Dark.IoT僵尸网络滥用ClouDNS与白域名进行C2通讯
Tags
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Ssh - T1021.004 |
Common Information
| Type | Value |
|---|---|
| UUID | b2df9a50-83d8-4b57-baef-bc5bb2a00782 |
| Fingerprint | 4efb2e88285030be |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 21, 2022, midnight |
| Added to db | June 5, 2023, 2:22 p.m. |
| Last updated | Nov. 17, 2024, 5:55 p.m. |
| Headline | Dark.IoT僵尸网络滥用ClouDNS与白域名进行C2通讯 |
| Title | Dark.IoT僵尸网络滥用ClouDNS与白域名进行C2通讯 |
| Detected Hints/Tags/Attributes | 9/1/11 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 43 | cve-2018-10561 |
|
| Details | CVE | 1 | cve-2020-8949 |
|
| Details | CVE | 25 | cve-2021-35394 |
|
| Details | CVE | 32 | cve-2015-2051 |
|
| Details | Domain | 3 | raw.pastebin.com |
|
| Details | Domain | 1 | ns41.cloudns.net |
|
| Details | Domain | 3 | hoz.1337.cx |
|
| Details | File | 3 | raw.pas |
|
| Details | md5 | 1 | 3D4433C578D19E29DF52FD4D59A7DDFB |
|
| Details | md5 | 1 | AB7D9E6F28DF5AEF65C665B819440BB6 |
|
| Details | md5 | 1 | D0AC70EF5D7317AEE275DD7C34EADB47 |