Gafgtyt_tor and Necro are on the move again
Common Information
Type Value
UUID ad696d81-2ff7-4bc6-938e-5e7f9bf08cad
Fingerprint 3e159b618a69a385
Analysis status DONE
Considered CTI value 2
Text language
Published March 4, 2021, midnight
Added to db Sept. 11, 2022, 12:46 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Gafgtyt_tor and Necro are on the move again
Title Gafgtyt_tor and Necro are on the move again
Detected Hints/Tags/Attributes 60/1/229
Attributes
Details Type #Events CTI Value
Details md5 2
54e2687070de214973bdc3bc975049b5
Details md5 2
b40d8a44b011b79178180a657b052527
Details md5 2
1cc68eb2d9713925d692194bd0523783
Details md5 2
94a587198b464fc4f73a29c8d8d6e420
Details md5 2
2b2940d168a60990377fea8b6158ba22
Details md5 2
56439912093d9c1bf08e34d743961763
Details md5 2
2d6917fe413163a7be7936a0609a0c2d
Details md5 2
8cd99b32ec514f348f4273a814f97e79
Details md5 2
1c966d79319e68ccc66f1a2231040adb
Details md5 2
47275afdb412321610c08576890093d7
Details md5 2
3c5758723980e6b9315ac6e6c32e261d
Details md5 2
980d4d0ac9335ae1db6938e8aeb3e757
Details md5 2
513bc0091dfa208249bd1e6a66d9d79e
Details md5 2
8e551c76a6b17299da795c2b69bb6805
Details md5 2
61b93c03cb5af31b82c11d0c86f82be1
Details md5 2
69cab222e42c7177655f490d849e18c5
Details md5 2
7cbdd215e7f1e17fc589de2df3f09ac9
Details md5 2
6b631fed1416c2cd16ca01738fdfe61a
Details md5 2
90a716280fe1baee0f056a79c3aa724d
Details md5 2
3b4f844c7dd870e8b8c1d5a397a29514
Details md5 2
853dc777c5959db7056f64b34e938ba5
Details md5 2
3eccab18fa690bbfdb6e10348bc40b02
Details md5 2
e78e04aad0915f2febcbb19ef6ffc4fe
Details md5 2
b99115a6ea41d85dea5c96d799e65353
Details CVE 8
cve-2019-16920
Details CVE 161
cve-2019-19781
Details Domain 38
blog.netlab.360.com
Details Domain 6
newbm.pl
Details Domain 2
wvp3te7pkfczmnnl.onion
Details Domain 4
gxbrowser.net
Details Domain 208
mp.weixin.qq.com
Details File 3
login_pic.asp
Details File 6
newbm.pl
Details md5 2
3ab32e92917070942135f5c5a545127d
Details md5 2
f1d6fbd0b4e6c6176e7e89f1d1784d14
Details md5 2
eb77fa43bb857e68dd1f7fab04ed0de4
Details md5 2
dce3d16ea9672efe528f74949403dc93
Details md5 2
bfaa01127e03a119d74bdb4cb0f557ec
Details md5 2
a6bdf72b8011be1edc69c9df90b5e0f2
Details md5 2
5c1153608be582c28e3287522d76c02f
Details md5 2
4b95dfc5dc523f29eebf7d50e98187c2
Details md5 2
4c271f8068bc64686b241eb002e15459
Details md5 2
843a7fec9a8e2398a69dd7dfc49afdd2
Details md5 2
7122bcd084d2d0e721ec7c01cf2a6a57
Details md5 2
10f6b09f88e0cf589d69a764ff4f455b
Details md5 2
f91083e19eed003ac400c1e94eba395e
Details IPv4 1441
127.0.0.1
Details IPv4 4
45.145.185.83
Details IPv4 3
193.239.147.224
Details IPv4 4
45.153.203.124
Details IPv4 2
103.125.218.111
Details IPv4 2
103.82.219.42
Details IPv4 2
104.155.207.91
Details IPv4 2
104.224.179.229
Details IPv4 2
107.20.204.32
Details IPv4 2
111.90.159.138
Details IPv4 2
116.202.107.151
Details IPv4 2
116.203.210.124
Details IPv4 2
119.28.149.37
Details IPv4 3
128.199.45.26
Details IPv4 2
130.193.56.117
