ioc[.]one - OSINT Cyber Threat Intelligence Database

A Hunting Story

Show in Graph

Common Information

Type	Value
UUID	978462c3-5c0c-4ce4-be9f-813756c62019
Fingerprint	1d6d08a5dc967f3175cf54a197d219c0bebec850e99d2b443609cd8ffa521dfa
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 12, 2016, 9:07 p.m.
Added to db	March 9, 2024, 11:20 p.m.
Last updated	Aug. 30, 2024, 10:13 p.m.
Headline	A Hunting Story
Title	A Hunting Story
Detected Hints/Tags/Attributes	146/2/152

Source URLs

	Redirection	Url
Details	Source	http://go.recordedfuture.com/hubfs/reports/rep-2016-9006.pdf

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	go.recordedfuture.com

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	2	AS12978
Details	Autonomous System Number	1	AS13272
Details	Autonomous System Number	1	AS13285
Details	Autonomous System Number	8	AS14618
Details	Autonomous System Number	1	AS1764
Details	Autonomous System Number	1	AS25019
Details	Autonomous System Number	4	AS29075
Details	Autonomous System Number	5	AS29256
Details	Autonomous System Number	1	AS34984
Details	Autonomous System Number	2	AS8151
Details	Domain	1	osaam2014.no-ip.biz
Details	Domain	1	htomshi.zapto.org
Details	Domain	1	psx.py
Details	Domain	291	raw.githubusercontent.com
Details	Domain	339	system.net
Details	Domain	8	chocolatey.org
Details	Domain	356	pastebin.com
Details	Domain	1	jjleo.no-ip.biz
Details	Domain	1	happynessxxx.no-ip.biz
Details	Domain	179	hotmail.com
Details	Domain	1	ihebrakrouni.linkpc.net
Details	Domain	2	colostore.com
Details	Domain	1	weather.gov
Details	Domain	4	marketwatch.com
Details	Domain	30	nytimes.com
Details	Domain	2	sports.yahoo.com
Details	Domain	125	www.nytimes.com
Details	Domain	2	static01.nyt.com
Details	Domain	1	dnsdb.py
Details	Domain	1	ellsworth.com.vn
Details	Domain	1	rrsib.su
Details	Domain	1	www.nix.bz
Details	Domain	1	nix.bz
Details	Domain	546	www.recordedfuture.com
Details	Domain	2	exe.zip
Details	Domain	12	shell.run
Details	Email	1	ccx13@hotmail.com
Details	File	75	favicon.ico
Details	File	1204	powershell.exe
Details	File	36	compression.gzip
Details	File	1	psx.py
Details	File	57	system.dll
Details	File	747	kernel32.dll
Details	File	145	wininet.dll
Details	File	1	sample_drive_infector.ps1
Details	File	1	wmi_persistence_template.ps1
Details	File	2	downloadcradles.ps1
Details	File	1	new-hv.ps1
Details	File	3	eicar.txt
Details	File	1	tmp_base.ps1
Details	File	6	b.ps1
Details	File	1	%temp%\shell.ps1
Details	File	27	invoke-mimikatz.ps1
Details	File	2121	cmd.exe
Details	File	1	scriptsstart_sxxx_s012.bat
Details	File	26	install.ps1
Details	File	1	111111.exe
Details	File	1	dnsdb.py
Details	File	409	c:\windows\system32\cmd.exe
Details	File	45	1.zip
Details	File	1	c:\users\user1\appdata\roaming\wndupdate\1.exe
Details	File	35	index.asp
Details	File	2	ps1.txt
Details	File	1	wshell.reg
Details	Github username	3	clymb3r
Details	md5	1	938ea0d64bd83bd4e70a1eaa32620846
Details	md5	22	f34d5f2d4577ed6d9ceec516c1f5a744
Details	md5	1	92394b9a718e4e093e78361da68a8f9f
Details	md5	1	e1cad436c9a69d02c579cb8b6f1dd007
Details	md5	1	3309bebf40cc92170e0c877a42991703
Details	sha1	1	5c0cd0be6e32bf38136d48478fcdb99c4eed2a35
