→ New Botnets → Affiliate Programs → Network Compromise NOVEMBER 2020
Common Information
| Type | Value |
|---|---|
| UUID | a37704c4-9934-4508-aa44-afed379f4449 |
| Fingerprint | b7696b2262ab8bea13669d40010de4cecf813fbf355834593007c5205d181b50 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 23, 2020, 8:02 p.m. |
| Added to db | Oct. 15, 2024, 4:41 p.m. |
| Last updated | Oct. 15, 2024, 4:45 p.m. |
| Headline | → New Botnets → Affiliate Programs → Network Compromise NOVEMBER 2020 |
| Title | → New Botnets → Affiliate Programs → Network Compromise NOVEMBER 2020 |
| Detected Hints/Tags/Attributes | 630/4/97 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS205310 |
|
| Details | Autonomous System Number | 3 | AS15943 |
|
| Details | Autonomous System Number | 4 | AS8220 |
|
| Details | Autonomous System Number | 2 | AS263444 |
|
| Details | Autonomous System Number | 3 | AS7552 |
|
| Details | Autonomous System Number | 6 | AS12389 |
|
| Details | Autonomous System Number | 2 | AS50048 |
|
| Details | Autonomous System Number | 2 | AS139070 |
|
| Details | Autonomous System Number | 3 | AS8359 |
|
| Details | CVE | 161 | cve-2019-19781 |
|
| Details | CVE | 128 | cve-2019-11510 |
|
| Details | CVE | 150 | cve-2018-13379 |
|
| Details | CVE | 22 | cve-2019-9670 |
|
| Details | CVE | 23 | cve-2019-10149 |
|
| Details | CVE | 18 | cve-2019-1653 |
|
| Details | CVE | 10 | cve-2019-1652 |
|
| Details | CVE | 24 | cve-2020-10189 |
|
| Details | CVE | 269 | cve-2017-0199 |
|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | CVE | 63 | cve-2020-0796 |
|
| Details | Domain | 35 | group-ib.com |
|
| Details | Domain | 110 | exploit.in |
|
| Details | Domain | 2 | 247.ai |
|
| Details | Domain | 4 | netblocks.org |
|
| Details | Domain | 2 | stevinrock.com |
|
| Details | Domain | 7 | bc.monster |
|
| Details | Domain | 2 | pemex.com |
|
| Details | Domain | 2 | electricaribe.co |
|
| Details | Domain | 2 | ina.hr |
|
| Details | Domain | 2 | abanoffshore.com |
|
| Details | Domain | 2 | wtoffshore.com |
|
| Details | Domain | 2 | solarreserve.com |
|
| Details | Domain | 2 | enel.com.ar |
|
| Details | Domain | 2 | light.com.br |
|
| Details | Domain | 2 | edp.com |
|
| Details | Domain | 2 | axens.net |
|
| Details | Domain | 2 | entrustenergy.com |
|
| Details | Domain | 2 | roguepotato.zip |
|
| Details | Domain | 2 | cve-2020-0796-local.zip |
|
| Details | Domain | 1 | cal.zip |
|
| Details | Domain | 2 | util98.com |
|
| Details | Domain | 2 | startmary.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 9 | cert-gib.com |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 330 | facebook.com |
|
| Details | Domain | 80 | linkedin.com |
|
| Details | 9 | response@cert-gib.com |
||
| Details | 22 | info@group-ib.com |
||
| Details | File | 1 | 247.ai |
|
| Details | File | 2 | backdoor.sys |
|
| Details | File | 70 | web.config |
|
| Details | File | 2 | keyword_parm.txt |
|
| Details | File | 2 | parm.txt |
|
| Details | File | 1 | largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.html |
|
| Details | File | 4 | invoke-ms16135.ps1 |
|
| Details | File | 4 | invoke-ms16032.ps1 |
|
| Details | File | 1 | roguepotato.zip |
|
| Details | File | 1 | sysexec.exe |
|
| Details | File | 1 | cve-2020-0796-local.zip |
|
| Details | File | 12 | 4.zip |
|
| Details | File | 1 | 26_password_123.exe |
|
| Details | File | 8 | install.vbs |
|
| Details | File | 1 | cal.zip |
|
| Details | File | 1 | lanss.exe |
|
| Details | File | 1 | xfs.dll |
|
| Details | File | 2 | dns.dll |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1 | updatea.bin |
|
| Details | File | 1 | updatea2.bin |
|
| Details | File | 6 | xfs-disp.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | Github username | 3 | iagox86 |
|
| Details | md5 | 1 | c719a030434d3fa96d62868f27e904a6 |
|
| Details | sha1 | 1 | f2f750a752dd1fda8915a47b082af7cf2d3e3655 |
|
| Details | sha256 | 1 | 2696ee4302a85c6b4101fc6d1ce8e38b94fd9c2bbd1acc73b553576b3aacb92f |
|
| Details | Threat Actor Identifier - APT-C | 102 | APT-C-35 |
|
| Details | Threat Actor Identifier - APT-C | 8 | APT-C-37 |
|
| Details | Threat Actor Identifier - APT-C | 79 | APT-C-23 |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-34 |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 132 | APT32 |
|
| Details | Threat Actor Identifier - APT | 278 | APT10 |
|
| Details | Threat Actor Identifier - APT | 181 | APT33 |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |
|
| Details | Threat Actor Identifier - APT | 13 | APT20 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier - APT | 41 | APT5 |
|
| Details | Threat Actor Identifier - APT | 85 | APT15 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 143 | APT40 |
|
| Details | Threat Actor Identifier - APT | 31 | APT30 |
|
| Details | Threat Actor Identifier - APT | 258 | APT34 |
|
| Details | Threat Actor Identifier - FIN | 73 | FIN6 |
|
| Details | Url | 1 | https://blogs.akamai.com/2020/06/largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.html |