Details IPv4 2
134.122.4.130
Details IPv4 2
134.122.59.236
Details IPv4 2
134.209.230.13
Details IPv4 2
134.209.249.97
Details IPv4 2
135.181.137.237
Details IPv4 2
138.68.6.227
Details IPv4 2
139.162.149.58
Details IPv4 2
139.162.32.82
Details IPv4 2
139.162.42.124
Details IPv4 2
139.99.239.154
Details IPv4 2
142.47.219.133
Details IPv4 2
143.110.230.187
Details IPv4 2
145.239.83.129
Details IPv4 2
146.59.156.72
Details IPv4 2
146.59.156.76
Details IPv4 2
146.59.156.77
Details IPv4 2
146.66.180.176
Details IPv4 2
148.251.177.144
Details IPv4 2
157.230.27.96
Details IPv4 2
157.230.98.211
Details IPv4 2
157.230.98.77
Details IPv4 2
158.174.108.130
Details IPv4 2
158.247.211.132
Details IPv4 2
159.65.69.186
Details IPv4 2
159.69.203.65
Details IPv4 2
159.89.19.9
Details IPv4 2
161.35.84.202
Details IPv4 2
165.22.194.250
Details IPv4 2
165.22.94.245
Details IPv4 2
167.172.123.221
Details IPv4 2
167.172.173.3
Details IPv4 2
167.172.177.33
Details IPv4 2
167.172.178.215
Details IPv4 2
167.172.179.199
Details IPv4 2
167.172.180.219
Details IPv4 2
167.172.190.42
Details IPv4 2
167.233.6.47
Details IPv4 2
167.71.236.109
Details IPv4 2
168.119.37.152
Details IPv4 2
168.119.61.251
Details IPv4 2
172.104.240.74
Details IPv4 2
172.104.4.144
Details IPv4 2
176.37.245.132
Details IPv4 2
178.62.215.4
Details IPv4 2
18.191.18.101
Details IPv4 2
18.229.49.115
Details IPv4 2
185.105.237.253
Details IPv4 2
185.106.121.176
Details IPv4 2
185.106.122.10
Details IPv4 2
185.128.139.56
Details IPv4 2
185.180.223.198
Details IPv4 2
185.18.215.170
Details IPv4 2
185.18.215.178
Details IPv4 2
185.212.128.115
Details IPv4 2
185.217.1.30
Details IPv4 2
188.127.231.152
Details IPv4 3
188.165.233.121
Details IPv4 2
188.166.17.35
Details IPv4 3
188.166.34.137
Details IPv4 2
188.166.79.209
Details IPv4 2
188.166.80.74
Details IPv4 2
188.166.82.232
Details IPv4 2
188.227.224.110
Details IPv4 2
188.68.52.220
Details IPv4 2
192.46.209.98
Details IPv4 2
192.99.169.229
Details IPv4 2
193.123.35.48
Details IPv4 2
193.187.173.33
Details IPv4 2
195.123.222.9
Details IPv4 2
195.93.173.53
Details IPv4 2
197.156.89.19
Details IPv4 2
198.27.82.186
Details IPv4 2
198.74.54.182
Details IPv4 2
199.247.4.110
Details IPv4 2
201.40.122.152
Details IPv4 2
20.52.130.140
Details IPv4 2
20.52.147.137
Details IPv4 2
20.52.37.89
Details IPv4 3
206.81.17.232
Details IPv4 2
206.81.27.29
Details IPv4 2
212.71.253.168
Details IPv4 2
212.8.244.112
Details IPv4 2
217.12.201.190
Details IPv4 2
217.144.173.78
Details IPv4 2
217.170.127.226
Details IPv4 2
217.61.98.33
Details IPv4 2
34.239.11.167
Details IPv4 2
35.189.88.51
Details IPv4 2
35.192.111.58
Details IPv4 2
37.200.66.166
Details IPv4 2
3.91.139.103
Details IPv4 2
45.33.45.209
Details IPv4 2
45.33.79.19
Details IPv4 2
45.33.82.126
Details IPv4 2
45.79.207.110
Details IPv4 2
45.81.225.67
Details IPv4 2
45.81.226.8
Details IPv4 2
45.92.94.83
Details IPv4 2
46.101.156.38
Details IPv4 2
46.101.159.138
Details IPv4 2
47.90.1.153
