Greenbug’s DNS-isms | NETSCOUT
Tags
country: Saudi Arabia
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID afe870f5-09ef-4a32-9219-7a53e9821a7e
Fingerprint ac148a906989899d
Analysis status DONE
Considered CTI value 2
Text language
Published May 1, 2017, midnight
Added to db Feb. 17, 2023, 10:20 p.m.
Last updated Sept. 26, 2024, 8:30 a.m.
Headline Greenbug’s DNS-isms
Title Greenbug’s DNS-isms | NETSCOUT
Detected Hints/Tags/Attributes 56/2/35
Source URLs
Redirection Url
Details Redirection https://asert.arbornetworks.com/greenbugs-dns-isms/
Details Source https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/
Details Source https://www.netscout.com/blog/asert/greenbugs-dns-isms
URL Provider
Details Provider Source level domain
Details arbornetworks.com www.arbornetworks.com
Details arbornetworks.com asert.arbornetworks.com
Details netscout.com www.netscout.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
winrepp.com
Details Domain 1 
winsecupdater.com
Details Domain 1 
dnslookupdater.com
Details Domain 1 
dnssecupdater.com
Details Domain 4 
c2.com
Details Domain 1 
237735c7dcf34de59f8e04cb852401b3.dnslookupdater.com
Details Domain 1 
dr.237735c7dcf34de59f8e04cb852401b3.dnslookupdater.com
Details Domain 1 
fc.237735c7dcf34de59f8e04cb852401b3.dnslookupdater.com
Details Domain 2 
session.id
Details File 1 
ccd61.ps1
Details File 1 
ivb.ps1
Details File 1 
dp.ps1
Details File 6 
winit.exe
Details md5 1 
237735C7DCF34DE59F8E04CB852401B3
Details md5 1 
4F6B2020202020202020202020202020
Details md5 1 
a1a13274c08f4730b88f1715de38068c
Details md5 1 
31362C31352C392C3520202020202020
Details md5 1 
20202020202020202020202020202020
Details md5 1 
41707049647C7C7C38267569643D3432
Details md5 1 
6435623934352D383062362D34336430
Details md5 1 
2D396330332D33323736316233323866
Details md5 1 
34372020202020202020202020202020
Details md5 1 
31202020202020202020202020202020
Details md5 1 
30323064373461352D323061332D3433
Details md5 1 
65372D616463642D6634383631356466
Details md5 1 
356137347C7C7C476574436F6E666967
Details md5 1 
3A3A3A31302020202020202020202020
Details IPv6 1 
a67d:db8:a2a1:7334:7654:4325:370:2aa3
Details IPv6 1 
a67d:db8:85a3:4325:7654:8a2a:370:7334
Details IPv6 1 
2020:2020:2020:2020:2020:2020:2020:2020
Details IPv6 1 
a67d:db8:85a3:4325:7654:8a2a::1
Details IPv6 1 
4f6b:2020:2020:2020:2020:2020:2020:2020
Details IPv6 1 
3136:2c31:352c:392c:3520:2020:2020:2020
Details Pdb 1 
c:\projects\dns bot\bot\x64\release\ism.pdb
Details Pdb 1 
nrtscan.pdb