ioc[.]one - OSINT Cyber Threat Intelligence Database

Confucius Says...Malware Families Get Further By Abusing Legitimate Websites

Tags

country:	Pakistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Services - T1583.006 Web Services - T1584.006

Show in Graph

Common Information

Type	Value
UUID	a3d38055-4a6d-4f89-8a6b-2c778d82ead7
Fingerprint	a4298dd1a5fb86f5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 28, 2016, 5:10 p.m.
Added to db	Jan. 16, 2023, 4:59 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Confucius Says...Malware Families Get Further By Abusing Legitimate Websites
Title	Confucius Says...Malware Families Get Further By Abusing Legitimate Websites
Detected Hints/Tags/Attributes	78/3/196

Source URLs

	Redirection	Url
Details	Source	https://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/
Details	Source	https://unit42.paloaltonetworks.com/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	com-account-jfnjkr.xyz
Details	Domain	1	breachframework.com
Details	Domain	4	www.quora.com
Details	Domain	1	answers.yahoo.com
Details	Domain	1	in.answers.yahoo.com
Details	Domain	1	www.nefuri.com
Details	Domain	1	www.answerlib.org
Details	Domain	1	www.question.com
Details	Domain	1	findnerd.com
Details	Domain	1	able2know.org
Details	Domain	1	bs71.blog.com
Details	Domain	1	www.linkibl.com
Details	Domain	1	www.education.com
Details	Domain	1	www.fixya.com
Details	Domain	1	technology.blurtit.com
Details	Domain	1	adhath-learning.com
Details	Domain	1	stepontheroof.com
Details	Domain	1	ns1.b3autybab3s.com
Details	Domain	1	stilletowheels.com
Details	Domain	1	b3autybab3s.com
Details	Domain	1	fierybarrels.com
Details	Domain	1	mail.cooperednews.info
Details	Domain	1	ns2.cooperednews.info
Details	Domain	1	teensechs.com
Details	Domain	1	newstodayreviews.com
Details	Domain	1	ns2.softwares-free.com
Details	Domain	1	www.fierybarrels.com
Details	Domain	1	ns1.cooperednews.info
Details	Domain	1	znaniye-onlayn.com
Details	Domain	1	cooperednews.info
Details	Domain	1	nophoz.com
Details	Domain	1	twigreader.com
Details	Domain	1	zadnitsa.com
Details	Domain	1	bookerstream.com
Details	Domain	1	teens3xweb.com
Details	Domain	1	romanrugby.com
Details	Domain	1	130dozen.com
Details	Domain	1	transseksualov.com
Details	Domain	1	cutedazzle.com
Details	Domain	1	speedeagles.com
Details	Domain	1	www.templetom.com
Details	Domain	1	gallopingroses.com
Details	Domain	1	didlynews.info
Details	Domain	1	ns2.didlynews.info
Details	Domain	1	ns1.didlynews.info
Details	Domain	1	purple-banana.com
Details	Domain	1	uchitel-nitsa.com
Details	Domain	1	couchypotatoes.com
Details	Domain	1	your3x.com
Details	Domain	1	trk.greatleonidas.com
Details	Domain	1	greatleonidas.com
Details	Domain	1	chucknorr.com
Details	Domain	1	tangyball.com
Details	Domain	1	templetom.com
Details	Domain	1	younghogs.com
Details	Domain	1	www.cutedazzle.com
Details	Domain	1	neistovo.com
Details	Domain	1	roseauster.com
Details	Domain	1	www.gallopingroses.com
Details	Domain	1	onepickle.com
Details	Domain	1	wond3rfulworld.com
Details	Domain	1	ns2.b3autybab3s.com
Details	Domain	1	softwares-free.com
Details	Domain	1	www.romanrugby.com
Details	Domain	1	gomadweb.com
Details	Domain	1	wetcottonballs.com
Details	Domain	1	ns1.softwares-free.com
Details	Domain	1	sechshun8.com
Details	Domain	1	newsscrapper.com
Details	Domain	1	jobs.undp.tangyball.com
Details	Domain	1	news-letters-4u.com
Details	Domain	1	magzinehog.com
Details	Domain	1	jupanto.com
