ioc[.]one - OSINT Cyber Threat Intelligence Database

Characterizing Anomalies in Malware-Generated HTTP Traffic

Tags

country:	Poland
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Datasets Direct Model Models Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Network Devices - T1584.008 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Denial Of Service

Show in Graph

Common Information

Type	Value
UUID	de740515-140c-4443-b755-ea527a02488e
Fingerprint	b434d93d4d3b02c1
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 1, 2020, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Security and Communication Networks
Title	Characterizing Anomalies in Malware-Generated HTTP Traffic
Detected Hints/Tags/Attributes	122/3/45

Source URLs

	Redirection	Url
Details	Source	https://www.hindawi.com/journals/scn/2020/8848863/

URL Provider

Details	Provider	Source level domain
Details	hindawi.com	www.hindawi.com

Attributes

Details	Type	#Events	Value
Details	Domain	4127	github.com
Details	Domain	6	cuckoosandbox.org
Details	Domain	21	www.iana.org
Details	Domain	52	www.wireshark.org
Details	Domain	370	www.proofpoint.com
Details	Domain	115	www.snort.org
Details	Domain	4	scapy.net
Details	Domain	1	www.fourmilab.ch
Details	Domain	4	www.stratosphereips.org
Details	Domain	15	www.shadowserver.org
Details	Domain	97	abuse.ch
Details	Domain	2	www.seleniumhq.org
Details	Domain	73	s3.amazonaws.com
Details	Domain	3	top-1m.csv.zip
Details	Domain	1	unid.go.com
Details	Domain	11	lcamtuf.coredump.cx
Details	Domain	1	v2o5g0ie5itemp.zip
Details	Domain	1	sqm.microsoft.com
Details	Domain	40	gchq.github.io
Details	File	2	tshark.html
Details	File	4	top-1m.csv
Details	File	10	lcamtuf.core
Details	File	1	v2o5g0ie5itemp.zip
Details	File	1	sqmserver.dll
Details	Github username	1	crazy-max
Details	Github username	8	salesforce
Details	IPv4	2	5.141.22.43
Details	Url	1	https://github.com/crazy-max/windowsspyblocker
Details	Url	6	https://cuckoosandbox.org
Details	Url	1	https://www.iana.org/assignments/message-headers/message-headers.xhtml
Details	Url	1	https://www.wireshark.org/docs/man-pages/tshark.html
Details	Url	1	https://www.proofpoint.com/us/threat-insight/et-pro-ruleset
Details	Url	1	https://www.snort.org/downloads/#rule
Details	Url	4	https://scapy.net
Details	Url	1	http://www.fourmilab.ch/random
Details	Url	1	https://www.stratosphereips.org/datasets-malware
Details	Url	2	https://www.shadowserver.org
Details	Url	1	https://abuse.ch
Details	Url	1	https://www.seleniumhq.org
Details	Url	3	http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Details	Url	1	http://lcamtuf.coredump.cx/p0f3
Details	Url	1	http://sqm.microsoft.com/sqm/vstudio/sqmserver.dll
Details	Url	1	https://gchq.github.io/cyberchef/#recipe=entropy
Details	Url	3	https://github.com/salesforce/ja3
Details	Url	1	https://www.stratosphereips.org/datasets-malware.