A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information
Tags
| country: | China |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Models Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | ca4bf7e8-16c4-40a8-a530-b7891b88875c |
| Fingerprint | fe9858cf0f250385 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 5, 2022, midnight |
| Added to db | Aug. 31, 2024, 1:10 a.m. |
| Last updated | Nov. 13, 2024, 8:34 a.m. |
| Headline | A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information |
| Title | A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information |
| Detected Hints/Tags/Attributes | 60/3/55 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 42 | ✔ | 360 Netlab Blog - Network Security Research Lab at 360 | https://blog.netlab.360.com/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | orcharddns.duckdns.org |
|
| Details | Domain | 2 | orchardmaster.duckdns.org |
|
| Details | Domain | 3 | ojena.duckdns.org |
|
| Details | Domain | 29 | duckdns.org |
|
| Details | Domain | 17 | datetime.datetime.now |
|
| Details | Domain | 2 | 91ac64d2.com |
|
| Details | Domain | 2 | 91ac64d2.net |
|
| Details | Domain | 2 | 91ac64d2.org |
|
| Details | Domain | 2 | 91ac64d2.duckdns.org |
|
| Details | Domain | 2 | 9f78281a.com |
|
| Details | Domain | 2 | 9f78281a.net |
|
| Details | Domain | 2 | 9f78281a.org |
|
| Details | Domain | 2 | 9f78281a.duckdns.org |
|
| Details | Domain | 2 | d802f446.com |
|
| Details | Domain | 2 | d802f446.net |
|
| Details | Domain | 2 | d802f446.org |
|
| Details | Domain | 2 | d802f446.duckdns.org |
|
| Details | Domain | 2 | 48b2137f.com |
|
| Details | Domain | 2 | 48b2137f.net |
|
| Details | Domain | 2 | 48b2137f.org |
|
| Details | Domain | 2 | 48b2137f.duckdns.org |
|
| Details | Domain | 1 | 05orchardmaster.duckdns.org |
|
| Details | Domain | 2 | 2022-08-02ojena.duckdns.org |
|
| Details | Domain | 132 | blockchain.info |
|
| Details | Domain | 2 | vgzero.duckdns.org |
|
| Details | Domain | 67 | 360.cn |
|
| Details | Domain | 2 | victorynicholas.duckdns.org |
|
| Details | Domain | 2 | zamarin1.duckdns.org |
|
| Details | File | 2 | stage-3_.exe |
|
| Details | File | 36 | datetime.dat |
|
| Details | File | 50 | hashlib.md5 |
|
| Details | File | 1 | byte_0x46+totallen+infolen+info.json |
|
| Details | File | 2 | byte0x46+totallen+respdatalen+respdata.json |
|
| Details | File | 133 | blockchain.inf |
|
| Details | md5 | 2 | 5c883ff8539b8d04be017a51a84e3af8 |
|
| Details | md5 | 2 | 91ac64d29f78281ad802f44648b2137f |
|
| Details | md5 | 2 | f3e0b960a48b433bc4bfe6ac44183b74 |
|
| Details | md5 | 2 | cb442cbff066dfef2e3ff0c56610148f |
|
| Details | md5 | 2 | f3c06399c68c5fdf80bb2853f8f2934b |
|
| Details | md5 | 2 | 9cbe4bd27eba8c70b6eddaeb6707659b |
|
| Details | md5 | 2 | 10D42F5465D5D8808B43619D8266BD99 |
|
| Details | md5 | 2 | 19159280736dbe6c11b7d6a57f6bb7b9 |
|
| Details | md5 | 2 | b5a6f78d5575a60316f4e784371d4f8c |
|
| Details | md5 | 2 | 3c20ba851edecd28c198691321429883 |
|
| Details | md5 | 2 | 2b244a39571ab27f7bb4174d460adeef |
|
| Details | md5 | 2 | ae1e9b3621ee041be6ab5e12bff37c53 |
|
| Details | md5 | 2 | 00b1620f89b7980b34d53737d9e42fd3 |
|
| Details | md5 | 2 | 4d2445a43591d041cabbbf3dfca6dfbd |
|
| Details | IPv4 | 2 | 45.61.185.36 |
|
| Details | IPv4 | 2 | 45.61.186.52 |
|
| Details | IPv4 | 2 | 45.61.187.240 |
|
| Details | IPv4 | 2 | 205.185.124.143 |
|
| Details | IPv4 | 2 | 45.61.185.231 |
|
| Details | IPv4 | 2 | 45.61.187.7 |
|
| Details | Url | 3 | https://blockchain.info/balance?active=1a1zp1ep5qgefi2dmptftl5slmv7divfna |