Gafgtyt_tor,Necro作者再次升级“武器库”
Tags
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | c1dc4aa8-2d0b-4518-b813-e9fcfa0af883 |
| Fingerprint | 5a54362ff9429f19 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 5, 2021, midnight |
| Added to db | Jan. 18, 2023, 8:36 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Gafgtyt_tor,Necro作者再次升级“武器库” |
| Title | Gafgtyt_tor,Necro作者再次升级“武器库” |
| Detected Hints/Tags/Attributes | 34/1/228 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.netlab.360.com/tor-bld/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | IPv4 | 2 | 167.233.6.47 |
|
| Details | IPv4 | 2 | 167.71.236.109 |
|
| Details | IPv4 | 2 | 168.119.37.152 |
|
| Details | IPv4 | 2 | 168.119.61.251 |
|
| Details | IPv4 | 2 | 172.104.240.74 |
|
| Details | IPv4 | 2 | 172.104.4.144 |
|
| Details | IPv4 | 2 | 176.37.245.132 |
|
| Details | IPv4 | 2 | 178.62.215.4 |
|
| Details | IPv4 | 2 | 18.191.18.101 |
|
| Details | IPv4 | 2 | 18.229.49.115 |
|
| Details | IPv4 | 2 | 185.105.237.253 |
|
| Details | IPv4 | 2 | 185.106.121.176 |
|
| Details | IPv4 | 2 | 185.106.122.10 |
|
| Details | IPv4 | 2 | 185.128.139.56 |
|
| Details | IPv4 | 2 | 185.180.223.198 |
|
| Details | IPv4 | 2 | 185.18.215.170 |
|
| Details | IPv4 | 2 | 185.18.215.178 |
|
| Details | IPv4 | 2 | 185.212.128.115 |
|
| Details | IPv4 | 2 | 185.217.1.30 |
|
| Details | IPv4 | 2 | 188.127.231.152 |
|
| Details | IPv4 | 3 | 188.165.233.121 |
|
| Details | IPv4 | 2 | 188.166.17.35 |
|
| Details | IPv4 | 3 | 188.166.34.137 |
|
| Details | IPv4 | 2 | 188.166.79.209 |
|
| Details | CVE | 8 | cve-2019-16920 |
|
| Details | CVE | 161 | cve-2019-19781 |
|
| Details | Domain | 6 | newbm.pl |
|
| Details | Domain | 2 | wvp3te7pkfczmnnl.onion |
|
| Details | Domain | 4 | gxbrowser.net |
|
| Details | Domain | 38 | blog.netlab.360.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | File | 3 | login_pic.asp |
|
| Details | File | 6 | newbm.pl |
|
| Details | md5 | 2 | 3ab32e92917070942135f5c5a545127d |
|
| Details | md5 | 2 | f1d6fbd0b4e6c6176e7e89f1d1784d14 |
|
| Details | md5 | 2 | eb77fa43bb857e68dd1f7fab04ed0de4 |
|
| Details | md5 | 2 | dce3d16ea9672efe528f74949403dc93 |
|
| Details | md5 | 2 | bfaa01127e03a119d74bdb4cb0f557ec |
|
| Details | md5 | 2 | a6bdf72b8011be1edc69c9df90b5e0f2 |
|
| Details | md5 | 2 | 5c1153608be582c28e3287522d76c02f |
|
| Details | md5 | 2 | 54e2687070de214973bdc3bc975049b5 |
|
| Details | md5 | 2 | b40d8a44b011b79178180a657b052527 |
|
| Details | md5 | 2 | 1cc68eb2d9713925d692194bd0523783 |
|
| Details | md5 | 2 | 94a587198b464fc4f73a29c8d8d6e420 |
|
| Details | md5 | 2 | 2b2940d168a60990377fea8b6158ba22 |
|
| Details | md5 | 2 | 56439912093d9c1bf08e34d743961763 |
|
| Details | md5 | 2 | 2d6917fe413163a7be7936a0609a0c2d |
|
| Details | md5 | 2 | 8cd99b32ec514f348f4273a814f97e79 |
|
| Details | md5 | 2 | 1c966d79319e68ccc66f1a2231040adb |
