ioc[.]one - OSINT Cyber Threat Intelligence Database

NetWitness Platform Evolved SIEM Solution Brief

Show in Graph

Common Information

Type	Value
UUID	dd0ba95f-acba-473f-bcd5-616f6f2c80b3
Fingerprint	a8fae5f8c8e2bbe9c72be5ee5f56c7d93eee3ee1759e38cb1f7bfb5760907e11
Analysis status	DONE
Considered CTI value	2
Text language
Published	None
Added to db	April 14, 2024, 3 a.m.
Last updated	Aug. 31, 2024, 4:50 a.m.
Headline	NetWitness Platform Evolved SIEM Solution Brief
Title	NetWitness Platform Evolved SIEM Solution Brief
Detected Hints/Tags/Attributes	173/3/89

Source URLs

	Redirection	Url
Details	Source	https://www.netwitness.com/wp-content/uploads/FIN13-Elephant-Beetle-NetWitness.pdf

URL Provider

Details	Provider	Source level domain
Details	netwitness.com	www.netwitness.com

Attributes

Details	Type	#Events	Value
Details	CVE	9	cve-2019-2729
Details	CVE	4	cve-2010-5326
Details	CVE	5	cve-2015-7450
Details	CVE	58	cve-2019-0604
Details	Domain	1	pr64.zip
Details	Domain	4128	github.com
Details	Domain	1	netwitness.com
Details	Domain	96	malpedia.caad.fkie.fraunhofer.de
Details	Domain	1	hubspotusercontent30.net
Details	Domain	182	www.mandiant.com
Details	Domain	6	blog.sygnia.co
Details	Domain	132	www.exploit-db.com
Details	Email	1	hacienda.losandes@yachay.pe
Details	File	2	s0b.jar
Details	File	4	registry.xml
Details	File	478	lsass.exe
Details	File	12	psexec64.exe
Details	File	1	ccfix.bat
Details	File	1	ccfixa.bat
Details	File	1	65.txt
Details	File	1	str-isis.txt
Details	File	1	str-bio.txt
Details	File	75	favicon.ico
Details	File	1	beamarker.dat
Details	File	1	weblogic.txt
Details	File	103	test.txt
Details	File	4	test3.txt
Details	File	1	weblog.jsp
Details	File	1	webout.jsp
Details	File	1	chart10.php
Details	File	1	output.php
Details	File	6	p.txt
Details	File	1	pr64.zip
Details	File	1	bi.txt
Details	File	16	1.jar
Details	File	1	f3624376.exe
Details	File	4	rawcap.exe
Details	File	1208	powershell.exe
Details	File	9	generic.dic
Details	File	13	psversiontable.ps
Details	File	41	system.obj
Details	File	2	pr64.exe
Details	File	31	psexesvc.exe
Details	File	8	wmiexec.vbs
Details	File	30	rdpclip.exe
Details	File	1	bridgeunattend.exe
Details	File	1	dsac.exe
Details	File	1	equipos.txt
Details	File	2126	cmd.exe
Details	File	1	upstart2.jsp
Details	File	20	shell.jsp
Details	File	1	sygnia-%20elephant%20beetle_jan2022.pdf
Details	Github username	3	twi1ight
Details	Github username	6	tennc
Details	md5	1	91a7cfb45dc44a91cdc8aecc2f26c181
Details	md5	1	32deb25a3d7f73ee5f1f38d2e44ef193
Details	md5	3	f4b56e8b6c0710f1e8a18dc4f11a4edc
Details	md5	3	a92669ec8852230a10256ac23bbf4489
Details	md5	1	fed35b114e24bf4a88c8b152c02faabb
Details	md5	1	4bed9c8d06a3ba7215c49f139ca0dd16
Details	md5	1	93acad22e4f91dbc9581377fd9d996e4
Details	md5	1	bc9a0f8026c176ab8afb1b330ef4f781
Details	md5	1	17eb9c943d686a7d7c23266d9cbb3900
Details	md5	1	83af340778e7c353b9a2d2a788c3a13a
Details	md5	1	0d7a08e7f58bfe020c59d739911ee519
Details	sha1	1	12088138171164c0c256f608b434eb73c0c957d7
Details	IPv4	2	0.2.0.0
Details	IPv4	2	0.1.5.0
Details	IPv4	1	185.193.126.22
Details	IPv4	1	187.177.170.111
Details	IPv4	5	12.1.1.0
Details	IPv4	1	7.4.0.0
Details	IPv4	1	179.6.92.161
Details	IPv4	1	10.128.60.174
Details	IPv4	1	10.159.83.8
Details	IPv4	1	10.130.10.85
Details	IPv4	1	10.130.10.16
Details	IPv4	1	10.130.10.30
Details	IPv4	1	10.96.160.1
Details	IPv4	1	10.96.160.5
Details	IPv4	1	45.76.223.23
Details	Threat Actor Identifier - FIN	10	FIN13
Details	Url	1	https://github.com/tennc/webshell/blob/master/jsp/shell.jsp
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/actor/fin13
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/actor/elephant_beetle
Details	Url	1	https://f.hubspotusercontent30.net/hubfs/8776530/sygnia-%20elephant%20beetle_jan2022.pdf
Details	Url	1	https://www.mandiant.com/resources/fin13-cybercriminal-mexico
Details	Url	1	https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation
Details	Url	1	https://www.exploit-db.com/exploits/46814