恶意样本分析手册–溯源篇 – 绿盟科技技术博客
Tags
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 |
Common Information
| Type | Value |
|---|---|
| UUID | c23fc4f4-313f-4840-91d4-867ec0e06c62 |
| Fingerprint | 5ff325d847845e31 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Jan. 2, 2018, 10:27 a.m. |
| Added to db | Jan. 18, 2023, 7:38 p.m. |
| Last updated | Nov. 17, 2024, 5:54 p.m. |
| Headline | 恶意样本分析手册–溯源篇 |
| Title | 恶意样本分析手册–溯源篇 – 绿盟科技技术博客 |
| Detected Hints/Tags/Attributes | 19/1/15 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.nsfocus.net/trace-source/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | nexusiotsolutions.net |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | Domain | 14 | www.antiy.com |
|
| Details | Domain | 5 | blog.comae.io |
|
| Details | 1 | nexuszeta1337@gmail.com |
||
| Details | File | 1 | c:\work\flareon2017\challenge_10\todo.txt |
|
| Details | File | 1 | 使用psexec在johnson的主机上安装后门srv2.exe |
|
| Details | File | 1 | c:\staging\cf.exe |
|
| Details | File | 1 | analysis_report_on_sample_set_of_bash_shellshock.html |
|
| Details | IPv4 | 3 | 192.168.221.105 |
|
| Details | Url | 2 | https://research.checkpoint.com/good-zero-day-skiddie |
|
| Details | Url | 1 | http://www.antiy.com/response/analysis_report_on_sample_set_of_bash_shellshock.html |
|
| Details | Url | 1 | https://blog.comae.io/wannacry-links-to-lazarus-group-dcea72c99d2d |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/us-charges-three-men-with-creating-and-running-first-ever-mirai-botnet |