botnet hiding under valid dns
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID d3c14646-2b32-4d25-a1c2-89ab28c49748
Fingerprint 85409f2b89fec74b
Analysis status DONE
Considered CTI value 0
Text language
Published May 28, 2023, 5:31 a.m.
Added to db May 30, 2023, 8:23 p.m.
Last updated Sept. 1, 2024, 11:42 p.m.
Headline botnet hiding under valid dns
Title botnet hiding under valid dns
Detected Hints/Tags/Attributes 22/2/7
Source URLs
Redirection Url
Details Source https://medium.com/@cybercure/botnet-hiding-under-valid-dns-24a99bde812d?source=rss------cybersecurity-5
Details Source https://medium.com/@cybercure/botnet-hiding-under-valid-dns-24a99bde812d?source=rss------malware-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
limalima.mywire.org
Details Domain 1 
phantom.sh
Details md5 1 
e7c786181db4cb858ef8fcf946afeb43
Details IPv4 1 
15.235.33.231
Details Url 1 
http://15.235.33.231/phantom.sh
Details Url 1 
http://limalima.mywire.org/bins
Details Url 1 
http://limalima.mywire.org/bins/phantom.