org |
|
| Details | Domain | 30 | addons.mozilla.org |
|
| Details | Domain | 2 | fhr.data.mozilla.com |
|
| Details | Domain | 2 | versioncheck-bg.addons.mozilla.org |
|
| Details | Domain | 2 | services.addons.mozilla.org |
|
| Details | Domain | 4 | mp3.ucrazy.org |
|
| Details | Domain | 2 | support.zakon-auto.net |
|
| Details | Domain | 2 | video.tnt-online.info |
|
| Details | Domain | 3 | aclu.org |
|
| Details | Domain | 18 | amzn.to |
|
| Details | Domain | 1 | invent.ge |
|
| Details | Domain | 8 | gdpr-info.eu |
|
| Details | Domain | 2 | ipvm.com |
|
| Details | Domain | 2 | urmesurveillance.com |
|
| Details | Domain | 2 | bloom.bg |
|
| Details | Domain | 226 | ptsecurity.com |
|
| Details | 1 | users&user[password1]=password&user[username]=hacker&form[email2]=user@example.com |
||
| Details | 1 | d2]=password&user[email2]=user@example.com |
||
| Details | 1 | email1]=user@example.com |
||
| Details | 1 | username]=user&form[email1]=user@example.com |
||
| Details | 2 | example.com&form[password2]=password&user[email2]=user@example.com |
||
| Details | 2 | er[password2]=password&user[name]=user&user[email1]=user@example.com |
||
| Details | 2 | er@example.com |
||
| Details | File | 1 | mxconfig.exe |
|
| Details | File | 2 | netcmd.jar |
|
| Details | File | 2 | netcmd.dll |
|
| Details | File | 1 | netcmd_x64.dll |
|
| Details | File | 47 | api.php |
|
| Details | File | 207 | login.php |
|
| Details | File | 2 | jira.tab |
|
| Details | File | 4 | user.reg |
|
| Details | File | 4 | registration.reg |
|
| Details | File | 1205 | index.php |
|
| Details | File | 2 | model.tar |
|
| Details | File | 2 | model.bat |
|
| Details | File | 2 | self.bat |
|
| Details | File | 2 | model.max |
|
| Details | File | 8 | self.tar |
|
| Details | File | 6 | self.max |
|
| Details | File | 2 | oem.key |
|
| Details | File | 2 | cvar.inf |
|
| Details | File | 2 | binfmthunk.py |
|
| Details | File | 2 | relocate.py |
|
| Details | File | 16 | self.dat |
|
| Details | File | 2 | blk.dat |
|
| Details | File | 2 | seg.dat |
|
| Details | File | 2 | amiga_hunk.py |
|
| Details | File | 2 | features.php |
|
| Details | File | 2 | linux-kernel-defence-map.dot |
|
| Details | File | 2 | linux-kernel-defence-map.png |
|
| Details | File | 50 | www.sys |
|
| Details | File | 8 | images.php |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 13 | setup.php |
|
| Details | File | 2 | wuwu11.php |
|
| Details | File | 2 | weixiao.php |
|
| Details | File | 2 | qwq.php |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 2 | 'mysql.log |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 2 | roots.php |
|
| Details | File | 55 | test.php |
|
| Details | File | 2 | db__.ini |
|
| Details | File | 2 | db_session.ini |
|
| Details | File | 3 | db.ini |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 31 | image.php |
|
| Details | File | 85 | secretsdump.py |
|
| Details | File | 88 | 1.txt |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 7 | execute.bat |
|
| Details | File | 6 | %temp%\execute.bat |
|
| Details | File | 2 | %systemroot%\temp\rmumafcn.tmp |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 33 | shell.exe |
|
| Details | File | 36 | c:\windows\system32\mshta.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 2 | 6dc91b53-ddef-2357-4457-04a3c333db06.txt |
|
| Details | File | 2 | 721d2d0a-890f-9549-96bd-875a495689b7.txt |
|
| Details | File | 2 | tric.pfx |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 33 | c:\windows\system32\notepad.exe |
|
| Details | File | 12 | c:\windows\notepad.exe |
|
| Details | File | 79 | regedit.exe |
|
| Details | File | 4 | authrootseq.txt |
|
| Details | File | 5 | authrootstl.cab |
|
| Details | File | 2 | rootsupd.exe |
|
| Details | File | 2 | fhr.dat |
|
| Details | File | 35 | index.asp |
|
| Details | File | 2 | tnt-online.inf |
|
| Details | File | 3 | stream.php |
|
| Details | Github username | 3 | tensorflow |
|
| Details | Github username | 4 | chipsec |
|
| Details | Github username | 3 | a13xp0p0v |
|
| Details | Github username | 3 | joaomatosf |
|
| Details | md5 | 1 | 6c87b559084c419dfe0a7c8e688a4239 |
|
| Details | md5 | 2 | 18f93a28e0874f0d8d475d154bed1983 |
|
| Details | sha1 | 2 | 49843c6580a0abc8aa4576e6d14afe3d94e3222f |
|
| Details | IPv4 | 2 | 172.20.2.111 |
|
| Details | IPv4 | 2 | 10.0.212.25 |
|
| Details | IPv4 | 9 | 11.22.33.44 |
|
| Details | IPv4 | 2 | 1.192.0.0 |
|
| Details | IPv4 | 2 | 171.8.0.0 |
|
| Details | IPv4 | 2 | 123.101.0.0 |
|
| Details | IPv4 | 2 | 123.52.0.0 |
|
| Details | IPv4 | 3 | 192.168.202.100 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 4 | 192.168.211.1 |
|
| Details | IPv4 | 2 | 192.168.241.1 |
|
| Details | IPv4 | 2 | 192.168.202.136 |
|
| Details | Microsoft Patch Numbers | 7 | KB4012598 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 4 | https://safebrowsing.google.com |
|
| Details | Url | 2 | https://aus3.mozilla.org |
|
| Details | Url | 2 | https://addons.mozilla.org |
|
| Details | Url | 2 | https://fhr.data.mozilla.com |
|
| Details | Url | 2 | https://versioncheck-bg.addons.mozilla.org |
|
| Details | Url | 2 | https://services.addons.mozilla.org |
|
| Details | Url | 2 | http://denwer/pegasus/index.php |
|
| Details | Url | 3 | http://mp3.ucrazy.org/music/index.php |
|
| Details | Url | 2 | http://support.zakon-auto.net/tuning/index.asp |
|
| Details | Url | 2 | http://video.tnt-online.info/tnt-comedy-tv/stream.php |