|
| Details | md5 | 2 | 47275afdb412321610c08576890093d7 |
|
| Details | md5 | 2 | 3c5758723980e6b9315ac6e6c32e261d |
|
| Details | md5 | 2 | 980d4d0ac9335ae1db6938e8aeb3e757 |
|
| Details | md5 | 2 | 513bc0091dfa208249bd1e6a66d9d79e |
|
| Details | md5 | 2 | 8e551c76a6b17299da795c2b69bb6805 |
|
| Details | md5 | 2 | 61b93c03cb5af31b82c11d0c86f82be1 |
|
| Details | md5 | 2 | 69cab222e42c7177655f490d849e18c5 |
|
| Details | md5 | 2 | 7cbdd215e7f1e17fc589de2df3f09ac9 |
|
| Details | md5 | 2 | 6b631fed1416c2cd16ca01738fdfe61a |
|
| Details | md5 | 2 | 90a716280fe1baee0f056a79c3aa724d |
|
| Details | md5 | 2 | 3b4f844c7dd870e8b8c1d5a397a29514 |
|
| Details | md5 | 2 | 853dc777c5959db7056f64b34e938ba5 |
|
| Details | md5 | 2 | 3eccab18fa690bbfdb6e10348bc40b02 |
|
| Details | md5 | 2 | e78e04aad0915f2febcbb19ef6ffc4fe |
|
| Details | md5 | 2 | b99115a6ea41d85dea5c96d799e65353 |
|
| Details | md5 | 2 | 4b95dfc5dc523f29eebf7d50e98187c2 |
|
| Details | md5 | 2 | 4c271f8068bc64686b241eb002e15459 |
|
| Details | md5 | 2 | 843a7fec9a8e2398a69dd7dfc49afdd2 |
|
| Details | md5 | 2 | 7122bcd084d2d0e721ec7c01cf2a6a57 |
|
| Details | md5 | 2 | 10f6b09f88e0cf589d69a764ff4f455b |
|
| Details | md5 | 2 | f91083e19eed003ac400c1e94eba395e |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 4 | 45.145.185.83 |
|
| Details | IPv4 | 3 | 193.239.147.224 |
|
| Details | IPv4 | 4 | 45.153.203.124 |
|
| Details | IPv4 | 2 | 103.125.218.111 |
|
| Details | IPv4 | 2 | 103.82.219.42 |
|
| Details | IPv4 | 2 | 104.155.207.91 |
|
| Details | IPv4 | 2 | 104.224.179.229 |
|
| Details | IPv4 | 2 | 107.20.204.32 |
|
| Details | IPv4 | 2 | 111.90.159.138 |
|
| Details | IPv4 | 2 | 116.202.107.151 |
|
| Details | IPv4 | 2 | 116.203.210.124 |
|
| Details | IPv4 | 2 | 119.28.149.37 |
|
| Details | IPv4 | 3 | 128.199.45.26 |
|
| Details | IPv4 | 2 | 130.193.56.117 |
|
| Details | IPv4 | 2 | 134.122.4.130 |
|
| Details | IPv4 | 2 | 134.122.59.236 |
|
| Details | IPv4 | 2 | 134.209.230.13 |
|
| Details | IPv4 | 2 | 134.209.249.97 |
|
| Details | IPv4 | 2 | 135.181.137.237 |
|
| Details | IPv4 | 2 | 138.68.6.227 |
|
| Details | IPv4 | 2 | 139.162.149.58 |
|
| Details | IPv4 | 2 | 139.162.32.82 |
|
| Details | IPv4 | 2 | 139.162.42.124 |
|
| Details | IPv4 | 2 | 139.99.239.154 |
|
| Details | IPv4 | 2 | 142.47.219.133 |
|
| Details | IPv4 | 2 | 143.110.230.187 |
|
| Details | IPv4 | 2 | 145.239.83.129 |
|
| Details | IPv4 | 2 | 146.59.156.72 |
|
| Details | IPv4 | 2 | 146.59.156.76 |
|
| Details | IPv4 | 2 | 146.59.156.77 |
|
| Details | IPv4 | 2 | 146.66.180.176 |
|
| Details | IPv4 | 2 | 148.251.177.144 |
|
| Details | IPv4 | 2 | 157.230.27.96 |
|
| Details | IPv4 | 2 | 157.230.98.211 |
|
| Details | IPv4 | 2 | 157.230.98.77 |
|
| Details | IPv4 | 2 | 158.174.108.130 |
|
| Details | IPv4 | 2 | 158.247.211.132 |
|
| Details | IPv4 | 2 | 159.65.69.186 |
