Threat hunting in large datasets by clustering security events
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f0a67898-e83d-403e-98e9-79383ba346e2 |
| Fingerprint | 233d02157121c794 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 4, 2021, 2:22 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Vulnerability Information |
| Title | Threat hunting in large datasets by clustering security events |
| Detected Hints/Tags/Attributes | 78/3/24 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | pyspark.ml |
|
| Details | Domain | 17 | request.zip |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 128 | w3wp.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 1 | c:\programdata\microsoft\conhost.exe |
|
| Details | File | 1209 | powershell.exe |
|
| Details | File | 17 | request.zip |
|
| Details | File | 6 | 21.doc |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 10 | regsrv32.exe |
|
| Details | File | 2 | devdivex.jpg |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | sha256 | 2 | 81a6de094b78f7d2c21eb91cd0b04f2bed53c980d8999bf889b9a268e9ee364c |
|
| Details | sha256 | 1 | c96ee44c63d568c3af611c4ee84916d2016096a6079e57f1da84d2fdd7e6a8a3 |
|
| Details | sha256 | 1 | f7041ccec71a89061286d88cb6bde58c851d4ce73fe6529b6893589425cd85da |
|
| Details | IPv4 | 3 | 122.10.82.109 |
|
| Details | IPv4 | 1 | 185.53.46.33 |
|
| Details | IPv4 | 1 | 167.172.37.20 |
|
| Details | IPv4 | 1 | 103.140.207.110 |
|
| Details | IPv4 | 1 | 103.56.207.230 |
|
| Details | IPv4 | 1 | 45.239.232.200 |
|
| Details | Url | 1 | https://122.10.82.109:8080/connect |