LUA - Common Event Format (CEF) Script Template
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID b4e41265-7f4e-40d1-a1ab-761f60bcdd91
Fingerprint badc026274aa2fde
Analysis status DONE
Considered CTI value 1
Text language
Published Oct. 19, 2016, 10:14 p.m.
Added to db Jan. 18, 2023, 9:22 p.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline NetWitness Community
Title LUA - Common Event Format (CEF) Script Template
Detected Hints/Tags/Attributes 38/1/24
Source URLs
Redirection Url
Details Source https://community.rsa.com/community/products/netwitness/blog/2016/10/19/lua-common-event-format-cef-script-template
URL Provider
Details Provider Source level domain
Details rsa.com community.rsa.com
Attributes
Details Type #Events CTI Value
Details Domain 20 
alias.host
Details Domain 1 
de.co
Details Domain 1 
zpr5huq4bgmutfnf.tor2web.org
Details Domain 1 
nzpr5huq4bgmutfnf.onion.to
Details Domain 1 
ncrl2.alphassl.com
Details Domain 1 
nipinfo.io
Details Domain 1 
nkosdfnure75.op1gifsd05mllk.com
Details Domain 1 
ngfdkotriam.fo4j4wnq51hepa.com
Details Domain 10 
rsa.com
Details Email 1 
ian.redden@rsa.local
Details Email 1 
suser=ian.redden@rsa.local
Details Email 1 
ian.redden@rsa.com
Details File 103 
test.txt
Details sha256 1 
8271d841b9971f04d6a48804d06ecd7185d71ed8546988b1697fbe01741a8572
Details IPv4 2 
172.16.20.45
Details IPv4 81 
192.168.1.100
Details IPv4 4 
84.200.69.80
Details IPv4 1 
34.196.176.140
Details IPv4 3 
185.100.85.150
Details IPv4 2 
192.36.27.5
Details IPv4 1 
172.16.10.50
Details Threat Actor Identifier - APT 297 
APT27
Details Url 1 
http://de.co.der.ip:50102/logs?msg=pull&force
Details Url 1 
https://www.hybrid-analysis.com/sample/8271d841b9971f04d6a48804d06ecd7185d71ed8546988b1697fbe01741a8572/?environmentid