ioc[.]one - OSINT Cyber Threat Intelligence Database

HELO Winnti: is that you

Show in Graph

Image Description

Common Information

Type	Value
UUID	f025342f-a21a-4299-870f-ad9fe1ce03ed
Fingerprint	48a26d60d553b327d74d88fe9815ffca01661f7013515843fd198502688a746f
Analysis status	DONE
Considered CTI value	1
Text language
Published	None
Added to db	April 16, 2024, 9:39 p.m.
Last updated	Aug. 31, 2024, 12:18 a.m.
Headline	HELO Winnti: is that you
Title	HELO Winnti: is that you
Detected Hints/Tags/Attributes	35/2/10

Source URLs

	Redirection	Url
Details	Source	https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-OrtolaniZhang.pdf

URL Provider

Details	Provider	Source level domain
Details	virusbulletin.com	www.virusbulletin.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	4127		github.com
Details	Domain	1		threatsinkhole.com
Details	Domain	7		www.lastline.com
Details	Github username	1		tkcert
Details	md5	1		F58F2454CE8A16D78C47F664D23079C8
Details	IPv4	1		35.203.53.10
Details	IPv4	1		10.112.4.65
Details	IPv4	1441		127.0.0.1
Details	Url	1		https://github.com/tkcert/winnti-suricata-lua
Details	Url	1		https://www.lastline.com/labsblog/helo-winnti-attack-scan