reversing a botnet 2 – electric boogaloo – Joe's Security Blog
Tags
| country: | Laos |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | e022d2c5-881a-4430-9b83-3af92324d931 |
| Fingerprint | 22711331ae0707f0 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 13, 2013, 10:51 a.m. |
| Added to db | Jan. 18, 2023, 11:19 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Joe's Security Blog |
| Title | reversing a botnet 2 – electric boogaloo – Joe's Security Blog |
| Detected Hints/Tags/Attributes | 49/3/55 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 7 | random.next |
|
| Details | Domain | 29 | intptr.zero |
|
| Details | Domain | 3 | www.gironsec.com |
|
| Details | File | 3 | resources.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 5 | environment.sys |
|
| Details | File | 26 | cvtres.exe |
|
| Details | File | 1 | 'cvtres.exe |
|
| Details | File | 1 | newbotnet6.png |
|
| Details | File | 1 | newbotnet6-300x168.png |
|
| Details | File | 1 | newbotnet6-1024x576.png |
|
| Details | File | 1 | newbotnet7.png |
|
| Details | File | 1 | newbotnet7-300x164.png |
|
| Details | File | 1 | newbotnet7-1024x561.png |
|
| Details | File | 1 | 1329023952948.jpg |
|
| Details | File | 1 | 1329023952948-300x197.jpg |
|
| Details | File | 1 | newbotnet8.png |
|
| Details | File | 1 | newbotnet8-263x300.png |
|
| Details | File | 1 | newbotnet9.png |
|
| Details | File | 1 | newbotnet9-300x168.png |
|
| Details | File | 1 | newbotnet9-1024x576.png |
|
| Details | File | 1 | newbotnet10.png |
|
| Details | File | 1 | newbotnet10-300x168.png |
|
| Details | File | 1 | newbotnet10-1024x576.png |
|
| Details | File | 1 | pain.7z |
|
| Details | IPv4 | 1 | 37.235.49.168 |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet6.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet6-300x168.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet6-300x168.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet6-1024x576.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet6.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet7.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet7-300x164.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet7-300x164.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet7-1024x561.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet7.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/1329023952948.jpg |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/1329023952948.jpg |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/1329023952948-300x197.jpg |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet8.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet8.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet8-263x300.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet9.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet9-300x168.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet9-300x168.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet9-1024x576.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet9.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet10.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet10-300x168.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet10-300x168.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet10-1024x576.png |
|
| Details | Url | 1 | https://www.gironsec.com/blog/wp-content/uploads/2013/04/newbotnet10.png |
|
| Details | Url | 1 | http://www.gironsec.com/blog/wp-content/uploads/2013/04/pain.7z |