PULSE NAME
Lazarus Group: Crime_WannaCry | Crime Mirai_Botnet_Malware
WHITE scoreblue 2024-08-12 Modified: 2024-10-12
5763
IOCs
HIGH VOLUME
networkorgdnsrefnethandlenet174net1740000mcicsswippswipperjody alaskajody huffinesverizoneva120block idwirelessdatanetworkswipp9-arinunitedet exploitsmbds ipcshowsearchdefaultasnonenidsgenericqueryservicewannacryransommalwarecopydockwriteeternalbluereconsuspiciousrealtek sdkminiigd upnpsoap commandexploitmsiewindows nthighbinbusyboxgafgytexecutionmirainewremotehostmitmportdestinationnewexternalportnewprotocolnewinternalportrf cumnewenabledaddpoaddportmappingwhois lookupscityorgdnshandlestateprovloudoun countypostalcodetextjavascriptb filefilesfile typejsongrapht1064 executesmodify systemprocess t1543systemd servicepostsmitre attta0002 commandt1059createta0004 createip traffichashesfile systemlibmultipathdevftwdt101devsda1 devsda2files deletede procselffd9h devsda2created binshshell commandsbinsh binshbinsh ci lop m0755varrunsshdprocesses treereferrerpe resourcecry killformbookransomwormwannacry killswitch dnspassword bypassaccount stealerhiddentearinstallerskynetget httpmemory patternhttp requestsrequesthostcachecontrolresponsecontentlengthhttponlysamesitelaxmofresourcenamesettingswpadregistry keyshdaudiomofnameacpimofresourcemofresourceregistrykernel contextruntime modulesmodulesurlscloudflaredomainsip detectionscountrywin32 exemb pemb graphsummarype32 executablems windowsintelms visualwin16 newin32 dynamiclink libraryvs98info compilerproducts idsp6 buildheader intelname md5typelanguagecontainedr englishyara ruleet trojandomain httpcapeyara detectionsalertslogicstatuspassive dnscreation datescan endpointsall scorebluehostnamepulse submiturl analysisdatenextas6167 verizonas22394 verizonshowingentriesaaaacnameasnone unitedwhitelistedas20446as8075ipv4unknownemailsexpiration datename serversaaaa nxdomainireland unknownnxdomainsoa nxdomainns nxdomaina nxdomainas8068united kingdomdomaincve201717215huawei remotehuawei hg532malware wormexploit nonerceate hashspywareadversary in the middlesmugglers gambithitmenhallrendersreredrumpegasus relatedbrute forcetarget tsara brashearsbrian sabey
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DDoS:Linux/Gafgyt.YA!MTB Unix.Trojan.Mirai-7100807-0 ELF:Mirai-AHC\ [Trj] Sf:WNCryLdr-A\ [Trj] Ransom:Win32/WannaCrypt.H Win.Ransomware.WannaCry-6313787-0 Mirai
Indicators of Compromise (535 / 5763 total)
All FileHash-SHA256 CIDR URL email hostname FileHash-MD5 FileHash-SHA1 BitcoinAddress domain CVE
TYPEINDICATORDESCRIPTIONCREATED
hostname www.virustotal.com 2024-08-12
hostname rdap.arin.net 2024-08-12
hostname 123-110-160-205.best.dynamic.tbcnet.net.tw 2024-08-12
hostname 123-195-112-222.dynamic.kbronet.com.tw 2024-08-12
hostname 222-229-211-85.hyogo.fdn.vectant.ne.jp 2024-08-12
