Data Insights from Russian Cyber Militants: NoName057
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 4cf71b6f-b1dd-415b-ae8c-155f00ba0264 |
| Fingerprint | 3514995d492bb445 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 17, 2023, 1:35 p.m. |
| Added to db | April 17, 2023, 4:14 p.m. |
| Last updated | Sept. 2, 2024, 7:07 a.m. |
| Headline | Data Insights from Russian Cyber Militants: NoName05716 |
| Title | Data Insights from Russian Cyber Militants: NoName057 |
| Detected Hints/Tags/Attributes | 75/2/14 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | noname.be42late.co |
|
| Details | File | 1 | d_win_arm64.exe |
|
| Details | File | 1 | d_win_x64.exe |
|
| Details | md5 | 1 | c344f584881e90d426235553fedacff3 |
|
| Details | md5 | 1 | ac0d5e1ec2664ad36db8877078bcf6c3 |
|
| Details | sha1 | 1 | d8631b2830af376932be65a5a7785df3bda93798 |
|
| Details | sha1 | 1 | 21f9cfdf4f6e85cf8834e1a4718395fe586d3b49 |
|
| Details | sha1 | 1 | 9b387e0ca5489f81b095f6719337d1fe13ebf60f |
|
| Details | sha1 | 1 | dfae1df231ba8e8abfba4886df35a64c1d61d53d |
|
| Details | sha1 | 1 | 8e544c6b237da88467028d315012bd4c71e03c71 |
|
| Details | sha1 | 1 | 9ab710153ddfa8fe87a9b13b653f37869247347d |
|
| Details | Url | 1 | https://noname.be42late.co/. |
|
| Details | Yara rule | 1 | rule go_stresser_20_x64 {
meta:
author = "B42 Labs"
date = "2023-04-13"
hash_md5 = "c344f584881e90d426235553fedacff3"
tlp = "CLEAR"
yarahub_license = "CC0 1.0"
yarahub_reference_md5 = "c344f584881e90d426235553fedacff3"
yarahub_rule_matching_tlp = "CLEAR"
yarahub_rule_sharing_tlp = "CLEAR"
yarahub_uuid = "873ebbf5-9f83-4cf5-9670-b159211dd3c2"
strings:
$x64_0 = { F7 D8 49 C1 F8 3F 4D 21 E8 49 01 C0 4C 39 DE 74 04 }
$x64_1 = { 18 B9 ?? ?? ?? ?? E8 E2 0B 00 00 48 8B 6C 24 ?? 48 83 C4 20 C3 }
$x64_2 = { 18 B9 ?? ?? ?? ?? E8 E2 0B 00 00 48 8B 6C 24 ?? 48 83 C4 20 C3 }
$x64_3 = { F7 DA 49 C1 FA 3F 4D 21 E2 49 01 C2 ?? ?? 48 39 F7 74 04 }
$x64_4 = { 6C 24 40 48 89 44 24 ?? 48 89 7C 24 ?? 31 D2 45 31 C0 EB 17 }
$x64_5 = { 8D 5E ?? 45 69 E1 93 01 00 01 44 0F B6 2C 30 47 8D 0C 2C 4C 89 DE 49 39 F0 7E 0B }
$x64_6 = { 48 89 4C 24 ?? 48 89 7C 24 ?? 44 89 54 24 ?? 89 54 24 ?? 41 39 D1 75 44 }
$x64_7 = { 08 48 ?? 5C 24 10 E8 C9 08 06 00 48 8B 44 24 ?? 48 8B 5C 24 ?? EB BD }
$x64_8 = { 48 F7 C7 01 00 00 00 45 0F 45 D1 48 D1 FF 45 0F AF C0 45 89 D1 48 85 FF 7F DF }
$x64_9 = { 0F B6 14 31 43 8D 14 11 4C 89 C6 ?? 48 39 F7 7F E3 }
$s_0 = "HttpJob" ascii wide
$s_1 = "SayHallo" ascii wide
$s_2 = "StartJob" ascii wide
$s_3 = "FastRequest" ascii wide
$s_4 = "SetStatToBot" ascii wide
$s_5 = "GetTargets" ascii wide
condition:
filesize < 10MB and (5 of ($x64_*)) and (3 of ($s_*))
} |
|
| Details | Yara rule | 1 | rule go_stresser_20_generic {
meta:
author = "B42 Labs"
date = "2023-04-13"
hash_md5 = "ac0d5e1ec2664ad36db8877078bcf6c3"
tlp = "CLEAR"
yarahub_license = "CC0 1.0"
yarahub_reference_md5 = "ac0d5e1ec2664ad36db8877078bcf6c3"
yarahub_rule_matching_tlp = "CLEAR"
yarahub_rule_sharing_tlp = "CLEAR"
yarahub_uuid = "873ebbf5-9f83-4cf5-9670-b159211dd3c2"
strings:
$s_0 = "HttpJob" ascii wide
$s_1 = "SayHallo" ascii wide
$s_2 = "StartJob" ascii wide
$s_3 = "FastRequest" ascii wide
$s_4 = "SetStatToBot" ascii wide
$s_5 = "GetTargets" ascii wide
condition:
filesize < 10MB and (5 of ($s_*))
} |