|
| Details | IPv4 | 2 | 159.69.203.65 |
|
| Details | IPv4 | 2 | 159.89.19.9 |
|
| Details | IPv4 | 2 | 161.35.84.202 |
|
| Details | IPv4 | 2 | 165.22.194.250 |
|
| Details | IPv4 | 2 | 165.22.94.245 |
|
| Details | IPv4 | 2 | 167.172.123.221 |
|
| Details | IPv4 | 2 | 167.172.173.3 |
|
| Details | IPv4 | 2 | 167.172.177.33 |
|
| Details | IPv4 | 2 | 167.172.178.215 |
|
| Details | IPv4 | 2 | 167.172.179.199 |
|
| Details | IPv4 | 2 | 167.172.180.219 |
|
| Details | IPv4 | 2 | 167.172.190.42 |
|
| Details | IPv4 | 2 | 188.166.80.74 |
|
| Details | IPv4 | 2 | 188.166.82.232 |
|
| Details | IPv4 | 2 | 188.227.224.110 |
|
| Details | IPv4 | 2 | 188.68.52.220 |
|
| Details | IPv4 | 2 | 192.46.209.98 |
|
| Details | IPv4 | 2 | 192.99.169.229 |
|
| Details | IPv4 | 2 | 193.123.35.48 |
|
| Details | IPv4 | 2 | 193.187.173.33 |
|
| Details | IPv4 | 2 | 195.123.222.9 |
|
| Details | IPv4 | 2 | 195.93.173.53 |
|
| Details | IPv4 | 2 | 197.156.89.19 |
|
| Details | IPv4 | 2 | 198.27.82.186 |
|
| Details | IPv4 | 2 | 198.74.54.182 |
|
| Details | IPv4 | 2 | 199.247.4.110 |
|
| Details | IPv4 | 2 | 201.40.122.152 |
|
| Details | IPv4 | 2 | 20.52.130.140 |
|
| Details | IPv4 | 2 | 20.52.147.137 |
|
| Details | IPv4 | 2 | 20.52.37.89 |
|
| Details | IPv4 | 3 | 206.81.17.232 |
|
| Details | IPv4 | 2 | 206.81.27.29 |
|
| Details | IPv4 | 2 | 212.71.253.168 |
|
| Details | IPv4 | 2 | 212.8.244.112 |
|
| Details | IPv4 | 2 | 217.12.201.190 |
|
| Details | IPv4 | 2 | 217.144.173.78 |
|
| Details | IPv4 | 2 | 217.170.127.226 |
|
| Details | IPv4 | 2 | 217.61.98.33 |
|
| Details | IPv4 | 2 | 34.239.11.167 |
|
| Details | IPv4 | 2 | 35.189.88.51 |
|
| Details | IPv4 | 2 | 35.192.111.58 |
|
| Details | IPv4 | 2 | 37.200.66.166 |
|
| Details | IPv4 | 2 | 3.91.139.103 |
|
| Details | IPv4 | 2 | 45.33.45.209 |
|
| Details | IPv4 | 2 | 45.33.79.19 |
|
| Details | IPv4 | 2 | 45.33.82.126 |
|
| Details | IPv4 | 2 | 45.79.207.110 |
|
| Details | IPv4 | 2 | 45.81.225.67 |
|
| Details | IPv4 | 2 | 45.81.226.8 |
|
| Details | IPv4 | 2 | 45.92.94.83 |
|
| Details | IPv4 | 2 | 46.101.156.38 |
|
| Details | IPv4 | 2 | 46.101.159.138 |
|
| Details | IPv4 | 2 | 47.90.1.153 |
|
| Details | IPv4 | 2 | 49.147.80.102 |
|
| Details | IPv4 | 2 | 50.116.61.125 |
|
| Details | IPv4 | 2 | 5.100.80.141 |
|
| Details | IPv4 | 2 | 51.11.240.222 |
|
| Details | IPv4 | 2 | 51.116.185.181 |
|
| Details | IPv4 | 2 | 51.195.201.47 |
|
| Details | IPv4 | 2 | 51.195.201.50 |
|
| Details | IPv4 | 2 | 5.167.53.191 |
|
| Details | IPv4 | 2 | 51.68.191.153 |
|
| Details | IPv4 | 2 | 51.75.161.21 |
|
| Details | IPv4 | 2 | 51.83.185.71 |
|
| Details | IPv4 | 2 | 51.83.186.137 |
|
| Details | IPv4 | 2 | 51.89.165.233 |
|
| Details | IPv4 | 2 | 52.47.87.178 |
|
| Details | IPv4 | 2 | 5.63.13.54 |
|
| Details | IPv4 | 2 | 66.42.34.110 |
|
| Details | IPv4 | 3 | 67.205.130.65 |
