Finding the RAT's Nest
Tags
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID 7629133f-b4da-4eff-a41a-401fb9c1caf2
Fingerprint b6693911e9b2c740
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 18, 2017, 6:26 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 18, 2024, 6:28 a.m.
Headline Finding the RAT's Nest
Title Finding the RAT's Nest
Detected Hints/Tags/Attributes 41/1/21
Source URLs
Redirection Url
Details Source https://umbrella.cisco.com/blog/2017/01/18/finding-the-rats-nest/
URL Provider
Details Provider Source level domain
Details cisco.com umbrella.cisco.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
onsitepowersystems.com
Details Domain 1 
invoice86291320.zip
Details Domain 318 
bit.ly
Details Domain 1 
thevm2.biz
Details Domain 1 
blackhills.ddns.net
Details Domain 1176 
gmail.com
Details Domain 1 
marciaguthke.com
Details Domain 1 
email-hosting.us
Details Domain 1 
emailhostings.in
Details Domain 1 
myvm2.biz
Details Domain 1 
vm2online.biz
Details Domain 1 
hackcom.org
Details Domain 1 
virus-os-77h7ft.pw
Details Email 1 
nie0461@gmail.com
Details sha256 1 
083bb90a33710585883ae6bbb7f36437c083a5d889a3e4e3994955a53bfa1be0
Details sha256 1 
0247b0ecbf6069e38e772ef546e63c46262cc77efe5d004a3ec516baf0e74d87
Details sha256 1 
1ae134e146c43891a6e28d917d9cfcf32bb0ff435051261462b57181320b992a
Details sha256 1 
ac3ade715adafa5784c43f407843bf8889e7c97c4e62239c1b22f07aab2920c9
Details IPv4 1 
191.101.22.47
Details IPv4 1 
192.111.155.6
Details Url 1 
http://onsitepowersystems.com/invoice86291320.zip