hostname 45.207.182.190.unassigned.ridsa.com.ar 2024-08-12
hostname c00531.jkmk020.com 2024-08-12
hostname customer-187-141-174-129-sta.uninet-ide.com.mx 2024-08-12
hostname net-2-36-141-1.cust.vodafonedsl.it 2024-08-12
hostname www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
hostname 184-23-239-171.dedicated.static.sonic.net 2024-08-12
hostname 187-177-86-221.dynamic.axtel.net 2024-08-12
hostname 2.sub-174-192-0.myvzw.com 2024-08-12
hostname ec2-3-9-195-130.eu-west-2.compute.amazonaws.com 2024-08-12
hostname ip-173-125-216-16.atlnga.spcsdns.net 2024-08-12
hostname n175-36-156-33.meb4.vic.optusnet.com.au 2024-08-12
hostname schemas.xmlsoap.org 2024-08-12
hostname cdn.onenote.net 2024-08-12
hostname tse1.mm.bing.net 2024-08-12
hostname cdn-0.babe.net 2024-08-12
hostname cdn-1.babe.net 2024-08-12
hostname cdn-2.babe.net 2024-08-12
hostname cdn-3.babe.net 2024-08-12
hostname cdn-4.babe.net 2024-08-12
hostname cdn-5.babe.net 2024-08-12
hostname cdn-6.babe.net 2024-08-12
hostname cdn-7.babe.net 2024-08-12
hostname cdn.babe.net 2024-08-12
hostname cs9.wac.phicdn.net.1.1.e64a8639.roksit.net 2024-08-12
hostname ns1.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
hostname ns2.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
hostname ns3.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
hostname ns4.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
hostname test.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
hostname vvv.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-08-12
hostname www.babe.net 2024-08-12
hostname 47.deploy.akamaitechnologies.com 2024-08-12
hostname adservice.google.com.uy 2024-08-12
hostname noticiasmineracao.mining.com 2024-08-12
hostname noticiasmineras.mining.com 2024-08-12
hostname secure.mining.com 2024-08-12
hostname suppliersandequipment.mining.com 2024-08-12
hostname vtbehaviour.commondatastorage.googleapis.com 2024-08-12
hostname ww.google.com.uy 2024-08-12
hostname www.metrobyt-mobile.com 2024-08-12
hostname www.mining.com 2024-08-12
hostname www.mining.com.cdn.cloudflare.net 2024-08-12
hostname carkdns.vzwdomain.com 2024-08-12
hostname njbbdns.vzwdomain.com 2024-08-12
hostname ns1.vzwdomain.com 2024-08-12
hostname ns2.vzwdomain.com 2024-08-12
hostname 155.sub-174-215-26.myvzw.com 2024-08-12
hostname whois.markmonitor.com 2024-08-12
hostname www.icann.org 2024-08-12
hostname www.markmonitor.com 2024-08-12
hostname 1.sub-166-140-82.myvzw.com 2024-08-12
hostname 10.sub-166-155-28.myvzw.com 2024-08-12
hostname 105.sub-166-168-209.myvzw.com 2024-08-12
hostname 106.sub-75-249-96.myvzw.com 2024-08-12
hostname 112.sub-75-226-107.myvzw.com 2024-08-12
hostname 119.sub-97-176-2.myvzw.com 2024-08-12
hostname 121.sub-174-251-164.myvzw.com 2024-08-12
