Automating APT Scanning with Loki Scanner and Splunk
Tags
Common Information
| Type | Value |
|---|---|
| UUID | cb99660c-152c-4119-b59a-a037a81a18bf |
| Fingerprint | 2fc899340785a7ce |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 16, 2017, midnight |
| Added to db | Jan. 19, 2023, 12:14 a.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | red|blue |
| Title | Automating APT Scanning with Loki Scanner and Splunk |
| Detected Hints/Tags/Attributes | 67/2/35 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://www.redblue.team/2017/04/automating-apt-scanning-with-loki.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 202 | krebsonsecurity.com |
|
| Details | Domain | 1 | get-otx-iocs.py |
|
| Details | Domain | 1 | get-misp-iocs.py |
|
| Details | Domain | 23 | www.arbornetworks.com |
|
| Details | Domain | 80 | goo.gl |
|
| Details | Domain | 4 | jpic.gov.sy |
|
| Details | File | 3 | loki.exe |
|
| Details | File | 1 | get-otx-iocs.py |
|
| Details | File | 1 | get-misp-iocs.py |
|
| Details | File | 1 | excludes.cfg |
|
| Details | File | 1 | loki.bat |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 5 | test.log |
|
| Details | File | 1 | test.gz |
|
| Details | File | 1 | updateintel.bat |
|
| Details | File | 2 | loki.log |
|
| Details | File | 1 | c:\program files\splunkuniversalforwarder\var\log\splunk\loki.log |
|
| Details | File | 1 | googlecrashreport.dll |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1 | perfaudio.dat |
|
| Details | md5 | 1 | 64a23908ade4bbf2a7c4aa31be3cff24 |
|
| Details | md5 | 1 | 99bb9f6343fc69159a6e03e1ef8c6428 |
|
| Details | md5 | 1 | b7bec1fe35e86afc5b00f2b72f684406 |
|
| Details | sha1 | 2 | 4d5a90000300000004000000ffff0000b8000000 |
|
| Details | sha1 | 1 | 2f87c2ce9ae1b741ac5477e9f8b786716b94afc5 |
|
| Details | sha1 | 1 | 32303137303431375430313a33333a33365a2c57 |
|
| Details | sha1 | 1 | 58bf43a5c0ec496e62f2217cfa789df35d1ea953 |
|
| Details | sha1 | 1 | 526172211a0700cf907300000d00000000000000 |
|
| Details | sha1 | 1 | c875243df43d7a0baababf7488df884acffae2f9 |
|
| Details | sha256 | 1 | a4a810eebd2fae1d088ee62af725e39717ead68140c4c5104605465319203d5e |
|
| Details | sha256 | 1 | 4e1feaa3b24529737fa5accda9beaa841fb259ed5474087aa1017f8427544c04 |
|
| Details | sha256 | 3 | 9acba7e5f972cdd722541a23ff314ea81ac35d5c0c758eb708fb6e2cc4f598a0 |
|
| Details | sha256 | 1 | f1209bbd5163a03c4543607a1ce2c69548fa6bddc977670fad845fc42216c69f |
|
| Details | Url | 1 | https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil |
|
| Details | Url | 1 | http://goo.gl/vrjnlo |