Details	Domain	1	www.tumblebin.com
Details	Domain	1	little-nuts.com
Details	Domain	1	fullhalfempty.com
Details	Domain	1	mysugarbin.com
Details	Domain	1	ftp.wond3rfulworld.com
Details	Domain	1	blog.younghogs.com
Details	Domain	1	ww2.younghogs.com
Details	Domain	1	www.younghogs.com
Details	Domain	1	ww1.younghogs.com
Details	Domain	1	mx2.newstodayreviews.com
Details	Domain	1	mx1.newstodayreviews.com
Details	Domain	1	mx3.newstodayreviews.com
Details	Domain	1	www.onepickle.com
Details	Domain	1	quicktime.softwares-free.com
Details	Domain	1	tumblebin.com
Details	Domain	1	ns1.bidux.com.avtofrom.us
Details	Domain	1	www.nophoz.com
Details	Domain	1	breachframework.website
Details	File	1	fancy.vbs
Details	File	1	fancy.bat
Details	File	1122	svchost.exe
Details	File	3	www.nef
Details	File	1	_me_you_like_or_couple_weed_or_hate_weed_with_deedy_block_claggy_1562153.html
Details	File	1	20160229115557aaxc2ib.html
Details	File	1	what-are-the-precautions-for-diphtheria-tetanus-998506.html
Details	sha1	1	f6438919d27d08aa545e2f90b58d445cccac6c09
Details	sha256	1	a21b956e1be9dcfa8a28c38dc0bb0657508b5588bcf1435052700aea22910d7d
Details	sha256	1	627724fa447e3937f3cdc5388285935a52d6970a616f4ac3d02e583d160cbfc0
Details	sha256	1	c975954fbb473ed8ce3a98ca2c4977bf22d2413db01eda87599524969565836f
Details	sha256	1	8cfd559756630d967bb597b087af98adc75895a1ec52586d53a2d898e4a6e9b0
Details	sha256	1	0bd7db12ba8d9ce9d29983ef76205864dce146eb14cebe32a3431f994cc770ee
Details	sha256	1	fb9064abd562012f7c4ffec335f1b669d7ffa0ce724b81f83840474e544c0113
Details	sha256	1	ec15a7698eed7a925b0c074239a92b9f3efdd1054ea281fa914c0bf63d73d319
Details	sha256	1	09fcb9444b415781d1d01d0b43c37df441a381042a3f2f91f04890b9c4632c5e
Details	sha256	1	487d43f38006a609715f95d2e8dd605446de820cafcc453d57a452bc67972a7a
Details	sha256	1	7b9454ac9c96db562c2b961a72aa1fece896cd1633a1ec3139eb75346a086f64
Details	sha256	1	d0176a1d30827a42dda4f575ede0d2d8ad0f71306e41f67b1d1fe999f0e82838
Details	sha256	1	dd34f8236b314ce5123fc036c7ae1d0b4ef6da3ae781d639bcc1d5a30b197b2c
Details	sha256	1	6115b1a37cf58d39010fd19bcf83f73e4eae943d95fcb29f8078c6d0e5c37a56
Details	sha256	1	700296a05cbe947e24e04f976db596c2471681e69740593fb5d02e4adbd983be
Details	sha256	1	c66660142d9ba85bb89c8277447f3c21d0a7d1ee12fd38cd61091ed02ffba80e
Details	sha256	1	248010893646d292254efb4c575b1bfd58d8b75deee38af8616e9e83b695833a
Details	sha256	1	28fd73965f766ab400b655b2c3ffb7c2949112c3c3d9cf05639a382c84828f12
Details	sha256	1	2f3005a06cf6819690da987414e7db797ad1955861be6f3a8a89e689602fd022
Details	sha256	1	4462454586b2969821e4b97d0d4387624cd9854ffc9e16750b5771990a707af8
Details	sha256	1	50f0bf106781452d20f12a33df04e1ebc2d805c9721df83169af3cf394198434
Details	sha256	1	86f9a01dca754ff0e2c1108dba2cebaab4483b122be1e312f0b24643b1523b49
Details	sha256	1	9e90f9acb9752e2dc7faa28b7d07330bae69431a1055697420b165521f6768e3
Details	sha256	1	e93dd106f5c031e773f6f490a6df6ef165a0782072c98702a741433b62375829
Details	sha256	1	51a3758eaf22a893c1771aa70e78e22b775243424abce755dd48cc83879ddd94
Details	sha256	1	1220815b09694b522a33a4feacfc20ca90e03728c9f5e2bd4288e67e2e1257de
Details	sha256	1	1b682fa08d99b1f57e545cab2e0cd553282682f7706a72afe5ee63264002e010
Details	sha256	1	63e0cf48e461ea6e2663fcbb5727e02b39641c86c2860e979a353b3e997eb8d7
Details	sha256	1	7ec2de26d9564f60bb079fbf66e7ce7ff9fe5331937137e3b836023fde7ac1b1
Details	sha256	1	83718971c1cc94ff4cd7b430e57d3d5b61d1032028c23aee56b7148bb6f176c2