hostname 125.sub-166-251-169.myvzw.com 2024-08-12
hostname 130.sub-166-168-247.myvzw.com 2024-08-12
hostname 135.sub-166-169-16.myvzw.com 2024-08-12
hostname 146.sub-166-141-118.myvzw.com 2024-08-12
hostname 152.sub-166-239-34.myvzw.com 2024-08-12
hostname 160.sub-166-169-208.myvzw.com 2024-08-12
hostname 161.sub-166-157-187.myvzw.com 2024-08-12
hostname 163.sub-75-230-131.myvzw.com 2024-08-12
hostname 173.sub-75-210-154.myvzw.com 2024-08-12
hostname 182.sub-97-156-85.myvzw.com 2024-08-12
hostname 183.sub-97-145-105.myvzw.com 2024-08-12
hostname 186.sub-166-141-243.myvzw.com 2024-08-12
hostname 187.sub-166-165-75.myvzw.com 2024-08-12
hostname 19.sub-174-215-243.myvzw.com 2024-08-12
hostname 19.sub-97-149-231.myvzw.com 2024-08-12
hostname 196.sub-166-142-156.myvzw.com 2024-08-12
hostname 197.sub-97-156-32.myvzw.com 2024-08-12
hostname 2.sub-75-219-114.myvzw.com 2024-08-12
hostname 204.sub-75-221-85.myvzw.com 2024-08-12
hostname 209.sub-97-156-102.myvzw.com 2024-08-12
hostname 211.sub-166-169-174.myvzw.com 2024-08-12
hostname 213.sub-166-148-242.myvzw.com 2024-08-12
hostname 213.sub-166-168-97.myvzw.com 2024-08-12
hostname 220.sub-166-159-102.myvzw.com 2024-08-12
hostname 224.sub-166-211-87.myvzw.com 2024-08-12
hostname 225.sub-166-144-239.myvzw.com 2024-08-12
hostname 226.sub-166-145-85.myvzw.com 2024-08-12
hostname 230.sub-166-166-188.myvzw.com 2024-08-12
hostname 252.sub-166-168-101.myvzw.com 2024-08-12
hostname 253.sub-166-252-27.myvzw.com 2024-08-12
hostname 254.sub-141-207-173.myvzw.com 2024-08-12
hostname 255.sub-97-128-147.myvzw.com 2024-08-12
hostname 33.sub-166-146-18.myvzw.com 2024-08-12
hostname 34.sub-166-168-99.myvzw.com 2024-08-12
hostname 34.sub-166-255-244.myvzw.com 2024-08-12
hostname 35.sub-166-142-197.myvzw.com 2024-08-12
hostname 40.sub-97-137-251.myvzw.com 2024-08-12
hostname 43.sub-166-254-119.myvzw.com 2024-08-12
hostname 50.sub-166-167-220.myvzw.com 2024-08-12
hostname 52.sub-97-181-213.myvzw.com 2024-08-12
hostname 59.sub-166-139-77.myvzw.com 2024-08-12
hostname 62.sub-166-168-102.myvzw.com 2024-08-12
hostname 64.sub-166-148-36.myvzw.com 2024-08-12
hostname 69.sub-72-108-120.myvzw.com 2024-08-12
hostname 73.sub-166-252-97.myvzw.com 2024-08-12
hostname 75.sub-166-166-93.myvzw.com 2024-08-12
hostname 75.sub-174-238-225.myvzw.com 2024-08-12
hostname 75.sub-75-239-245.myvzw.com 2024-08-12
hostname 77.sub-166-154-136.myvzw.com 2024-08-12
hostname 77.sub-166-250-153.myvzw.com 2024-08-12
hostname 77.sub-75-244-51.myvzw.com 2024-08-12
hostname 78.sub-166-141-253.myvzw.com 2024-08-12
hostname 87.sub-166-145-46.myvzw.com 2024-08-12
hostname 91.sub-72-106-154.myvzw.com 2024-08-12
hostname 92.sub-75-226-128.myvzw.com 2024-08-12
hostname 95.sub-97-182-197.myvzw.com 2024-08-12
hostname gizmo.dashboard.myvzw.com 2024-08-12
