ioc[.]one - OSINT Cyber Threat Intelligence Database

No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection

Tags

country:

attack-pattern:

Data Indirect Models Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Tool - T1588.002 Whois - T1596.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	facc6703-c81c-444d-9011-d4cfb5f62f7f
Fingerprint	a51c09f126b8e7d0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 4, 2024, 9 p.m.
Added to db	Oct. 4, 2024, 11:58 p.m.
Last updated	Nov. 10, 2024, 1:43 p.m.
Headline	No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
Title	No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
Detected Hints/Tags/Attributes	88/2/149

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	256	✔	Unit 42	https://unit42.paloaltonetworks.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	helloworld.com
Details	Domain	3	foxxbank.com
Details	Domain	1	txt.1f0522f1e.3074aa20643.62c1b4ba.novel.foxxbank.com
Details	Domain	1	ns1.foxxbank.com
Details	Domain	1	ns2.foxxbank.com
Details	Domain	3	lifemedicalplus.net
Details	Domain	1	del.1214999ab.36f446b3e.4c820ef2.dns0.lifemedicalplus.net
Details	Domain	1	salad.liveritehealthcare.com
Details	Domain	3	codeaddon.net
Details	Domain	1	txt.1a74140ad.4f2fa129ed.1ab3dfba.dns11.codeaddon.net
Details	Domain	1	content.codeaddon.net
Details	Domain	1	gateway.codeaddon.net
Details	Domain	1	jobs.codeaddon.net
Details	Domain	3	healthproreview.com
Details	Domain	1	xds.db6bee2.thing.healthproreview.com
Details	Domain	1	pitch.healthproreview.com
Details	Domain	1	familiesandfinance.com
Details	Domain	1	del.17b48a6a3831f07076b2d81677d87ad5d93df75b7.142fb5314.250feff6.hunt.familiesandfinance.com
Details	Domain	1	chance.familiesandfinance.com
Details	Domain	1	pro.b4ed82f96.2c3e46fa.brain.soupandselfcare.com
Details	Domain	1	initiative.soupandselfcare.com
Details	Domain	3	pretorya.site
Details	Domain	3	zzczloh.site
Details	Domain	3	mouvobo.site
Details	Domain	3	mponiem.site
Details	Domain	3	linkwide.site
Details	Domain	3	dtodcart.site
Details	Domain	1	011807dd0303.lantzel.com
Details	Domain	1	rc2.a4h9uploading.com
Details	Domain	1	lantzel.com
Details	Domain	1	080317e70613.lantzel.com
Details	Domain	1	ns1.lantzel.com
Details	Domain	1	ns2.lantzel.com
Details	Domain	1	ns3.lantzel.com
Details	Domain	1	ns4.lantzel.com
Details	Domain	1	ns5.lantzel.com
Details	Domain	1	ns6.lantzel.com
Details	Domain	1	ns7.lantzel.com
Details	Domain	1	ns8.lantzel.com
Details	Domain	1	unbeatableprice.us
Details	Domain	1	029cd612cc2d9b9858aossoapcngb.unbeatableprice.us
Details	Domain	1	ns1.unbeatableprice.us
Details	Domain	1	ns2.unbeatableprice.us
Details	Domain	1	ns3.unbeatableprice.us
Details	Domain	1	ns4.unbeatableprice.us
Details	Domain	1	ns5.unbeatableprice.us
Details	Domain	1	ns6.unbeatableprice.us
Details	Domain	1	ns7.unbeatableprice.us
Details	Domain	1	ns8.unbeatableprice.us
Details	Domain	3	sosua.cz
Details	Domain	1	0545326b975e.1400world.sosua.cz
Details	Domain	1	ns1.sosua.cz
Details	Domain	1	ns2.sosua.cz
Details	Domain	1	ns3.sosua.cz
Details	Domain	1	ns4.sosua.cz
Details	Domain	1	ns5.sosua.cz
Details	Domain	1	ns6.sosua.cz
Details	Domain	1	ns7.sosua.cz
Details	Domain	1	ns8.sosua.cz
Details	Domain	3	ns2000wip.com
Details	Domain	1	fkdmw402.ns2000wip.com
Details	Domain	1	ns1.ns2000wip.com
Details	Domain	1	ns2.ns2000wip.com
Details	Domain	1	ns3.ns2000wip.com
Details	Domain	1	ns4.ns2000wip.com
