Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
Tags
| attack-pattern: | Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Sudo - T1169 |
Common Information
| Type | Value |
|---|---|
| UUID | 9cc506fb-8f83-4e24-8316-34258f71fe0b |
| Fingerprint | 849f6ddfa0e5a01e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 20, 2019, 5 a.m. |
| Added to db | Jan. 18, 2023, 10:55 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire) |
| Title | Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire) |
| Detected Hints/Tags/Attributes | 38/1/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 19 | client.py |
|
| Details | Domain | 21 | server.py |
|
| Details | File | 1 | auth_send.bin |
|
| Details | File | 1 | auth_recv.bin |
|
| Details | File | 1 | gen_send.bin |
|
| Details | File | 1 | gen_recv.bin |
|
| Details | File | 19 | client.py |
|
| Details | File | 19 | server.py |
|
| Details | File | 1 | _send.bin |
|
| Details | File | 1 | _recv.bin |
|
| Details | md5 | 1 | 50778a98ca957cf1ddb3d96f0b623133 |
|
| Details | md5 | 1 | 19493425e15c770d971be676bce14aa2 |
|
| Details | md5 | 1 | b8b776ebe5cf30c6dc1547ed35a79f42 |
|
| Details | md5 | 2 | 12def981952667740eb06ee91168e643 |
|
| Details | md5 | 1 | cb75044f5941530d963df9a626c813ae |
|
| Details | md5 | 1 | de3a8b1e149312dac5b8584a33c3f3c6 |
|
| Details | md5 | 1 | 50d4f0da2e38874e417bd13b59f4c067 |
|
| Details | md5 | 1 | 944b9c731cf3821f1392b40f82ea0947 |
|
| Details | sha256 | 1 | a2e449364b1bc148a19824984010485e2770a2f2e3098a7b59b557a59f735691 |
|
| Details | sha256 | 1 | 0499aa5c68c59d2d3a484d52d7f1afcc189722ae96dfdde2afd9e12c95085af4 |
|
| Details | sha256 | 1 | c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b |
|
| Details | sha256 | 1 | a981a5fbeff782330871fb8a106466cbe61280536c162b3e3c3cbf441265b437 |
|
| Details | sha256 | 2 | 07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4 |
|
| Details | sha256 | 1 | 41dfab4ade85a7ea2df6f726ea711b60ddac7aa29d77a6bc5654564dec46cef7 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |