起底Frosted DDoS攻击团伙
Tags
attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 |
Common Information
Type | Value |
---|---|
UUID | e2c8ed5c-d723-434d-9e66-1382bbcbda60 |
Fingerprint | 38801e50165f19ec |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Jan. 13, 2020, midnight |
Added to db | June 20, 2023, 12:31 p.m. |
Last updated | Dec. 21, 2024, 12:45 a.m. |
Headline | 起底Frosted DDoS攻击团伙 |
Title | 起底Frosted DDoS攻击团伙 |
Detected Hints/Tags/Attributes | 32/1/30 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 84 | cve-2017-17215 |
|
Details | CVE | 48 | cve-2021-22205 |
|
Details | CVE | 85 | cve-2014-8361 |
|
Details | Domain | 1 | nomiddleman.ddns.net |
|
Details | Domain | 36 | schemas.xmlsoap.org |
|
Details | Domain | 1 | real.sh |
|
Details | File | 36 | schemas.xml |
|
Details | File | 7 | picsdesc.xml |
|
Details | md5 | 4 | 88645cefb1f9ede0e336e3569d75ee30 |
|
Details | md5 | 4 | 3612f843a42db38f48f59d2a3597e19c |
|
Details | md5 | 1 | 1F972A1CE378A6BD1320523D9A7E5707 |
|
Details | md5 | 1 | 6714908C334E2A324AAC93E9886F9660 |
|
Details | md5 | 1 | 742D719FA396FA41442BB8B6285FCD64 |
|
Details | md5 | 1 | 47024197FAF8C15A5C606A65D2205104 |
|
Details | IPv4 | 1 | 37.44.238.182 |
|
Details | IPv4 | 1 | 37.44.238.191 |
|
Details | IPv4 | 1 | 193.35.18.220 |
|
Details | IPv4 | 1 | 5.252.177.118 |
|
Details | IPv4 | 1 | 178.63.167.41 |
|
Details | Url | 1 | http://nomiddleman.ddns.net/nips |
|
Details | Url | 1 | http://nomiddleman.ddns.net/bob |
|
Details | Url | 1 | http://nomiddleman.ddns.net/forearm4 |
|
Details | Url | 28 | http://schemas.xmlsoap.org/soap/envelope |
|
Details | Url | 11 | http://schemas.xmlsoap.org/soap/encoding |
|
Details | Url | 1 | http://37.44.238.182/gpon |
|
Details | Url | 1 | http://37.44.238.182/real.sh |
|
Details | Url | 1 | http://37.44.238.182/bins/kirin.x86 |
|
Details | Url | 1 | http://37.44.238.191/roof |
|
Details | Yara rule | 1 | rule Mirai_Fro { meta: author = "WPeace" strings: $elf = "\x7FELF" $onlinePack = "Device Connected" $commandStr_0 = "NOOOOOOOOOOOOOOOOOOOO" $commandStr_1 = "KPAC" $commandStr_2 = "DAVE" $commandStr_3 = "NFODROP" $commandStr_4 = "STOP" condition: all of them } |
|
Details | Yara rule | 1 | rule Gafgyt_Fro { meta: author = "WPeace" strings: $elf = "\x7FELF" $authorStr = "FrostedFlakes666" $onlinePack = "Kansen shita" $commandStr_0 = "CMD" $commandStr_1 = "CREG" $commandStr_2 = "KPAC" $commandStr_3 = "GETPUBLICIP" condition: all of them } |