Details	Domain	1	ns5.ns2000wip.com
Details	Domain	1	ns6.ns2000wip.com
Details	Domain	1	ns7.ns2000wip.com
Details	Domain	1	ns8.ns2000wip.com
Details	Domain	3	dreyzek.com
Details	Domain	1	srv881.dreyzek.com
Details	Domain	1	ns1.dreyzek.com
Details	Domain	1	ns2.dreyzek.com
Details	Domain	1	ns3.dreyzek.com
Details	Domain	1	ns4.dreyzek.com
Details	Domain	1	ns5.dreyzek.com
Details	Domain	1	ns6.dreyzek.com
Details	Domain	1	ns7.dreyzek.com
Details	Domain	1	ns8.dreyzek.com
Details	Domain	3	avtomaty-bcg.online
Details	Domain	1	001-zr6yarm4qwk4weuw.0zyywvutsrqp.avtomaty-bcg.online
Details	Domain	1	ns1.avtomaty-bcg.online
Details	Domain	1	ns2.avtomaty-bcg.online
Details	Domain	1	ns3.avtomaty-bcg.online
Details	Domain	1	ns4.avtomaty-bcg.online
Details	Domain	1	ns5.avtomaty-bcg.online
Details	Domain	1	ns6.avtomaty-bcg.online
Details	Domain	1	ns7.avtomaty-bcg.online
Details	Domain	1	ns8.avtomaty-bcg.online
Details	Domain	3	unlimitedpartnersfinder.com
Details	Domain	3	yummyflingsfinder.com
Details	Domain	1	ns500583.yummyflingsfinder.com
Details	Domain	1	ns500599.yummyflingsfinder.com
Details	Domain	1	ns500631.yummyflingsfinder.com
Details	Domain	3	piquantchicksfinder.com
Details	Domain	1	ns500583.piquantchicksfinder.com
Details	Domain	1	ns500599.piquantchicksfinder.com
Details	Domain	1	ns500631.piquantchicksfinder.com
Details	Domain	3	yummyloversfinder.com
Details	Domain	1	ns500505.yummyloversfinder.com
Details	Domain	1	ns500488.yummyloversfinder.com
Details	Domain	1	ns500458.yummyloversfinder.com
Details	Domain	1	ns500575.unlimitedpartnersfinder.com
Details	Domain	1	ns500618.unlimitedpartnersfinder.com
Details	Domain	1	ns500635.unlimitedpartnersfinder.com
Details	Domain	3	lustypartnersfinder.com
Details	Domain	1	ns500313.lustypartnersfinder.com
Details	Domain	1	ns500540.lustypartnersfinder.com
Details	Domain	1	ns500634.lustypartnersfinder.com
Details	Domain	3	juicyplaymatesfinder.com
Details	Domain	1	ns500291.juicyplaymatesfinder.com
Details	Domain	1	ns500585.juicyplaymatesfinder.com
Details	Domain	1	ns500643.juicyplaymatesfinder.com
Details	File	1	xds.db
Details	md5	1	5E43287B03114C04A64F68C0C23E44F4
Details	sha256	3	0b99db286f3708fedf7e2bb8f24df1af13811fe46b017b6c3e7e002852479430
Details	sha256	3	dfb3e5f557a17c8cdebdb5b371cf38c5a7ab491b2aeaad6b4e76459a05b44f28
Details	sha256	3	c22d25107e48962b162c935a712240c0a4486b38891855f0e53d5eb972406782
Details	sha256	3	c3a29c2457f33e54298a1c72a967aa161a96b0ae62ffbefe9e5e1c2057d7f3f4
Details	IPv4	20	40.112.72.205
Details	IPv4	1	40.112.72.62
Details	IPv4	1	191.252.140.94
Details	IPv4	1	191.252.140.80
Details	IPv4	1	52.90.87.208
Details	IPv4	4	188.114.96.3
Details	IPv4	1	44.197.246.120
Details	IPv4	1	3.89.115.116
Details	IPv4	1	54.242.65.191
Details	IPv4	1	18.116.41.255
Details	IPv4	1	54.166.97.9
Details	IPv4	4	185.161.248.253
Details	IPv4	22	35.205.61.67
Details	IPv4	1	206.188.197.111
Details	IPv4	1	185.81.114.183
Details	IPv4	3	185.176.220.212
Details	IPv4	3	88.119.169.205
Details	IPv4	1	23.95.170.183
Details	IPv4	3	185.176.220.80
Details	IPv4	1	5.149.255.21
Details	IPv4	1	141.94.37.182
Details	IPv4	1	193.142.59.198
Details	IPv4	1	188.119.148.82
Details	IPv4	1	109.205.214.13
Details	IPv4	1	51.89.16.177
Details	IPv4	1	185.176.220.151
Details	IPv4	1	79.141.165.176
Details	IPv4	1	51.83.172.83
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Bfetipi
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Bfetipi