Details	sha256	1	a50808054fcf359eea0f684b9f84a4ac12e2bf1467a4c33446f7445a4b3bafaa
Details	sha256	1	0082b8b2b7ac562db544fd81b26229fd2a6a6c04a9c86123cbd89a285eeb2594
Details	sha256	1	3181065099986c2bb8b3f58f04f2c59e5bd5887dc46f6e7c9a62ba7d2ca23758
Details	sha256	1	7699584f996a7e09ce26437113199531db71d01b22711246246da55abbda5410
Details	sha256	1	815ba75ac821b7c656c9c9bc0e663f9570f71bf247e374d60f9142fcc380efad
Details	sha256	1	346c08fc3439a0619903ca25ed0b951e07096701eeb094bdab3770611328873e
Details	sha256	1	9c5d8b74fd35755570b478737e1298702535d9baf06f69d9954f265c30dcdab6
Details	sha256	1	b19cd6ddbb41d9b689eeff1262bd7cd6b9361d95afb79cd6e77f39c5d3581728
Details	sha256	1	d718ea92106894c1bfb2273ed7e71c9ad7cec01fa0ae4c2571e5a762e1f26e8d
Details	sha256	1	d9c4994aed6f4bab5f2bb65fb2cc5f455ee99848d8f49e22b8b1c5ef13f3e78f
Details	IPv4	3	91.210.107.104
Details	IPv4	1	149.202.110.2
Details	IPv4	1	5.135.85.16
Details	IPv4	1	104.23.35.15
Details	IPv4	1	104.219.250.204
Details	IPv4	1	216.189.148.125
Details	IPv4	1	104.219.250.205
Details	IPv4	1	78.128.92.101
Details	IPv4	1	206.221.188.98
Details	IPv4	1	104.232.35.15
Details	IPv4	1	5.39.23.192
Details	IPv4	1	95.211.135.167
Details	IPv4	1	46.165.207.109
Details	IPv4	1	95.211.38.134
Details	IPv4	2	46.165.249.223
Details	IPv4	1	95.211.135.162
Details	IPv4	1	46.165.207.140
Details	IPv4	1	46.165.207.120
Details	IPv4	1	95.211.107.75
Details	IPv4	1	94.242.219.203
Details	IPv4	1	95.211.38.133
Details	IPv4	1	46.165.207.112
Details	IPv4	1	95.211.3.135
Details	IPv4	1	91.210.107.107
Details	IPv4	1	46.165.207.114
Details	IPv4	1	91.210.107.108
Details	IPv4	1	95.211.205.142
Details	IPv4	1	95.211.107.71
Details	IPv4	1	46.165.207.116
Details	IPv4	1	95.211.135.168
Details	IPv4	1	46.165.207.134
Details	IPv4	1	46.165.207.98
Details	IPv4	1	46.165.207.113
Details	IPv4	1	46.165.207.138
Details	IPv4	1	94.242.219.199
Details	IPv4	1	46.165.207.142
Details	IPv4	1	46.165.207.99
Details	IPv4	1	95.211.107.72
Details	IPv4	1	95.211.38.135
Details	IPv4	1	46.165.207.132
Details	IPv4	3	46.165.207.108
Details	Url	1	https://www.quora.com/is-bingle-hate-and-love-the-green-or-it-fire-couple-fire-tell-
Details	Url	1	https://answers.yahoo.com/question/index?qid=20160301074835aa7cf60&sort=n
Details	Url	1	https://in.answers.yahoo.com/question/index?qid=20160229024628aa4xq7r
Details	Url	1	http://www.nefuri.com/hi_is_bingle_hate_and_love_the_green_or_it_fire_couple_fire_tell
Details	Url	1	http://www.answerlib.org/qv/20160229115557aaxc2ib.html
Details	Url	1	https://in.answers.yahoo.com/question/index?qid=20160229115557aaxc2ib
Details	Url	1	https://www.question.com/what-are-the-precautions-for-diphtheria-tetanus-998506.html
Details	Url	1	http://findnerd.com/list/view/how-to-make-a-simple-settings-page-in-android/15891
Details	Url	1	http://able2know.org/topic/312620-1
Details	Url	1	http://bs71.blog.com/2016/03/01/performing-namaz
Details	Url	1	http://www.linkibl.com/l/define-simple-support-boundary-condition-of-a-beam-solid-
Details	Url	1	http://www.education.com/question/working-model-depict-buoyancy
Details	Url	1	http://www.quora.com/where-can-i-find-port-de-vaire
Details	Url	1	http://www.fixya.com/support/t25556697-intel_desktop_board_dh67cl_having_vga
Details	Url	1	http://www.education.com/question/scientist-calculate-distance-planets
Details	Url	1	http://technology.blurtit.com/4492774/import-mri-ct-and-microct-data
Details	Url	1	https://www.quora.com/how-fertilization-takes-place-in-plants