hostname gizmo.gcs.myvzw.com 2024-08-12
hostname gizmo.gpals.myvzw.com 2024-08-12
hostname gizmo.statistics.myvzw.com 2024-08-12
hostname gizmo.wss.myvzw.com 2024-08-12
hostname host140.sub-63-42-164.myvzw.com 2024-08-12
hostname host150.sub-63-40-195.myvzw.com 2024-08-12
hostname host163.sub-63-41-157.myvzw.com 2024-08-12
hostname host165.sub-63-45-217.myvzw.com 2024-08-12
hostname host204.sub-63-45-207.myvzw.com 2024-08-12
hostname host21.sub-63-47-116.myvzw.com 2024-08-12
hostname host220.sub-63-45-199.myvzw.com 2024-08-12
hostname host235.sub-63-43-200.myvzw.com 2024-08-12
hostname host3.sub-63-42-151.myvzw.com 2024-08-12
hostname host38.sub-63-47-117.myvzw.com 2024-08-12
hostname host4.sub-63-45-217.myvzw.com 2024-08-12
hostname host58.sub-63-47-116.myvzw.com 2024-08-12
hostname host62.sub-63-47-116.myvzw.com 2024-08-12
hostname host76.sub-63-47-116.myvzw.com 2024-08-12
hostname host94.sub-63-47-117.myvzw.com 2024-08-12
hostname host99.sub-63-47-38.myvzw.com 2024-08-12
hostname wsg.nab.myvzw.com 2024-08-12
hostname wsg.nab.myvzw.com.cdn.cloudflare.net 2024-08-12
hostname 126.sub-166-247-182.myvzw.com 2024-08-12
hostname 130.sub-174-243-53.myvzw.com 2024-08-12
hostname 133.sub-166-139-72.myvzw.com 2024-08-12
hostname 133.sub-75-223-184.myvzw.com 2024-08-12
hostname 138.sub-69-83-131.myvzw.com 2024-08-12
hostname 171.sub-97-154-117.myvzw.com 2024-08-12
hostname 183.sub-166-161-21.myvzw.com 2024-08-12
hostname 186.sub-75-199-183.myvzw.com 2024-08-12
hostname 197.sub-174-250-209.myvzw.com 2024-08-12
hostname 203.sub-75-223-58.myvzw.com 2024-08-12
hostname 206.sub-166-169-118.myvzw.com 2024-08-12
hostname 214.sub-166-151-134.myvzw.com 2024-08-12
hostname 215.sub-174-234-175.myvzw.com 2024-08-12
hostname 238.sub-174-251-50.myvzw.com 2024-08-12
hostname 245.sub-166-247-179.myvzw.com 2024-08-12
hostname 4.sub-166-168-105.myvzw.com 2024-08-12
hostname 6.sub-75-222-205.myvzw.com 2024-08-12
hostname 60.sub-75-210-106.myvzw.com 2024-08-12
hostname 61.sub-166-252-77.myvzw.com 2024-08-12
hostname 73.sub-75-243-55.myvzw.com 2024-08-12
hostname 85.sub-166-155-43.myvzw.com 2024-08-12
hostname 85.sub-166-241-136.myvzw.com 2024-08-12
hostname 93.sub-97-137-205.myvzw.com 2024-08-12
hostname 95.sub-75-249-4.myvzw.com 2024-08-12
hostname av-vmsp.myvzw.com 2024-08-12
hostname callername.myvzw.com 2024-08-12
hostname ccid-vasp.myvzw.com 2024-08-12
hostname cpeocs.myvzw.com 2024-08-12
hostname devicegw.gtm.myvzw.com 2024-08-12
hostname devicegw.myvzw.com 2024-08-12
hostname dns1.registrar-servers.com 2024-08-12
hostname dns2.registrar-servers.com 2024-08-12
hostname eap-ide.gtm.myvzw.com 2024-08-12
hostname eap-ide.myvzw.com 2024-08-12
hostname gateway.fdo-qa.myvzw.com 2024-08-12
hostname hds.myvzw.com 2024-08-12
hostname host12.sub-63-45-195.myvzw.com 2024-08-12
