InfoSec Handlers Diary Blog - SANS Internet Storm Center
Tags
| attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | c1a02e61-baa8-45d4-bac3-43314eb7998e |
| Fingerprint | b699f9652fe50b87 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 16, 2021, midnight |
| Added to db | Sept. 11, 2022, 12:42 p.m. |
| Last updated | Nov. 15, 2024, 3:46 a.m. |
| Headline | Internet Storm Center |
| Title | InfoSec Handlers Diary Blog - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 21/1/43 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://isc.sans.edu/diary/28044 |
| Details | Source | https://isc.sans.edu/diary/rss/28044 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | av-quiz.tk |
|
| Details | Domain | 2 | devanture.com.sg |
|
| Details | Domain | 2 | ranvipclub.net |
|
| Details | Domain | 2 | visteme.mx |
|
| Details | Domain | 2 | goodtech.cetxlabs.com |
|
| Details | Domain | 2 | newsmag.danielolayinkas.com |
|
| Details | Domain | 2 | team.stagingapps.xyz |
|
| Details | Domain | 88 | malware-traffic-analysis.net |
|
| Details | File | 1 | doc_100045693068737895.docm |
|
| Details | File | 1 | doc_10010148844855817699830.docm |
|
| Details | File | 1 | inf_10043023764772507433030.docm |
|
| Details | File | 1 | file_24561806179285605525.docm |
|
| Details | File | 1 | inf_4069641746481110.zip |
|
| Details | File | 1 | inf_4069641746481110.docm |
|
| Details | File | 1 | file_10065732097649344691490.xlsm |
|
| Details | File | 1 | scan_1002996108727260055496.xlsm |
|
| Details | sha256 | 1 | 7c5690577a49105db766faa999354e0e4128e902dd4b5337741e00e1305ced24 |
|
| Details | sha256 | 1 | bd9b8fe173935ad51f14abc16ed6a5bf6ee92ec4f45fd2ae1154dd2f727fb245 |
|
| Details | sha256 | 1 | f7a4da96129e9c9708a005ee28e4a46af092275af36e3afd63ff201633c70285 |
|
| Details | sha256 | 1 | d95125b9b82df0734b6bc27c426d42dea895c642f2f6516132c80f896be6cf32 |
|
| Details | sha256 | 1 | 88b225f9e803e2509cc2b83c57ccd6ca8b6660448a75b125e02f0ac32f6aadb9 |
|
| Details | sha256 | 1 | 1abd14d498605654e20feb59b5927aa835e5c021cada80e8614e9438ac323601 |
|
| Details | sha256 | 1 | 0b132c7214b87082ed1fc2427ba078c3b97cbbf217ca258e21638cab28824bfa |
|
| Details | sha256 | 1 | 373398e4ae50ecb20840e6f8a458501437cfa8f7b75ad8a62a84d5c0d14d3e59 |
|
| Details | sha256 | 1 | 29de2e527f736d4be12b272fd8b246c96290c7379b6bc2d62c7c86ebf7f33cd4 |
|
| Details | sha256 | 1 | 632447a94c590b3733e2e6ed135a516428b0bd1e57a7d254d5357b52668b41f1 |
|
| Details | sha256 | 1 | 69efec4196d8a903de785ed404300b0bf9fce67b87746c0f3fc44a2bb9a638fc |
|
| Details | sha256 | 1 | 9c345ee65032ec38e1a29bf6b645cde468e3ded2e87b0c9c4a93c517d465e70d |
|
| Details | sha256 | 1 | b95a6218777e110578fa017ac14b33bf968ca9c57af7e99bd5843b78813f46e0 |
|
| Details | IPv4 | 1 | 51.75.33.120 |
|
| Details | IPv4 | 1 | 51.159.35.157 |
|
| Details | IPv4 | 6 | 81.0.236.93 |
|
| Details | IPv4 | 6 | 94.177.248.64 |
|
| Details | IPv4 | 1 | 92.207.181.106 |
|
| Details | IPv4 | 1 | 109.75.64.100 |
|
| Details | IPv4 | 2 | 163.172.50.82 |
|
| Details | Url | 2 | http://av-quiz.tk/wp-content/k6k |
|
| Details | Url | 2 | http://devanture.com.sg/wp-includes/xbbynunwvievawb68 |
|
| Details | Url | 2 | http://ranvipclub.net/pvhko/a |
|
| Details | Url | 2 | http://visteme.mx/shop/wp-admin/pp |
|
| Details | Url | 2 | https://goodtech.cetxlabs.com/content/5mfzpgp06 |
|
| Details | Url | 2 | https://newsmag.danielolayinkas.com/content/nvgyrfrte68yd9s6 |
|
| Details | Url | 2 | https://team.stagingapps.xyz/wp-content/apim2gsja |