Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)
Tags
| attack-pattern: | Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | b5abf11f-9614-4720-838d-d1de255aa4d9 |
| Fingerprint | a98ea118c0a6a71d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 20, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 15, 2024, 9:31 p.m. |
| Headline | Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0) |
| Title | Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0) |
| Detected Hints/Tags/Attributes | 37/1/19 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 3 | validate_cookie.py |
|
| Details | File | 2 | internet_c2_scan.py |
|
| Details | File | 103 | test.txt |
|
| Details | File | 1 | openhost_udp_53_20191214.txt |
|
| Details | File | 1 | 188.bin |
|
| Details | md5 | 1 | 37f1f677b50b73b1a538f8091cf4d00d |
|
| Details | sha1 | 3 | 640abefb16d2ce36e7e83e1b8bef31b2500abefb |
|
| Details | sha1 | 2 | 420f0dabd80fc8f34050b58a5ab00fce420f0dab |
|
| Details | sha256 | 2 | 0a3279bb86ff0de24c2a4b646f24ffa196ee639cc23c64a044e20f50b93bda21 |
|
| Details | IPv4 | 2 | 172.16.24.127 |
|
| Details | IPv4 | 2 | 185.161.211.97 |
|
| Details | IPv4 | 2 | 80.82.67.6 |
|
| Details | IPv4 | 1 | 185.161.211.188 |
|
| Details | IPv4 | 1 | 185.236.78.28 |
|
| Details | IPv4 | 1 | 91.235.128.90 |
|
| Details | IPv4 | 1 | 185.161.208.28 |
|
| Details | IPv4 | 1 | 139.28.37.102 |
|
| Details | IPv4 | 1 | 185.161.209.234 |
|
| Details | IPv4 | 1 | 185.236.78.15 |