hostname host151.sub-63-47-113.myvzw.com 2024-08-12
hostname host21.sub-63-40-29.myvzw.com 2024-08-12
hostname host4.sub-63-45-214.myvzw.com 2024-08-12
hostname host57.sub-63-45-202.myvzw.com 2024-08-12
hostname host60.sub-63-42-140.myvzw.com 2024-08-12
hostname intelligence.m2m.myvzw.com 2024-08-12
hostname mec-scef.gtm.myvzw.com 2024-08-12
hostname mec-scef.myvzw.com 2024-08-12
hostname mmg-vasp.gtm.myvzw.com 2024-08-12
hostname mmg-vasp.myvzw.com 2024-08-12
hostname mod3a.myvzw.com 2024-08-12
hostname mod3a.verizonwireless.com 2024-08-12
hostname mup.amp.mcafee.com 2024-08-12
hostname ndetdevices.myvzw.com 2024-08-12
hostname sidecar-cloud.gtm.myvzw.com 2024-08-12
hostname sparkle.myvzw.com 2024-08-12
hostname spc-me.gtm.myvzw.com 2024-08-12
hostname spc-me.myvzw.com 2024-08-12
hostname spc-mepfe.myvzw.com 2024-08-12
hostname spc-pfe.myvzw.com 2024-08-12
hostname spc.gtm.myvzw.com 2024-08-12
hostname sv1iv.myvzw.com 2024-08-12
hostname vault-media.myvzw.com 2024-08-12
hostname vault-media.ont-hs4.newbayasp.net 2024-08-12
hostname vead-wlk-enginuity.myvzw.com 2024-08-12
hostname voicemail.myvzw.com 2024-08-12
hostname vzw-sparkle.locationlabs.com 2024-08-12
hostname www.myvzw.com 2024-08-12
hostname 101.sub-75-199-205.myvzw.com 2024-08-12
hostname 104.sub-75-222-131.myvzw.com 2024-08-12
hostname 105.sub-75-197-132.myvzw.com 2024-08-12
hostname 105.sub-75-223-94.myvzw.com 2024-08-12
hostname 106.sub-75-215-93.myvzw.com 2024-08-12
hostname 110.sub-174-193-85.myvzw.com 2024-08-12
hostname 110.sub-70-221-29.myvzw.com 2024-08-12
hostname 110.sub-75-199-47.myvzw.com 2024-08-12
hostname 110.sub-75-217-148.myvzw.com 2024-08-12
hostname 15.sub-166-141-26.myvzw.com 2024-08-12
hostname 156.sub-166-253-160.myvzw.com 2024-08-12
hostname 162.sub-166-165-75.myvzw.com 2024-08-12
hostname 179.sub-166-161-179.myvzw.com 2024-08-12
hostname 2.sub-166-253-160.myvzw.com 2024-08-12
hostname 209.sub-166-165-248.myvzw.com 2024-08-12
hostname 227.sub-174-194-194.myvzw.com 2024-08-12
hostname 3.sub-166-253-160.myvzw.com 2024-08-12
hostname 35.sub-166-239-63.myvzw.com 2024-08-12
hostname 4.sub-166-253-160.myvzw.com 2024-08-12
hostname 43.sub-72-111-132.myvzw.com 2024-08-12
hostname 5.sub-166-253-160.myvzw.com 2024-08-12
hostname 6.sub-166-253-160.myvzw.com 2024-08-12
hostname 70.sub-166-253-160.myvzw.com 2024-08-12
hostname 78.sub-166-253-160.myvzw.com 2024-08-12
hostname 8.sub-166-253-160.myvzw.com 2024-08-12
hostname 94.sub-174-224-100.myvzw.com 2024-08-12
hostname 97.sub-174-247-253.myvzw.com 2024-08-12
hostname auth.fdo-qa.myvzw.com 2024-08-12
hostname auth.fdo.myvzw.com 2024-08-12
hostname bbtpnj-ecls-collserv.myvzw.com 2024-08-12
hostname bbtpnj-ecls-mlp.myvzw.com 2024-08-12
hostname clientapidtds.myvzw.com 2024-08-12
