ioc[.]one - OSINT Cyber Threat Intelligence Database

Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy

Show in Graph

Common Information

Type	Value
UUID	54c8a6e2-e75b-452b-8ba4-3e81f07a3d99
Fingerprint	244c0a48716488780f0ff461c3afe4d889b5bd36d3385ddb4a6f5d8de5609ba2
Analysis status	DONE
Considered CTI value	1
Text language
Published	Sept. 29, 2015, 3 p.m.
Added to db	March 9, 2024, 11:20 p.m.
Last updated	Aug. 30, 2024, 10:12 p.m.
Headline	Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy
Title	Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy
Detected Hints/Tags/Attributes	108/2/97

Source URLs

	Redirection	Url
Details	Source	http://go.recordedfuture.com/hubfs/reports/threat-identification.pdf

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	go.recordedfuture.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	www.seculert.com
Details	Domain	110	www.reddit.com
Details	Domain	769	www.youtube.com
Details	Domain	258	nmap.org
Details	Domain	9	sectools.org
Details	Domain	2	zmap.io
Details	Domain	4126	github.com
Details	Domain	129	support.microsoft.com
Details	Domain	36	contagiodump.blogspot.com
Details	Domain	9	curl.haxx.se
Details	Domain	4	www.secdev.org
Details	Domain	139	www.securityweek.com
Details	Domain	16	www.netresec.com
Details	Domain	58	www.shodan.io
Details	Domain	2	forum.malekal.com
Details	Domain	334	www.facebook.com
Details	Domain	356	pastebin.com
Details	Domain	1373	twitter.com
Details	Domain	268	www.virustotal.com
Details	Domain	1	k1997.no-ip.biz
Details	Domain	5	raidforums.com
Details	Domain	1	yobrohasan.ddns.net
Details	Domain	7	fuckav.ru
Details	Domain	1	cryptosuite.org
Details	Domain	8	totalhash.cymru.com
Details	Domain	1	xheemax.no-ip.info
Details	Domain	1	xheemax.x64.me
Details	Domain	1	x64.me
Details	Domain	1	localiser-ip.com
Details	Domain	1	powerstresser.com
Details	Domain	18	www.eweek.com
Details	Domain	546	www.recordedfuture.com
Details	File	1	poison-ivy-attack-toolkit-with-ties-to-china-linked-to-other-hacking-groups.htm
Details	File	2	xtreme-rat-strikes-israeli-organizations-again.html
Details	File	1	collection-of-pcap-files-from-malware.html
Details	File	1	francais-credit-mutuel-t51664.html
Details	File	32	showthread.php
Details	File	1206	index.php
Details	File	1	t-8112.html
Details	File	1	17093xheemax.html
Details	File	13	no-ip.inf
Details	Github username	6	robertdavidgraham
Details	Github username	1	recordedfuture
Details	sha256	1	3616af88323a25786b8da40641798fc1569b678f84ed6520035941066724682d
Details	IPv4	1	197.205.47.239
Details	IPv4	1	105.106.75.181
Details	IPv4	1	37.139.52.43
Details	IPv4	1	38.103.14.232
Details	IPv4	1	212.83.167.112
Details	IPv4	1	37.236.160.100
Details	IPv4	1	83.87.20.225
Details	IPv4	1	212.154.81.158
Details	IPv4	1	197.2.24.60
Details	IPv4	1	94.102.51.152
Details	IPv4	1	93.116.43.245
Details	IPv4	1	90.212.68.218
Details	IPv4	1	5.28.184.242
Details	IPv4	1	196.36.153.134
Details	IPv4	1	149.78.239.193
Details	IPv4	2	204.95.99.109
Details	Url	1	http://www.washingtonpost.com/news/morning-mix/wp/2014/05/20/5-scary-things-about-blackshades-malware
Details	Url	1	http://www.darkreading.com/over-90-arrested-in-global-fbi-crackdown-on-blackshades-rat/d/d-id/1252912
Details	Url	1	http://www.crn.com/news/security/240160369/poison-ivy-attack-toolkit-with-ties-to-china-linked-to-other-hacking-groups.htm
Details	Url	2	http://www.seculert.com/blog/2014/01/xtreme-rat-strikes-israeli-organizations-again.html
Details	Url	1	http://www.reddit.com/r/hacking/comments/2acwpb/how_to_setup_dark_comet_rat_with_download_and
Details	Url	1	https://www.youtube.com/watch?v=qmh_ojszoru
Details	Url	1	https://www.youtube.com/watch?v=5szaja_xbps
Details	Url	1	https://www.youtube.com/watch?v=flttqccbmzy
Details	Url	1	https://www.youtube.com/watch?v=txvglb96whu
Details	Url	132	https://nmap.org
Details	Url	1	http://sectools.org/tool/unicornscan
Details	Url	2	https://zmap.io
Details	Url	5	https://github.com/robertdavidgraham/masscan
Details	Url	1	https://support.microsoft.com/en-us/kb/172983
Details	Url	1	http://contagiodump.blogspot.com/2013/04/collection-of-pcap-files-from-malware.html
Details	Url	2	http://curl.haxx.se
Details	Url	2	http://www.secdev.org/projects/scapy
Details	Url	1	https://www.securityweek.com/attackers-using-havex-rat-against-industrial-control-systems
Details	Url	1	http://www.netresec.com/?page=blog&month=2014
Details	Url	14	https://www.shodan.io
Details	Url	1	https://github.com/recordedfuture/ioc-enrichment
Details	Url	1	http://forum.malekal.com/xtremerat-campagne-mails-
Details	Url	1	http://www.facebook.com/406287246141601
Details	Url	1	http://pastebin.com/tgt0nevt
Details	Url	1	http://pastebin.com/cu4wx0hs
Details	Url	1	http://pastebin.com/2kgejivz
Details	Url	1	http://pastebin.com/f6knvr1q
Details	Url	1	https://twitter.com/atma_es/status/628301520853929985
Details	Url	1	http://pastebin.com/xltfgmrd
Details	Url	1	https://twitter.com/netmenaces
Details	Url	1	https://www.virustotal.com/en/file
Details	Url	1	http://raidforums.com/showthread.php?tid=27
Details	Url	1	https://fuckav.ru/archive/index.php/t-8112.html
Details	Url	1	https://cryptosuite.org/forums/17093xheemax.html
Details	Url	1	https://totalhash.cymru.com/network/dnsrr:xheemax.no-ip.info
Details	Url	1	https://www.virustotal.com/en/file/3616af88323a25786b8da40641798fc1569b678f84ed6520035941066724682d/analysis
Details	Url	1	http://www.eweek.com/security/how-do-booters-work-inside-a-ddos-for-hire-attack