SolarWinds/SunBurst FNV-1a-XOR hash founds analysis
Tags
country: | Ireland |
attack-pattern: | Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Connection Proxy - T1090 |
Common Information
Type | Value |
---|---|
UUID | cce8dd39-2065-44ba-837a-6ff64c2bf90b |
Fingerprint | f0d1c1e0717421ef |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Sept. 13, 2022, midnight |
Added to db | Sept. 26, 2022, 9:31 a.m. |
Last updated | Nov. 17, 2024, 7:44 p.m. |
Headline | UNKNOWN |
Title | SolarWinds/SunBurst FNV-1a-XOR hash founds analysis |
Detected Hints/Tags/Attributes | 25/2/49 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 41 | developer.mozilla.org |
|
Details | Domain | 3 | www.rohitab.com |
|
Details | Domain | 1 | binary.ninja |
|
Details | Domain | 3 | www.blackbagtech.com |
|
Details | Domain | 2 | ntcore.com |
|
Details | Domain | 2 | cutter.re |
|
Details | Domain | 4 | www.absolute.com |
|
Details | Domain | 4127 | github.com |
|
Details | Domain | 9 | www.jetbrains.com |
|
Details | Domain | 3 | belkasoft.com |
|
Details | Domain | 184 | www.fireeye.com |
|
Details | Domain | 4 | www.telerik.com |
|
Details | Domain | 103 | www.mcafee.com |
|
Details | File | 5 | atrsdfw.sys |
|
Details | File | 5 | brcow_x_x_x_x.sys |
|
Details | File | 5 | brfilter.sys |
|
Details | File | 5 | crexecprev.sys |
|
Details | File | 5 | cve.sys |
|
Details | File | 5 | cybkerneltracker.sys |
|
Details | File | 5 | dgdmk.sys |
|
Details | File | 5 | eaw.sys |
|
Details | File | 1 | fakenet-ng.html |
|
Details | File | 1 | fileinsight.html |
|
Details | Github username | 2 | de4dot |
|
Details | Github username | 4 | dnspy |
|
Details | Github username | 1 | jindrapetrik |
|
Details | Github username | 21 | fireeye |
|
Details | Url | 1 | https://developer.mozilla.org/en-us/docs/web/http/status/100">https://developer.mozilla.org/en-us/docs/web/http/status/100 |
|
Details | Url | 1 | https://developer.mozilla.org/en-us/docs/web/http/status/100 |
|
Details | Url | 1 | https://developer.mozilla.org/en-us/docs/web/http/headers/accept |
|
Details | Url | 2 | http://www.rohitab.com/apimonitor |
|
Details | Url | 1 | https://binary.ninja |
|
Details | Url | 1 | https://www.blackbagtech.com/products/blacklight |
|
Details | Url | 2 | https://ntcore.com/?page_id=388 |
|
Details | Url | 2 | https://developer.mozilla.org/en-us/docs/web/http/headers/connection |
|
Details | Url | 1 | https://developer.mozilla.org/en-us/docs/web/http/headers/content-type |
|
Details | Url | 1 | https://cutter.re |
|
Details | Url | 1 | https://www.absolute.com/platform/editions |
|
Details | Url | 1 | https://developer.mozilla.org/en-us/docs/web/http/headers/date |
|
Details | Url | 1 | https://github.com/de4dot/de4dot |
|
Details | Url | 3 | https://github.com/dnspy/dnspy |
|
Details | Url | 4 | https://www.jetbrains.com/decompiler |
|
Details | Url | 1 | https://belkasoft.com/x |
|
Details | Url | 1 | https://developer.mozilla.org/en-us/docs/web/http/headers/expect |
|
Details | Url | 1 | https://www.fireeye.com/services/freeware/fakenet-ng.html |
|
Details | Url | 1 | https://github.com/jindrapetrik/jpexs-decompiler |
|
Details | Url | 2 | https://www.telerik.com/fiddler |
|
Details | Url | 1 | https://www.mcafee.com/enterprise/en-us/downloads/free-tools/fileinsight.html |
|
Details | Url | 2 | https://github.com/fireeye/flare-floss |