hostname clspco-ecls-mlp.myvzw.com 2024-08-12
hostname dashboard.fdo.myvzw.com 2024-08-12
hostname devicestage.myvzw.com 2024-08-12
hostname e-slp.lte.911.bbtpnjcls.myvzw.com 2024-08-12
hostname gateway.fdo.myvzw.com 2024-08-12
hostname gizmo.avatar.myvzw.com 2024-08-12
hostname gizmo.gpaps.myvzw.com 2024-08-12
hostname gizmo.gtabs.myvzw.com 2024-08-12
hostname gizmohub.myvzw.com 2024-08-12
hostname portal.fdo.myvzw.com 2024-08-12
hostname scef.gtm.myvzw.com 2024-08-12
hostname scef.myvzw.com 2024-08-12
hostname volte-ice.myvzw.com 2024-08-12
hostname mux14.bay.osdinfra.net 2024-08-12
hostname ns1-32.azure-dns.com 2024-08-12
hostname ns1.msedge.net 2024-08-12
hostname ns2-32.azure-dns.net 2024-08-12
hostname ns2.msedge.net 2024-08-12
hostname ns3-32.azure-dns.org 2024-08-12
hostname ns3.msedge.net 2024-08-12
hostname ns4-32.azure-dns.info 2024-08-12
hostname ns4.msedge.net 2024-08-12
hostname aad.cosmos.osdinfra.net 2024-08-12
hostname aad.cosmos09.osdinfra.net 2024-08-12
hostname aad.cosmos11.osdinfra.net 2024-08-12
hostname aad.cosmos12.osdinfra.net 2024-08-12
hostname aad.cosmos14.osdinfra.net 2024-08-12
hostname aad.cosmos15.osdinfra.net 2024-08-12
hostname aad.cosmos17.osdinfra.net 2024-08-12
hostname aad.cosmoscrux.osdinfra.net 2024-08-12
hostname aad.cosmosfreshbcp.osdinfra.net 2024-08-12
hostname aad.cosmosppe.osdinfra.net 2024-08-12
hostname aad.cosmostaurus.osdinfra.net 2024-08-12
hostname aad.cosmosvetest.osdinfra.net 2024-08-12
hostname anpref.osdinfra.net 2024-08-12
hostname apamssl.autopilot.sh1n.osdinfra.net 2024-08-12
hostname blueshiftdevcompute.osdinfra.net 2024-08-12
hostname blueshiftdevjobservice.osdinfra.net 2024-08-12
hostname cluster.osdinfra.net 2024-08-12
hostname cockpit.autopilot.dm2p.osdinfra.net 2024-08-12
hostname cockpit.osdinfra.net 2024-08-12
hostname cosmos11.osdinfra.net 2024-08-12
hostname cosmos12.osdinfra.net 2024-08-12
hostname cosmos14.osdinfra.net 2024-08-12
hostname cosmos15.osdinfra.net 2024-08-12
hostname cosmos17.osdinfra.net 2024-08-12
hostname cosmosdatamap.osdinfra.net 2024-08-12
hostname cosmosdatamapdev.osdinfra.net 2024-08-12
hostname cosmosdatamapppe.osdinfra.net 2024-08-12
hostname cosmosdatamaptest.osdinfra.net 2024-08-12
hostname cosmossantorini.osdinfra.net 2024-08-12
hostname cosmossextansjobservice.osdinfra.net 2024-08-12
hostname cosmossextansppe.osdinfra.net 2024-08-12
hostname cosmosveppe.osdinfra.net 2024-08-12
hostname cws.ap10.osdinfra.net 2024-08-12
hostname cws.blakebackend.osdinfra.net 2024-08-12
hostname cws.bluewhalepygmy.osdinfra.net 2024-08-12
hostname cws.cosmosatlas.osdinfra.net 2024-08-12
hostname cws.cosmosbajanarwhal.osdinfra.net 2024-08-12
hostname cws.cosmoscorvus.osdinfra.net 2024-08-12
hostname cws.cosmoscrux.osdinfra.net 2024-08-12