Details IPv4 2
49.147.80.102
Details IPv4 2
50.116.61.125
Details IPv4 2
5.100.80.141
Details IPv4 2
51.11.240.222
Details IPv4 2
51.116.185.181
Details IPv4 2
51.195.201.47
Details IPv4 2
51.195.201.50
Details IPv4 2
5.167.53.191
Details IPv4 2
51.68.191.153
Details IPv4 2
51.75.161.21
Details IPv4 2
51.83.185.71
Details IPv4 2
51.83.186.137
Details IPv4 2
51.89.165.233
Details IPv4 2
52.47.87.178
Details IPv4 2
5.63.13.54
Details IPv4 2
66.42.34.110
Details IPv4 3
67.205.130.65
Details IPv4 2
68.183.67.182
Details IPv4 2
68.183.82.50
Details IPv4 2
79.124.62.26
Details IPv4 2
80.251.220.190
Details IPv4 2
8.210.163.246
Details IPv4 2
87.236.215.248
Details IPv4 2
88.198.167.20
Details IPv4 2
91.236.251.131
Details IPv4 2
94.23.40.220
Details IPv4 2
95.179.163.1
Details IPv4 2
95.179.164.28
Details IPv4 2
95.188.93.135
Details IPv4 2
95.216.123.39
Details IPv4 2
95.216.137.149
Details IPv4 2
95.217.27.5
Details Url 1
https://blog.netlab.360.com/not-really-new-pyhton-ddos-bot-n3cr0m0rph-necromorph
Details Url 2
http://45.153.203.124/bins/ajhkewbfwefwefx86
Details Url 2
http://45.153.203.124/bins/ajhkewbfwefwefsh4
Details Url 2
http://45.153.203.124/bins/ajhkewbfwefwefmips
Details Url 2
http://45.153.203.124/s1ej3/lpxdchtp3zx86
Details Url 3
http://45.153.203.124/s1ej3/lpxdchtp3zsh4
Details Url 2
http://45.153.203.124/s1ej3/lpxdchtp3zppc-440fp
Details Url 2
http://45.153.203.124/s1ej3/lpxdchtp3zmpsl
Details Url 2
http://45.153.203.124/s1ej3/lpxdchtp3zmips
Details Url 2
http://45.153.203.124/s1ej3/lpxdchtp3zarm7
Details Url 2
http://45.153.203.124/s1ej3/lpxdchtp3zarm
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefx86
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefspc
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefsh4
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefppc
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefmips
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefi586
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefarm7
Details Url 2
http://45.145.185.83/bins/ajhkewbfwefwefarm
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zsh4
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zmpsl
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zmips
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zi686
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zbsd
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zarm7
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zarm64
Details Url 2
http://45.145.185.83/s1ej3/lpxdchtp3zarm
Details Url 2
http://45.145.185.83/s1ej3/iobeenwjx86
Details Url 2
http://45.145.185.83/s1ej3/iobeenwjmips
Details Url 2
http://45.145.185.83/s1ej3/iobeenwjarm5
Details Url 2
http://45.145.185.83/s1ej3/iobeenwjarm4
Details Url 2
http://45.145.185.83/s1ej3/iobeenwjarm
Details Url 2
https://blog.netlab.360.com/necro
Details Url 2
https://mp.weixin.qq.com/s/d30y0qeicknhmp9kad-pmg
Details Url 2
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet