DNSMon: 用DNS数据进行威胁发现
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Ssh - T1021.004 Rootkit - T1014 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | fad851a0-742e-4df0-b9e4-5f02565b2874 |
| Fingerprint | 83271868743d5930 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 25, 2020, midnight |
| Added to db | Jan. 18, 2023, 7:36 p.m. |
| Last updated | Nov. 20, 2024, 1:36 p.m. |
| Headline | DNSMon: 用DNS数据进行威胁发现 |
| Title | DNSMon: 用DNS数据进行威胁发现 |
| Detected Hints/Tags/Attributes | 20/1/60 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.netlab.360.com/use-dns-data-produce-threat-intelligence/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | r1.googleblockchaintechnology.com |
|
| Details | Domain | 1 | r1.howoldareyou9999.com |
|
| Details | Domain | 1 | r1-443.howoldareyou9999.com |
|
| Details | Domain | 1 | r1-443.franceeiffeltowerss.com |
|
| Details | Domain | 1 | r1.franceeiffeltowerss.com |
|
| Details | Domain | 1 | r1.mylittlewhitebirds.com |
|
| Details | Domain | 1 | r1-443.mylittlewhitebirds.com |
|
| Details | Domain | 1 | r1-443.googleblockchaintechnology.com |
|
| Details | Domain | 1 | onlinetalk.tk |
|
| Details | Domain | 1 | googleblockchaintechnology.com |
|
| Details | Domain | 1 | howoldareyou999.com |
|
| Details | Domain | 1 | franceeiffeltowers.com |
|
| Details | Domain | 1 | rctl.googleblockchaintechnology.com |
|
| Details | Domain | 4 | pm.sh |
|
| Details | Domain | 2 | pm.ipfswallet.tk |
|
| Details | Domain | 1 | pm.cpuminerpool.com |
|
| Details | Domain | 4143 | github.com |
|
| Details | Domain | 3 | www.homeaffairs.gov.au |
|
| Details | Domain | 2 | www.cira.ca |
|
| Details | Domain | 1 | rctl-443.franceeiffeltowers.com |
|
| Details | Domain | 1 | rctl-443.googleblockchaintechnology.com |
|
| Details | Domain | 1 | rctl-443.howoldareyou999.com |
|
| Details | Domain | 1 | rctl-443.ipfswallet.tk |
|
| Details | Domain | 1 | rctl-443.onlinetalk.tk |
|
| Details | Domain | 1 | rctl.franceeiffeltowers.com |
|
| Details | Domain | 1 | rctl.howoldareyou999.com |
|
| Details | Domain | 1 | rctl.ipfswallet.tk |
|
| Details | Domain | 1 | rctl.onlinetalk.tk |
|
| Details | File | 1 | cos6.tar |
|
| Details | File | 1 | cos7.tar |
|
| Details | File | 1 | skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload.html |
|
| Details | File | 9 | assets.pub |
|
| Details | File | 1 | national_cyber_security_strategy_2016.pdf |
|
| Details | File | 1 | cyber-security-strategy-2020.pdf |
|
| Details | File | 1 | rctlcli.cfg |
|
| Details | File | 1 | rctl_ca.crt |
|
| Details | Github username | 1 | ycsunjane |
|
| Details | md5 | 1 | 42d271982608bd740bf8dd3458f79116 |
|
| Details | md5 | 1 | ecb6f50245706cfbdc6d2098bc9c54f3 |
|
| Details | md5 | 1 | 9c129d93f6825b90fa62d37b01ae3b3c |
|
| Details | md5 | 1 | 5840dc51673196c93352b61d502cb779 |
|
| Details | md5 | 1 | 871a598f0ee903b4f57dbc5020aae293 |
|
| Details | sha1 | 1 | ad303c1e121577bbe67b4615a0ef58dc5e27198b |
|
| Details | sha1 | 1 | 4241c714cd2b04f35e49ed593984c6932e1f387c |
|
| Details | sha1 | 1 | 3158b9c2e703a67363ac9ee9c1b247c2e1abf4c7 |
|
| Details | sha1 | 1 | 5fbad62b7738c76094ab6a05b32425305400183f |
|
| Details | sha1 | 1 | e886e1899b636f2875be56b96cf1affdd957348a |
|
| Details | sha256 | 1 | e6eb4093f7d958a56a5cd9252a4b529efba147c0e089567f95838067790789ee |
|
| Details | Url | 1 | http://rctl.googleblockchaintechnology.com/pc |
|
| Details | Url | 1 | http://rctl.googleblockchaintechnology.com/pm.sh |
|
| Details | Url | 1 | http://rctl.googleblockchaintechnology.com/miner2 |
|
| Details | Url | 1 | http://rctl.googleblockchaintechnology.com/miner |
|
| Details | Url | 1 | http://rctl.googleblockchaintechnology.com/cos6.tar.gz |
|
| Details | Url | 1 | http://rctl.googleblockchaintechnology.com/cos7.tar.gz |
|
| Details | Url | 1 | http://pm.cpuminerpool.com/pc |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/19/i/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload.html |
|
| Details | Url | 1 | https://github.com/ycsunjane/rctl |
|
| Details | Url | 1 | https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf |
|
| Details | Url | 1 | https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf |
|
| Details | Url | 1 | https://www.cira.ca/cybersecurity-services/canadian-shield |