ioc[.]one - OSINT Cyber Threat Intelligence Database

Global Threat Report

Show in Graph

Common Information

Type	Value
UUID	bb028fde-53d3-4fce-b390-605394605fe6
Fingerprint	072dcdc23b9e2c4a02bdeb586dc7ffad478fc735ea969dad5f939cb79c8b6e14
Analysis status	DONE
Considered CTI value	1
Text language
Published	Sept. 30, 2024, 2:51 p.m.
Added to db	Oct. 1, 2024, 4:40 p.m.
Last updated	Oct. 1, 2024, 4:43 p.m.
Headline	Global Threat Report
Title	Global Threat Report
Detected Hints/Tags/Attributes	331/4/78

Source URLs

	Redirection	Url
Details	Source	https://www.elastic.co/pdf/elastic-global-threat-report-2024

URL Provider

Details	Provider	Source level domain
Details	elastic.co	www.elastic.co

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	11	ec2.amazonaws.com
Details	Domain	4	monitoring.amazonaws.com
Details	Domain	2	config.amazonaws.com
Details	Domain	73	s3.amazonaws.com
Details	Domain	1	rds.amazonaws.com
Details	Domain	1	ras.amazonaws.com
Details	Domain	2	logs.amazonaws.com
Details	Domain	2	kms.amazonaws.com
Details	Domain	13	iam.amazonaws.com
Details	Domain	1	secretsmanager.amazonaws.com
Details	Domain	4	ssm.amazonaws.com
Details	Domain	4	signin.amazonaws.com
Details	Domain	11	sts.amazonaws.com
Details	Domain	2	shop.redacted.mn
Details	Domain	2	paper.hosted-by-bay.net
Details	Domain	2	news.hosted-by-bay.net
Details	Domain	2	redacted.mn
Details	Domain	2	hosted-by-bay.net
Details	Domain	88	main.py
Details	Domain	9	bridges.zip
Details	Domain	11	testspeed.py
Details	Domain	15	watcher.py
Details	Domain	1	tp-global.xyz
Details	Domain	55	process.name
Details	Domain	1	assets.work
Details	Domain	295	amazon.com
Details	File	1018	rundll32.exe
Details	File	456	mshta.exe
Details	File	142	wmiprvse.exe
Details	File	1208	powershell.exe
Details	File	2125	cmd.exe
Details	File	249	schtasks.exe
Details	File	459	regsvr32.exe
Details	File	93	curl.exe
Details	File	63	bitsadmin.exe
Details	File	1260	explorer.exe
Details	File	165	reg.exe
Details	File	2	cert.db
Details	File	1	key.db
Details	File	25	esentutl.exe
Details	File	23	diskshadow.exe
Details	File	23	vaultcli.dll
Details	File	26	cvtres.exe
Details	File	26	procdump64.exe
Details	File	478	lsass.exe
Details	File	69	comsvcs.dll
Details	File	41	mscorsvw.exe
Details	File	380	notepad.exe
Details	File	9	vboxsvc.exe
Details	File	35	libcurl.dll
Details	File	48	mshtml.dll
Details	File	6	handoff.wav
Details	File	149	msbuild.exe
Details	File	2	get.png
Details	File	2	iobitunlockers.sys
Details	File	2	smartsscreen.exe
Details	File	21	tiworker.exe
Details	File	22	oci.dll
Details	File	2	aswarpots.sys
Details	File	2	backup.png
Details	File	2	kill.png
Details	File	153	config.json
Details	File	26	taskhostw.exe
Details	File	20	winring0x64.sys
Details	File	76	main.py
Details	File	9	bridges.zip
Details	File	10	testspeed.py
Details	File	15	watcher.py
Details	File	3	release.dll
Details	IPv4	619	0.0.0.0
Details	IPv4	1	45.133.194.106
Details	IPv4	1	185.82.217.164
Details	IPv4	1	45.90.58.103
Details	IPv4	3	192.119.64.43
Details	Windows Registry Key	24	HKLM\SAM
Details	Windows Registry Key	37	HKLM\SYSTEM
Details	Yara rule	1	rule Windows_Trojan_RudeBird { meta: author = "Elastic Security" creation_date = "2023-05-09" last_modified = "2023-06-13" threat_name = "Windows. Trojan.RudeBird" license = "Elastic License v2" os = "windows" strings: $a1 = { 40 53 48 83 EC 20 48 8B D9 B9 D8 00 00 00 E8 FD C1 FF FF 48 8B C8 33 C0 48 85 C9 74 05 E8 3A F2 } condition: all of them }