← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Lazarus Group: Crime_WannaCry | Crime Mirai_Botnet_Malware
WHITE scoreblue 2024-08-12 Modified: 2024-10-12
5763
IOCs
HIGH VOLUME
networkorgdnsrefnethandlenet174net1740000mcicsswippswipperjody alaskajody huffinesverizoneva120block idwirelessdatanetworkswipp9-arinunitedet exploitsmbds ipcshowsearchdefaultasnonenidsgenericqueryservicewannacryransommalwarecopydockwriteeternalbluereconsuspiciousrealtek sdkminiigd upnpsoap commandexploitmsiewindows nthighbinbusyboxgafgytexecutionmirainewremotehostmitmportdestinationnewexternalportnewprotocolnewinternalportrf cumnewenabledaddpoaddportmappingwhois lookupscityorgdnshandlestateprovloudoun countypostalcodetextjavascriptb filefilesfile typejsongrapht1064 executesmodify systemprocess t1543systemd servicepostsmitre attta0002 commandt1059createta0004 createip traffichashesfile systemlibmultipathdevftwdt101devsda1 devsda2files deletede procselffd9h devsda2created binshshell commandsbinsh binshbinsh ci lop m0755varrunsshdprocesses treereferrerpe resourcecry killformbookransomwormwannacry killswitch dnspassword bypassaccount stealerhiddentearinstallerskynetget httpmemory patternhttp requestsrequesthostcachecontrolresponsecontentlengthhttponlysamesitelaxmofresourcenamesettingswpadregistry keyshdaudiomofnameacpimofresourcemofresourceregistrykernel contextruntime modulesmodulesurlscloudflaredomainsip detectionscountrywin32 exemb pemb graphsummarype32 executablems windowsintelms visualwin16 newin32 dynamiclink libraryvs98info compilerproducts idsp6 buildheader intelname md5typelanguagecontainedr englishyara ruleet trojandomain httpcapeyara detectionsalertslogicstatuspassive dnscreation datescan endpointsall scorebluehostnamepulse submiturl analysisdatenextas6167 verizonas22394 verizonshowingentriesaaaacnameasnone unitedwhitelistedas20446as8075ipv4unknownemailsexpiration datename serversaaaa nxdomainireland unknownnxdomainsoa nxdomainns nxdomaina nxdomainas8068united kingdomdomaincve201717215huawei remotehuawei hg532malware wormexploit nonerceate hashspywareadversary in the middlesmugglers gambithitmenhallrendersreredrumpegasus relatedbrute forcetarget tsara brashearsbrian sabey
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DDoS:Linux/Gafgyt.YA!MTB Unix.Trojan.Mirai-7100807-0 ELF:Mirai-AHC\ [Trj] Sf:WNCryLdr-A\ [Trj] Ransom:Win32/WannaCrypt.H Win.Ransomware.WannaCry-6313787-0 Mirai
Indicators of Compromise (367 / 5763 total)
All FileHash-SHA256 CIDR URL email hostname FileHash-MD5 FileHash-SHA1 BitcoinAddress domain CVE
TYPEINDICATORDESCRIPTIONCREATED
domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
domain amazon.com 2024-08-12
domain 40verizon.com 2024-08-12
domain key.pub 2024-08-12
domain libchecktur.so 2024-08-12
domain libprioconst.so 2024-08-12
domain sshd.pid 2024-08-12
domain babe.net 2024-08-12
domain goggles.my 2024-08-12
domain msftconnectfest.com 2024-08-12
domain properrty.co 2024-08-12
domain watchhers.net 2024-08-12
domain b.link 2024-08-12
domain 57g7spgrzlojinas.onion 2024-08-12
domain 76jdd2ir2embyv47.onion 2024-08-12
domain cwwnhwhlz52maqm7.onion 2024-08-12
domain gx7ekbenv2riucmf.onion 2024-08-12
domain xxlvbrloxvriy2c5.onion 2024-08-12
domain 00010001.ci 2024-08-12
domain 00010002.ci 2024-08-12
domain 00010004.ci 2024-08-12
domain 00010007.ci 2024-08-12
domain microsoft.net 2024-08-12
domain 877theinfo.info 2024-08-12
domain airbridge.net 2024-08-12
domain banet.net 2024-08-12
domain bell-space.com 2024-08-12
domain bellatlantic.net 2024-08-12
domain betrusted.com 2024-08-12
domain bhverizonbusiness.com 2024-08-12
domain bizverizon.net 2024-08-12
domain ca-dns.net 2024-08-12
domain concarta.com 2024-08-12
domain cybertrust.com 2024-08-12
domain cybertrustverizonbusiness.com 2024-08-12
domain digex.com 2024-08-12
domain displaycdn.com 2024-08-12
domain downloadnow-1.com 2024-08-12
domain edgecast.com 2024-08-12
domain edoctransfer.com 2024-08-12
domain erizonphones.com 2024-08-12
domain extremedeals.com 2024-08-12
domain fios-blog.com 2024-08-12
domain fiosfasttrack.net 2024-08-12
domain frontvoice.net 2024-08-12
domain getsignals.com 2024-08-12
domain getvztv.com 2024-08-12
domain glblcdn.net 2024-08-12
domain go90.com 2024-08-12
domain google-verizon.com 2024-08-12
domain gte-safari.com 2024-08-12
domain gteccmail.com 2024-08-12
domain gtetest1.net 2024-08-12
domain imsvm.com 2024-08-12
domain incapsula.net 2024-08-12
domain indianapolisfios.com 2024-08-12
domain iotverizonwireless.com 2024-08-12
domain johnsonforums3.com 2024-08-12
domain kroxrcbmnfamvxucfkj.com 2024-08-12
domain mci-advantage.com 2024-08-12
domain mcilink.com 2024-08-12
domain mcimail.com 2024-08-12
domain mciworld.com 2024-08-12
domain minute50.com 2024-08-12
domain my-verizon-wireless.com 2024-08-12
domain mytxtmessage.com 2024-08-12
domain myverizon-longdistance.com 2024-08-12
domain ncsa.com 2024-08-12
domain openoffice365.com 2024-08-12
domain outlookssl.com 2024-08-12
domain peanut-butterandjelly4life.com 2024-08-12
domain rocketmail.com 2024-08-12
domain sasinstitute.net 2024-08-12
domain savewithverizon.com 2024-08-12
domain sidekickopen04.com 2024-08-12
domain smecdn.net 2024-08-12
domain spiketech.com 2024-08-12
domain srartverizon.net 2024-08-12
domain ssp-strong-id.net 2024-08-12
domain streaming-verizon.net 2024-08-12
domain teammciworldcom.com 2024-08-12
domain thefastesthuman.com 2024-08-12
domain thefioslane.com 2024-08-12
domain timetogetmore.com 2024-08-12
domain trusecure.com 2024-08-12
domain tune-up.com 2024-08-12
domain uaverizonbusiness.com 2024-08-12
domain ubizen.com 2024-08-12
domain v12cdn.net 2024-08-12
domain v22cdn.net 2024-08-12
domain v3cdn.com 2024-08-12
domain v3cdn.net 2024-08-12
domain v5cdn.net 2024-08-12
domain vcast-mm.com 2024-08-12
domain veriozen.com 2024-08-12
domain verizomphones.com 2024-08-12
domain verizon-blog.net 2024-08-12
domain verizon-gear.net 2024-08-12
domain verizon-media.com 2024-08-12
domain verizon-wholesale.info 2024-08-12
domain verizon-wireless-sucks.com 2024-08-12
domain verizon1.net 2024-08-12
domain verizon22.com 2024-08-12
domain verizon401k.com 2024-08-12
domain verizon9.com 2024-08-12
domain verizonasserories.com 2024-08-12
domain verizonauthorizedagent.com 2024-08-12
domain verizonc.net 2024-08-12
domain verizoncentrex.com 2024-08-12
domain verizondigitalmedia.com 2024-08-12
domain verizone.net 2024-08-12
domain verizonewirelessrebates.com 2024-08-12
domain verizonexpress.com 2024-08-12
domain 126.net 2024-08-12
domain 163.com 2024-08-12
domain 1e100.net 2024-08-12
domain adsafeprotected.com 2024-08-12
domain alicdn.com 2024-08-12
domain alikunlun.com 2024-08-12
domain alphacdn.net 2024-08-12
domain amazon-adsystem.com 2024-08-12
domain amazonaws.com 2024-08-12
domain ans.net 2024-08-12
domain appspot.com 2024-08-12
domain avg.com 2024-08-12
domain b-msedge.net 2024-08-12
domain baidu.com 2024-08-12
domain chicdn.net 2024-08-12
domain cloudapp.net 2024-08-12
domain cloudfront.net 2024-08-12
domain cmail19.com 2024-08-12
domain com-strong-id.net 2024-08-12
domain deltacdn.net 2024-08-12
domain diablofans.com 2024-08-12
domain doubleclick.net 2024-08-12
domain ebay.com 2024-08-12
domain ebayimg.com 2024-08-12
domain ecdns.net 2024-08-12
domain edgecastcdn.net 2024-08-12
domain edgecastdns.net 2024-08-12
domain ensighten.com 2024-08-12
domain epsiloncdn.net 2024-08-12
domain etacdn.net 2024-08-12
domain facebook.com 2024-08-12
domain fastly.net 2024-08-12
domain fbcdn.net 2024-08-12
domain gammacdn.net 2024-08-12
domain google.net 2024-08-12
domain googleusercontent.com 2024-08-12
domain gstatic.com 2024-08-12
domain gte.com 2024-08-12
domain gte.net 2024-08-12
domain gvt1.com 2024-08-12
domain gvt2.com 2024-08-12
domain hbo.com 2024-08-12
domain hihonor.com 2024-08-12
domain hotmail.com 2024-08-12
domain hpe.com 2024-08-12
domain icann.org 2024-08-12
domain imgfarm.com 2024-08-12
domain intuit.com 2024-08-12
domain iotacdn.net 2024-08-12
domain jabodo.com 2024-08-12
domain kappacdn.net 2024-08-12
domain kaspersky-labs.com 2024-08-12
domain kaspersky.com 2024-08-12
domain kinja-static.com 2024-08-12
domain krxd.net 2024-08-12
domain lambdacdn.net 2024-08-12
domain lnvcdn.net 2024-08-12
domain mci.com 2024-08-12
domain mediaplex.com 2024-08-12
domain myvzw.com 2024-08-12
domain mmstat.com 2024-08-12
domain mozilla.net 2024-08-12
domain msftconnecttest.com 2024-08-12
domain msn.com 2024-08-12
domain msnusers.com 2024-08-12
domain msocsp.com 2024-08-12
domain mucdn.net 2024-08-12
domain netdna-cdn.com 2024-08-12
domain netdna-ssl.com 2024-08-12
domain netease.com 2024-08-12
domain netflix.com 2024-08-12
domain nflxext.com 2024-08-12
domain norton.com 2024-08-12
domain nsatc.net 2024-08-12
domain nucdn.net 2024-08-12
domain office365.com 2024-08-12
domain omicroncdn.net 2024-08-12
domain omniroot.com 2024-08-12
domain oracle.com 2024-08-12
domain phicdn.net 2024-08-12
domain popcap.com 2024-08-12
domain public-trust.com 2024-08-12
domain rhocdn.net 2024-08-12
domain rockstargames.com 2024-08-12
domain securestudies.com 2024-08-12
domain sigmacdn.net 2024-08-12
domain sogoucdn.com 2024-08-12
domain sohu.com 2024-08-12
domain sohucs.com 2024-08-12
domain staticimgfarm.com 2024-08-12
domain swift.com 2024-08-12
domain symcb.com 2024-08-12
domain symcd.com 2024-08-12
domain systemcdn.net 2024-08-12
domain tapad.com 2024-08-12
domain taucdn.net 2024-08-12
domain thetacdn.net 2024-08-12
domain toshiba.com 2024-08-12
domain transactcdn.com 2024-08-12
domain tumblr.com 2024-08-12
domain ucweb.com 2024-08-12
domain umeng.com 2024-08-12
domain upsiloncdn.net 2024-08-12
domain uu.net 2024-08-12
domain v0cdn.net 2024-08-12
domain v1cdn.net 2024-08-12
domain v2cdn.net 2024-08-12
domain v4cdn.net 2024-08-12
domain verizon.com 2024-08-12
domain verizon.net 2024-08-12
domain cnzz.net 2024-08-12
domain xcom.com 2024-08-12
domain hdsdirectory.com 2024-08-12
domain verizoninmate.com 2024-08-12
domain verizonipad.com 2024-08-12
domain vtext.biz 2024-08-12
domain vtext.com 2024-08-12
domain vzspace.net 2024-08-12
domain vzvmz.biz 2024-08-12
domain vzvwp.com 2024-08-12
domain vzwcorp6.com 2024-08-12
domain vzwdocs.com 2024-08-12
domain vzwmail.net 2024-08-12
domain vzwpix.com 2024-08-12
domain vzwshop.com 2024-08-12
domain vzwtone.net 2024-08-12
domain windows.com 2024-08-12
domain wordpress.com 2024-08-12
domain yahoodns.net 2024-08-12
domain zopim.com 2024-08-12
domain osdinfra.net 2024-08-12
domain inc.legal 2024-08-12
domain 5iantlavalamp.com 2024-08-12
domain 998cspoapp.net 2024-08-12
domain accounts-passport.com 2024-08-12
domain administration-hotmail.com 2024-08-12
domain administration-hotmail.org 2024-08-12
domain autosteanna.com 2024-08-12
domain bing.travel 2024-08-12
domain bingdaren.net 2024-08-12
domain bingwiki.com 2024-08-12
domain bingxxx.com 2024-08-12
domain bisazabacom.com 2024-08-12
domain bitchicks.info 2024-08-12
domain bthemall2gonowhaha42.com 2024-08-12
domain bye-xp.tw 2024-08-12
domain caboaccountdogfoodppe.net 2024-08-12
domain communicatorteam.com 2024-08-12
domain core02.net 2024-08-12
domain coretixongr.com 2024-08-12
domain edgeforwindows.com 2024-08-12
domain encarta.com 2024-08-12
domain equiptmypc.com 2024-08-12
domain erwbtkidthetcwerc.com 2024-08-12
domain experienceie.com 2024-08-12
domain forefront.net 2024-08-12
domain gdisrc.net 2024-08-12
domain gfhhthdfggd.com 2024-08-12
domain halomap.com 2024-08-12
domain hololens.info 2024-08-12
domain hotmail.info 2024-08-12
domain hotymail.com 2024-08-12
domain iestats.cc 2024-08-12
domain kemebrremewrewroi5n3b3jb3b367.com 2024-08-12
domain kemebrremewrewroi6d3b3jb3b36d6d.com 2024-08-12
domain livechristmascard.com 2024-08-12
domain microsftband.com 2024-08-12
domain microsoftpinpointweb.com 2024-08-12
domain msn-team.info 2024-08-12
domain msnhome.org 2024-08-12
domain my-playstation-3-reviews.com 2024-08-12
domain neoprenant.com 2024-08-12
domain office365.co 2024-08-12
domain office365sd.com 2024-08-12
domain officeignite.com 2024-08-12
domain onedrive.net 2024-08-12
domain osej36.com 2024-08-12
domain popfly.com 2024-08-12
domain powerpointpresenter.com 2024-08-12
domain psybnc.cz 2024-08-12
domain rterybrstutnrsbberve.com 2024-08-12
domain snpryjitnos.com 2024-08-12
domain tabletpc.com 2024-08-12
domain videosdemsn.com 2024-08-12
domain vmdepot.hk 2024-08-12
domain wervynuuyjhnbvfservdy.com 2024-08-12
domain westarray.com 2024-08-12
domain x-xbox.com 2024-08-12
domain zuf174.com 2024-08-12
domain zxhrteher33.in 2024-08-12
domain banm.com 2024-08-12
domain cellscape.com 2024-08-12
domain digitalphones.net 2024-08-12
domain get-esim.com 2024-08-12
domain getvzappzone.com 2024-08-12
domain gnecdmon.com 2024-08-12
domain myvzweb.com 2024-08-12
domain vdcapps.com 2024-08-12
domain verizonapp.com 2024-08-12
domain verizongridwide.com 2024-08-12
domain vtextme.com 2024-08-12
domain vzwcs.com 2024-08-12
domain vzwdomain.com 2024-08-12
domain vzwpushtotalk.com 2024-08-12
domain vzwsalesforcemanager.net 2024-08-12
domain vzwtest.com 2024-08-12
domain wap2test.com 2024-08-12
domain 1drv.com 2024-08-12
domain a-msedge.net 2024-08-12
domain aka.ms 2024-08-12
domain asp.net 2024-08-12
domain aspnetcdn.com 2024-08-12
domain azureedge.net 2024-08-12
domain bing.com 2024-08-12
domain bing.net 2024-08-12
domain ceipmsn.com 2024-08-12
domain e-msedge.net 2024-08-12
domain footprintdns.com 2024-08-12
domain gva.cc 2024-08-12
domain live.com 2024-08-12
domain live.net 2024-08-12
domain livefilestore.com 2024-08-12
domain microsoft365.com 2024-08-12
domain microsoftinternetsafety.net 2024-08-12
domain microsoftonline-p.com 2024-08-12
domain msecnd.net 2024-08-12
domain msft.net 2024-08-12
domain msftncsi.com 2024-08-12
domain msgamestudios.com 2024-08-12