|
| Details | IPv4 | 2 | 68.183.67.182 |
|
| Details | IPv4 | 2 | 68.183.82.50 |
|
| Details | IPv4 | 2 | 79.124.62.26 |
|
| Details | IPv4 | 2 | 80.251.220.190 |
|
| Details | IPv4 | 2 | 8.210.163.246 |
|
| Details | IPv4 | 2 | 87.236.215.248 |
|
| Details | IPv4 | 2 | 88.198.167.20 |
|
| Details | IPv4 | 2 | 91.236.251.131 |
|
| Details | IPv4 | 2 | 94.23.40.220 |
|
| Details | IPv4 | 2 | 95.179.163.1 |
|
| Details | IPv4 | 2 | 95.179.164.28 |
|
| Details | IPv4 | 2 | 95.188.93.135 |
|
| Details | IPv4 | 2 | 95.216.123.39 |
|
| Details | IPv4 | 2 | 95.216.137.149 |
|
| Details | IPv4 | 2 | 95.217.27.5 |
|
| Details | Url | 2 | http://45.153.203.124/bins/ajhkewbfwefwefx86 |
|
| Details | Url | 2 | http://45.153.203.124/bins/ajhkewbfwefwefsh4 |
|
| Details | Url | 2 | http://45.153.203.124/bins/ajhkewbfwefwefmips |
|
| Details | Url | 2 | http://45.153.203.124/s1ej3/lpxdchtp3zx86 |
|
| Details | Url | 3 | http://45.153.203.124/s1ej3/lpxdchtp3zsh4 |
|
| Details | Url | 2 | http://45.153.203.124/s1ej3/lpxdchtp3zppc-440fp |
|
| Details | Url | 2 | http://45.153.203.124/s1ej3/lpxdchtp3zmpsl |
|
| Details | Url | 2 | http://45.153.203.124/s1ej3/lpxdchtp3zmips |
|
| Details | Url | 2 | http://45.153.203.124/s1ej3/lpxdchtp3zarm7 |
|
| Details | Url | 2 | http://45.153.203.124/s1ej3/lpxdchtp3zarm |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefx86 |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefspc |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefsh4 |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefppc |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefmips |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefi586 |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefarm7 |
|
| Details | Url | 2 | http://45.145.185.83/bins/ajhkewbfwefwefarm |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zsh4 |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zmpsl |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zmips |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zi686 |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zbsd |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zarm7 |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zarm64 |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/lpxdchtp3zarm |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/iobeenwjx86 |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/iobeenwjmips |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/iobeenwjarm5 |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/iobeenwjarm4 |
|
| Details | Url | 2 | http://45.145.185.83/s1ej3/iobeenwjarm |
|
| Details | Url | 2 | https://blog.netlab.360.com/necro |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/d30y0qeicknhmp9kad-pmg |
|
| Details | Url | 2 | https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet |