UNKNOWN
Tags
attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Exploits - T1587.004 Exploits - T1588.005 Server - T1583.004 Server - T1584.004 Trap - T1546.005 Connection Proxy - T1090 Trap - T1154 |
Common Information
Type | Value |
---|---|
UUID | cf2fc17f-17ae-4ce7-9cd0-023eaa500500 |
Fingerprint | 75188672f9f010c1 |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | None |
Added to db | Dec. 20, 2024, 9:20 a.m. |
Last updated | Dec. 21, 2024, 4:25 a.m. |
Headline | UNKNOWN |
Title | UNKNOWN |
Detected Hints/Tags/Attributes | 20/1/62 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/24137 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1 | exec.elrooted.com |
|
Details | Domain | 1 | conn.elrooted.com |
|
Details | Domain | 1 | proxy.2u0apcm6ylhdy7s.com |
|
Details | Domain | 1 | abcdefg.elrooted.com |
|
Details | Domain | 1 | park.elrooted.com |
|
Details | Domain | 1 | frsaxhta.elrooted.com |
|
Details | Domain | 1 | cccc.elrooted.com |
|
Details | Domain | 1 | gfedcba.elrooted.com |
|
Details | Domain | 1 | hello.elrooted.com |
|
Details | Domain | 1 | hxarasxg.hxarasxg.xyz |
|
Details | Domain | 1 | cest4.elrooted.com |
|
Details | Domain | 1 | da.elrooted.com |
|
Details | Domain | 2 | vbrxmrhrjnnouvjf.onion |
|
Details | Domain | 1 | w6gr2jqz3eag4ksi.onion |
|
Details | Domain | 1 | report.infidel.ml |
|
Details | Domain | 42 | blog.netlab.360.com |
|
Details | Domain | 142 | www.exploit-db.com |
|
Details | Domain | 17 | habr.com |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 1 | 僵尸网络曾使用cbc.vb |
|
Details | File | 1 | report.inf |
|
Details | sha256 | 1 | 1a64cd13d9c71542ce60183356a615505f10ddc192eded5fce0f0075f3ad7648 |
|
Details | sha256 | 1 | ca3889994301f28baa791f4ef1aa473b0bc6e975cda703195787872795171869 |
|
Details | sha256 | 1 | e9a7aab3ab25c0a091d98d3ae4a313fba3b3bd0588bfe8e3624ec016bc11f02e |
|
Details | sha256 | 1 | 2516bdc3ae3818e30e1145f75811937e29ce10f94722c6da1ea7c28f4c0bc3dc |
|
Details | sha256 | 1 | a6e18135a2afcd96957bff63388501465f5a1203b2d22ee0f1074661e286d9e3 |
|
Details | sha256 | 1 | 59b1ca2d47af1d5b60b84c3a9d6a64a09b7340864b9e90247466d7f91ed53b84 |
|
Details | sha256 | 1 | d5d5488ae9c80558cc4634ce6d51837d82347fd48d1a665e606dcfbfdf638b7b |
|
Details | sha256 | 1 | a67f79c7ae6b1177309cb328d3ec93ec91960edf457a4f5a74120baaf80139ee |
|
Details | sha256 | 1 | 04114bd136941811e355df28e9b2eeaa941a04b61b185fd214a4c54daa171e1c |
|
Details | sha256 | 1 | 80f1973b82cbea485f27eb8c44983c565701fdc4e6d3e994ed57bf57a66b9c81 |
|
Details | sha256 | 1 | f91427e74a84c34d329116443fa1c89c63dab57e01129345a9f9ed364533dd49 |
|
Details | sha256 | 1 | 4ed3c601022b4d8c1478521241b847dcacecd837bc75547f3a378ee9d5b9e15f |
|
Details | sha256 | 1 | b41de82ea89e2ceedda5b4a856c273c4ce06429d876ee4a05ee9a2423741461f |
|
Details | sha256 | 1 | 84efc5ce8a0729b1248b5f7a43ddf371f517ac0a0eea0a5b0674ce195be61b8e |
|
Details | sha256 | 1 | ca8095af62b836f3ddd12007bc8cb67cdd39266c3d40179691f9ee1ca94e9428 |
|
Details | sha256 | 1 | 1c5349696c04dfa8e0f458ad1d9aa360f4768b21d3dd83fb98d935691b1b2a88 |
|
Details | IPv4 | 1 | 185.172.110.0 |
|
Details | IPv4 | 1 | 185.172.110.240 |
|
Details | IPv4 | 3 | 185.172.110.224 |
|
Details | IPv4 | 1 | 185.172.110.235 |
|
Details | IPv4 | 317 | 8.8.8.8 |
|
Details | IPv4 | 1 | 54.188.198.118 |
|
Details | IPv4 | 1 | 91.92.66.87 |
|
Details | IPv4 | 1 | 185.163.46.6 |
|
Details | IPv4 | 1 | 5.252.179.60 |
|
Details | IPv4 | 1 | 205.185.114.231 |
|
Details | IPv4 | 1 | 37.49.226.171 |
|
Details | Url | 1 | http://exec.elrooted.com/uc/i686)与mal_proxyc&c(cest4.elrooted.com |
|
Details | Url | 1 | http://exec.elrooted.com/ab/i686 |
|
Details | Url | 1 | http://conn.elrooted.com/li/arm |
|
Details | Url | 1 | http://91.92.66.87:80/420/adb/x86 |
|
Details | Url | 1 | http://185.163.46.6/a/x86_64 |
|
Details | Url | 1 | http://5.252.179.60/b/x86_64 |
|
Details | Url | 1 | http://185.172.110.224/ab/i586 |
|
Details | Url | 1 | http://proxy.2u0apcm6ylhdy7s.com/b/x86_64 |
|
Details | Url | 1 | http://proxy.2u0apcm6ylhdy7s.com/b/armv7l |
|
Details | Url | 1 | https://blog.radware.com/security/botnets/2020/05/whos-viktor-tracking-down-the-xtc-polaris-botnets |
|
Details | Url | 1 | https://blog.netlab.360.com/the-leethozer-botnet-en |
|
Details | Url | 1 | https://www.exploit-db.com/exploits/48225 |
|
Details | Url | 1 | https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day |
|
Details | Url | 1 | https://habr.com/en/post/486856 |