Details	sha1	1	a16d4cac8f8bb698aa0984b52c06fc232566f879
Details	sha1	1	dd84da530958b69c5d7504dcdf7c891e47c2c3df
Details	sha1	1	3833d280e0383a30251842e345a60c7cec6cb8f2
Details	sha256	1	03a3ea9a13078f83fa080e0cd67ff5d7dd2b0d4333ddc67f9a51e0cba7242014
Details	sha256	1	a1209831fa07bffc9cdac411af875e2c9a0fda722ce7785f584b22bfac723df2
Details	sha256	1	9805c54a76d4d48d5a5a14445db9c289670ec53da8e43d882c5433f81da7f728
Details	sha256	1	5445ff29a243d5372bbd4f1283d9718610220d9fd29267d69fa130b870de6a62
Details	IPv4	1	10.0.0.14
Details	IPv4	1	10.10.18.240
Details	IPv4	1	192.168.128.14
Details	IPv4	1	91.235.168.249
Details	IPv4	4	94.73.36.254
Details	IPv4	1	69.60.121.29
Details	IPv4	1	77.92.68.65
Details	IPv4	1	95.211.214.171
Details	IPv4	1	37.59.28.129
Details	IPv4	1	164.132.114.137
Details	IPv4	1	164.132.114.23
Details	IPv4	1	164.132.114.89
Details	IPv4	1	5.41.133.217
Details	IPv4	1	5.41.176.14
Details	IPv4	1	5.41.214.93
Details	IPv4	1	5.41.68.245
Details	IPv4	1	95.185.0.166
Details	IPv4	1	95.185.153.204
Details	IPv4	1	95.185.182.132
Details	IPv4	1	95.185.212.173
Details	IPv4	1	95.185.240.225
Details	IPv4	1	95.186.123.34
Details	IPv4	1	95.186.13.166
Details	IPv4	1	95.186.157.207
Details	IPv4	1	95.186.63.76
Details	IPv4	1	95.187.60.116
Details	IPv4	1	151.255.101.223
Details	IPv4	1	151.255.68.139
Details	IPv4	1	176.47.12.5
Details	IPv4	1	176.47.94.26
Details	IPv4	1	67.214.175.75
Details	IPv4	1	94.122.159.77
Details	IPv4	1	31.200.53.240
Details	IPv4	1	85.253.64.201
Details	IPv4	1	89.240.110.166
Details	IPv4	1	151.80.237.220
Details	IPv4	1	54.165.117.232
Details	IPv4	1	92.60.14.160
Details	IPv4	1	188.54.69.82
Details	IPv4	1	141.255.144.22
Details	IPv4	1	212.11.201.148
Details	IPv4	1	176.232.179.91
Details	IPv4	1	187.234.37.51
Details	IPv6	1	::def
Details	Url	1	http://10.10.18.240:8080
Details	Url	1	https://raw.githubusercontent.com/clymb3r/powershell/master/invoke-
Details	Url	3	https://chocolatey.org/install.ps1
Details	Url	1	http://pastebin.com/mwrqgr2v
Details	Url	1	http://pastebin.com/raw/kduk9nch
Details	Url	1	http://pastebin.com/qr1meu2l.
Details	Url	1	http://pastebin.com/cwxhrrz9
Details	Url	1	http://pastebin.com/76etzbdm
Details	Url	2	http://www.nytimes.com
Details	Url	1	https://static01.nyt.com/favicon.ico
Details	Url	1	http://94.122.159.77:8081/6cxp6lenzblkfhp
Details	Url	1	http://31.200.53.240:8081/windows
Details	Url	1	http://85.253.64.201:4444/tiit
Details	Url	1	http://89.240.110.166:8080/ctisawc
Details	Url	1	http://151.80.237.220/1.zip’,’c:\users\user1\appdata\roaming\wndupdate\1.exe.zip
Details	Url	1	https://54.165.117.232:443/index.asp
Details	Url	1	http://92.60.14.160:8000/payload
Details	Url	1	http://188.54.69.82
Details	Url	1	http://141.255.144.22:8080/cyvdkxm
Details	Url	1	http://212.11.201.148:80/d
Details	Url	1	http://176.232.179.91:8081/hloel6ncnbttdq
Details	Url	1	http://pastebin.com/epzn14nk
Details	Url	1	http://pastebin.com/qr1meu2l
Details	Url	1	http://pastebin.com/nvnw4zgh
Details	Windows Registry Key	111	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Client\Client
Details	Windows Registry Key	40	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	3	HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell