虫潮降临:Zergeca僵尸网络分析报告
Tags
| country: | China Netherlands Germany France Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | ec26947f-78b6-4402-ae5e-f0439a066b85 |
| Fingerprint | 16d0eb5dfa49c6d5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 19, 2024, midnight |
| Added to db | Aug. 31, 2024, 10:51 a.m. |
| Last updated | Nov. 17, 2024, 5:55 p.m. |
| Headline | 虫潮降临:Zergeca僵尸网络分析报告 |
| Title | 虫潮降临:Zergeca僵尸网络分析报告 |
| Detected Hints/Tags/Attributes | 43/3/60 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 420 | ✔ | 奇安信 X 实验室 | https://blog.xlab.qianxin.com/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS202685 |
|
| Details | CVE | 4 | cve-2022-35733 |
|
| Details | CVE | 45 | cve-2018-10562 |
|
| Details | CVE | 43 | cve-2018-10561 |
|
| Details | CVE | 72 | cve-2017-17215 |
|
| Details | CVE | 19 | cve-2016-20016 |
|
| Details | Domain | 2 | ootheca.pw |
|
| Details | Domain | 2 | ootheca.top |
|
| Details | Domain | 2 | bot.hamsterrace.space |
|
| Details | Domain | 2 | fantazy.sh |
|
| Details | Domain | 15 | network.target |
|
| Details | Domain | 2 | geomi.pid |
|
| Details | Domain | 41 | multi-user.target |
|
| Details | Domain | 10 | solr.sh |
|
| Details | Domain | 3 | crypto-pool.fr |
|
| Details | Domain | 6 | f2pool.com |
|
| Details | Domain | 6 | xmrpool.eu |
|
| Details | Domain | 19 | cloudflare-dns.com |
|
| Details | Domain | 24 | dns.google |
|
| Details | File | 14 | network.tar |
|
| Details | File | 37 | multi-user.tar |
|
| Details | md5 | 3 | 23ca4ab1518ff76f5037ea12f367a469 |
|
| Details | md5 | 3 | 9d96646d4fa35b6f7c19a3b5d3846777 |
|
| Details | md5 | 3 | d78d1c57fb6e818eb1b52417e262ce59 |
|
| Details | md5 | 3 | 604397198f291fa5eb2c363f7c93c9bf |
|
| Details | md5 | 3 | 60f23acebf0ddb51a3176d0750055cf8 |
|
| Details | md5 | 3 | 596a96cc7bf9108cd896f33c44aedc8a |
|
| Details | md5 | 2 | db0fa4b8db0333367e9bda3ab68b8042 |
|
| Details | md5 | 3 | b19642a3c672d4f20cbdb5b1569bf98f |
|
| Details | md5 | 3 | f68139904e127b95249ffd40dfeedd21 |
|
| Details | md5 | 3 | d7b5d45628aa22726fd09d452a9e5717 |
|
| Details | md5 | 3 | 6ac8958d3f542274596bd5206ae8fa96 |
|
| Details | md5 | 3 | 980cad4be8bf20fea5c34c5195013200 |
|
| Details | IPv4 | 3 | 84.54.51.82 |
|
| Details | IPv4 | 3 | 145.239.108.150 |
|
| Details | IPv4 | 3 | 31.6.16.33 |
|
| Details | Url | 2 | http://84.54.51.82/jaws |
|
| Details | Url | 2 | http://84.54.51.82/bin |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86 |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4 |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686 |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7 |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6 |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5 |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm |
|
| Details | Url | 2 | http://84.54.51.82/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc |
|
| Details | Url | 2 | http://145.239.108.150/fantazy.sh |
|
| Details | Url | 2 | http://145.239.108.150/fantazy/fantazy.arm5 |
|
| Details | Url | 2 | http://145.239.108.150/fantazy/fantazy.arm6 |
|
| Details | Url | 2 | http://145.239.108.150/fantazy/fantazy.mpsl |
|
| Details | Url | 2 | http://145.239.108.150/fantazy/fantazy.sh4 |
|
| Details | Url | 2 | http://145.239.108.150/please-subscribe-to-my-yt-channel-vegasec/1isequal9.x86 |
|
| Details | Url | 2 | http://145.239.108.150/cache |
|
| Details | Url | 3 | https://cloudflare-dns.com/dns-query |
|
| Details | Url | 2 | https://dns.google/resolve |