ioc[.]one - OSINT Cyber Threat Intelligence Database

Necurs Delivers

Tags

country:	Australia Denmark Finland France Norway Sweden
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Models Botnet - T1583.005 Botnet - T1584.005 Domain Generation Algorithms - T1637.001 Domain Generation Algorithms - T1568.002 Domain Generation Algorithms - T1520 Domain Generation Algorithms - T1483 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Non-Standard Port - T1509 Non-Standard Port - T1571 Server - T1583.004 Server - T1584.004 Rootkit - T1014 Denial Of Service Rootkit

Show in Graph

Common Information

Type	Value
UUID	caa3b8b2-839b-494f-88fb-174c538b0d45
Fingerprint	ad158cd9203aaeed
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 13, 2017, 3:19 p.m.
Added to db	Jan. 18, 2023, 9:23 p.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	NetWitness Community
Title	Necurs Delivers
Detected Hints/Tags/Attributes	100/3/70

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2017/07/13/necurs-delivers

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	www.whatsthisfile.net
Details	Domain	19	www.hybrid-analysis.com
Details	Domain	251	www.bleepingcomputer.com
Details	Domain	10	dmarc.org
Details	Domain	1	ciiltire.com
Details	Domain	97	virustotal.com
Details	Domain	3	surbl.org
Details	Domain	1	sportsandsocialchange.org
Details	Domain	1	0hbtyhgrocke67tfgc4uybfbnfmd.org
Details	Domain	1	0hbtyhgrockzonnit.com
Details	Domain	1	yourworshipspace.com
Details	Domain	1	rhvpwqledatdxerrx.info
Details	Domain	1	sonuh5glplozcs2m.tor2web.org
Details	Domain	88	securityintelligence.com
Details	Domain	78	securityaffairs.co
Details	Domain	28	www.cert.pl
Details	Domain	14	www.flashpoint-intel.com
Details	Domain	16	support.kaspersky.com
Details	Domain	261	blog.talosintelligence.com
Details	File	1	rhvpwqledatdxerrx.inf
Details	File	1	necurs-botnet-ddos.html
Details	File	141	www.cer
Details	File	38	t.pl
Details	File	1	locky-returns-necurs.html
Details	File	1	necurs-diversifies.html
Details	sha256	1	644ab8d77313f99c5103940b53768ac25e515d67478f05b517f12f50e087805b
Details	sha256	1	42d15597c83ee42ec736b80cbb9c667d5538a4b14faa1bff2e4db981ab980097
Details	sha256	1	3d9728ec88afe74e3ad5bee49c5c64a771f6d39b5f4b16fab280175b989d79a6
Details	sha256	1	2078e056553199dd6cb108fb3944e2b13009acabf76b52ed3ec36a429562df70
Details	sha256	1	41bce3e382cee06aa65fbee15fd38f7187fb090d5da78d868f57c84197689287
Details	sha256	2	0746594fc3e49975d3d94bac8e80c0cdaa96d90ede3b271e6f372f55b20bac2f
Details	sha256	1	824901dd0b1660f00c3406cb888118c8a10f66e3258b5020f7ea289434618b13
Details	sha256	1	ecc1cbdb2dd3b58ffb8a260dab2bcde93970ff63a4383a84e3f9d3dc15a1b4c7
Details	sha256	2	79d96a62622e4efb01fda23cf81b759e0059ad3cd3083acff7fb4174b0b3d40c
Details	sha256	1	5e363a42d019fc6535850a2867548f5b968d68952e1cddd49240d1f426debb73
Details	sha256	1	2d967601187354d2b1f47bdbb5f6bc17472c9f3dcb202bef34528e908ab22eb4
Details	sha256	1	2a40da48c9dc3e20bc6e30c986306ceccbc2d8be55b355b7a73d95c1a54319a4
Details	sha256	1	f6c4e41e637a164f0f1fb8ef0dffe5639716c9c908d64cb3e87c675b28afd08c
Details	sha256	1	e325dcb905b3adaaf5e33ef15a0c488f948dd90eb8577714c97482a3b7ad74bb
Details	IPv4	1	1.21.2.1
Details	IPv4	3	203.150.19.63
Details	IPv4	1	192.185.129.5
Details	IPv4	1	51.254.240.48
Details	IPv4	1	185.82.216.55
Details	IPv4	1	91.219.29.41
Details	IPv4	1	217.12.223.83
Details	IPv4	1	64.124.69.50
Details	IPv4	1	162.88.60.13
Details	IPv4	1	162.88.60.15
Details	IPv4	1	162.88.60.17
Details	IPv4	1	162.88.61.15
Details	IPv4	1	162.88.61.17
Details	IPv4	1	162.88.61.19
Details	IPv4	1	205.251.192.237
Details	IPv4	1	205.251.195.34
Details	IPv4	1	205.251.197.193
Details	IPv4	1	205.251.199.135
Details	IPv4	1	208.109.255.18
Details	IPv4	1	216.69.185.18
Details	IPv4	49	239.255.255.250
Details	Threat Actor Identifier - APT	297	APT27
Details	Url	18	https://www.bleepingcomputer.com
Details	Url	1	https://dmarc.org/.
Details	Url	2	https://securityintelligence.com/the-necurs-botnet-a-pandoras-box-of-malicious-spam
Details	Url	1	http://securityaffairs.co/wordpress/56725/malware/necurs-botnet-ddos.html
Details	Url	3	https://www.cert.pl/en/news/single/necurs-hybrid-spam-botnet
Details	Url	1	https://www.flashpoint-intel.com/blog/necurs-botnet-jaff-ransomware
Details	Url	1	https://support.kaspersky.com/viruses/disinfection/10556#block2
Details	Url	1	http://blog.talosintelligence.com/2017/04/locky-returns-necurs.html
Details	Url	1	http://blog.talosintelligence.com/2017/03/necurs-diversifies.html