ioc[.]one - OSINT Cyber Threat Intelligence Database

Network Forensics and Reversing Part 1 gzip web content, java malware, and a little JavaScript

Tags

country:	Latvia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	19b62d73-1fd5-406d-8eb8-c3be0918ddf7
Fingerprint	35603371683207a5
Analysis status	DONE
Considered CTI value	1
Text language
Published	Aug. 22, 2012, 8 p.m.
Added to db	Jan. 18, 2023, 9:21 p.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	NetWitness Community
Title	Network Forensics and Reversing Part 1 gzip web content, java malware, and a little JavaScript
Detected Hints/Tags/Attributes	70/3/34

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2012/08/22/network-forensics-and-reversing-part-1-gzip-web-content-java-malware-and-a-little-javascript

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	1	AS29557
Details	Domain	1	ertyi.net
Details	Domain	9	jsunpack.jeek.org
Details	Domain	1	uijn.net
Details	Domain	138	java.io
Details	Domain	23	os.name
Details	Domain	14	www.robtex.com
Details	Domain	1	www.bfk.de
Details	Domain	1	aeriklin.com
Details	Domain	1	aijkl.net
Details	Domain	1	asdfiz.net
Details	Domain	1	asuyr.net
Details	Domain	1	campag.net
Details	Domain	1	iifgn.net
Details	Domain	1	jhgi.net
Details	Domain	1	jugv.net
Details	Domain	1	kobqq.com
Details	Domain	1	krclear.com
Details	Domain	1	lilif.net
Details	Domain	1	nadwq.com
Details	Domain	1	oiuhx.net
Details	Domain	1	pokiz.net
Details	File	1	inyrktgsxtfwylf.php
Details	File	1	fs7.php
Details	File	11	io.tmp
Details	File	1	bfk_dnslogger.html
Details	IPv4	1	194.8.250.60
Details	IPv4	1	194.8.250.61
Details	IPv4	1	194.8.250.0
Details	Threat Actor Identifier - APT	297	APT27
Details	Url	1	http://jsunpack.jeek.org/dec/go
Details	Url	1	http://uijn.net/th/fs7.php?i=1
Details	Url	1	http://www.robtex.com
Details	Url	1	http://www.bfk.de/bfk_dnslogger.html