domain nuget.org 2024-08-12
domain office.com 2024-08-12
domain office.net 2024-08-12
domain onmicrosoft.com 2024-08-12
domain passport.net 2024-08-12
domain photosynth.net 2024-08-12
domain pmr.cc 2024-08-12
domain rgk.cc 2024-08-12
domain s-microsoft.com 2024-08-12
domain s-msedge.net 2024-08-12
domain s-msft.com 2024-08-12
domain sharepoint.com 2024-08-12
domain skype.com 2024-08-12
domain swiftkey.net 2024-08-12
domain virtualearth.net 2024-08-12
domain windows.net 2024-08-12
domain windowsmedia.com 2024-08-12
domain windowsupdate.com 2024-08-12
domain xboxlive.com 2024-08-12
domain vzwfemto.com 2024-08-12
domain vzwwo.com 2024-08-12
domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
domain vultrusercontent.com 2024-09-12
domain line.pm 2024-09-12
domain dnslog.cn 2024-09-12
References (28)
↗ Researched: 174.215.26.0/255 AS 6167 (CELLCO-PART) US | Swipper | Loudon County, Va | Ongoing attacks ↗ Highlighted Text: The following text was observed as standard output, "[THEA-MALWARE]: Gimme Cum Pwease XD" ↗ Trojan.Linux.Mirai.1 | Crime_Mirai | DDoS:Linux/Gafgyt.YA!MTB: FILEHASH - SHA256 a1eff1e00a7d532a6e6d71b3c5328e ↗ Antivirus Detections: ELF:Mirai-AHC\ [Trj] , Unix.Trojan.Mirai-7100807-0 , DDoS:Linux/Gafgyt.YA!MTB ↗ IDS Detections: Huawei Remote Command Execution - Outbound (CVE-2017-17215) ↗ IDS Detections: Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound ↗ Yara Detections: Mirai_Botnet_Malware ↗ High Priority Alerts: dead_host network_icmp osquery_detection network_irc nolookup_communication p2p_cnc ↗ Interesting Strings: http://schemas.xmlsoap.org/soap/encoding/ http://0.0.0.0/nope ↗ Interesting Strings: http://schemas.xmlsoap.org/soap/envelope/ 185.244.25.117 127.0.0.1 ↗ ELF Info Header ELF32 2's complement, little endian 1 (current) UNIX - System V EXEC (Executable file) Intel 80386 0x1 ↗ Matches rule Mirai_Botnet_Malware from ruleset crime_mirai by Florian Roth ↗ Matches rule Linux_Trojan_Mirai_b14f4c5d from ruleset Linux_Trojan_Mirai by Elastic Security ↗ Matches rule SUSP_XORed_Mozilla from ruleset gen_xor_hunting by Florian Roth ↗ Matches rule Linux_Trojan_Mirai_fa3ad9d0 from ruleset Linux_Trojan_Mirai by Elastic Security ↗ https://github.com/Neo23x0/signature-base/search?q=Mirai_Botnet_Malware Desc: Detects Mirai Botnet Malware RULE_AUTHOR: Florian Roth ↗ Crime_WannaCry | Ransom:Win32/WannaCrypt.H | FILEHASH - SHA256 86f7e04aed8403e6b9f0d4ae880a55f7574c1b177cf6c24234ffa992eadb2c52 ↗ Yara Detections: WannaCry_Ransomware , Win32_Ransomware_WannaCry , Wanna_Cry_Ransomware_Generic , ↗ Yara Detections: MS17_010_WanaCry_worm , NHS_Strain_Wanna , stack_string , MS_Visual_Cpp_6_0 ↗ Alerts: nids_exploit_alert nids_malware_alert network_icmp nolookup_communication persistence_autorun network_cnc_http ↗ IDS Detections: W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 ↗ IDS Detections: Domain Sinkholed by Kryptos Logic (HTML Response) ↗ IDS Detections: Possible ETERNALBLUE Probe MS17-010 (MSF style) ↗ IDS Detections: Possible ETERNALBLUE Probe MS17-010 (Generic Flags) ↗ IDS Detections: ETERNALBLUE Probe Vulnerable System Response MS17-010 ↗ IDS Detections: Observed DNS Query to Suspicious Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com) ↗ IDS Detections: Behavioral Unusual Port 445 traffic Potential Scan or Infection ↗ Antivirus Detections Sf:WNCryLdr-A\ [Trj] , Win.Ransomware.WannaCry-6313787-0 , Ransom:Win32/WannaCrypt.H