hostname cws.cosmosdraco.osdinfra.net 2024-08-12
hostname cws.cosmosleo.osdinfra.net 2024-08-12
hostname cws.cosmoslibra.osdinfra.net 2024-08-12
hostname cws.cosmoslumen.osdinfra.net 2024-08-12
hostname cws.cosmospolaris.osdinfra.net 2024-08-12
hostname cws.cosmospyxis.osdinfra.net 2024-08-12
hostname cws.cosmosrm01.osdinfra.net 2024-08-12
hostname cws.cosmossextans.osdinfra.net 2024-08-12
hostname cws.cosmostaurus.osdinfra.net 2024-08-12
hostname cws.cosmosveritas.osdinfra.net 2024-08-12
hostname cws.cosmosvetest.osdinfra.net 2024-08-12
hostname cws.koboperf.osdinfra.net 2024-08-12
hostname cws.koboppe.osdinfra.net 2024-08-12
hostname cws.kobotest02.osdinfra.net 2024-08-12
hostname cws.kobotest04.osdinfra.net 2024-08-12
hostname cws.kobotest05.osdinfra.net 2024-08-12
hostname cws.konafedrdev.osdinfra.net 2024-08-12
hostname cws.soyfedr.osdinfra.net 2024-08-12
hostname debugcert.osdinfra.net 2024-08-12
hostname gen1gen2migration-aad.ppe.credential.osdinfra.net 2024-08-12
hostname gen1gen2migration-aad.prod.credential.osdinfra.net 2024-08-12
hostname marketscience.cosmos08.osdinfra.net 2024-08-12
hostname mux14.sn2.osdinfra.net 2024-08-12
hostname netgraph.osdinfra.net 2024-08-12
hostname rmtest.osdinfra.net 2024-08-12
hostname sawd.netperf.osdinfra.net 2024-08-12
hostname sh1n.apamssl.osdinfra.net 2024-08-12
hostname toposerviceclient.netperf.osdinfra.net 2024-08-12
hostname www.cosmos08.osdinfra.net 2024-08-12
hostname www.cosmos14.osdinfra.net 2024-08-12
hostname www.cosmos17.osdinfra.net 2024-08-12
hostname www.kiwicrux.osdinfra.net 2024-08-12
hostname www.kiwiint01.osdinfra.net 2024-08-12
hostname www.kiwitest.osdinfra.net 2024-08-12
hostname aad.cosmos08.osdinfra.net 2024-08-12
hostname ap10.osdinfra.net 2024-08-12
hostname bj1n.cockpit.osdinfra.net 2024-08-12
hostname bluewhalekrill.osdinfra.net 2024-08-12
hostname bluewhalepygmy.osdinfra.net 2024-08-12
hostname cockpit.autopilot.bj1n.osdinfra.net 2024-08-12
hostname configquery.osdinfra.net 2024-08-12
hostname cosmos.osdinfra.net 2024-08-12
hostname cosmos08.osdinfra.net 2024-08-12
hostname cosmos09.osdinfra.net 2024-08-12
hostname cosmos13.osdinfra.net 2024-08-12
hostname cosmos15migration.osdinfra.net 2024-08-12
hostname cosmosatlas.osdinfra.net 2024-08-12
hostname cosmosbajanarwhal.osdinfra.net 2024-08-12
hostname cosmoscatapult.osdinfra.net 2024-08-12
hostname cosmoscorvus.osdinfra.net 2024-08-12
hostname cosmoscrux.osdinfra.net 2024-08-12
hostname cosmosdraco.osdinfra.net 2024-08-12
hostname cosmosfreshbcp.osdinfra.net 2024-08-12
hostname cosmosleo.osdinfra.net 2024-08-12
hostname cosmoslumen.osdinfra.net 2024-08-12
hostname cosmospolaris.osdinfra.net 2024-08-12
hostname cosmosppe.osdinfra.net 2024-08-12
hostname cosmospyxis.osdinfra.net 2024-08-12
hostname cosmosrm01.osdinfra.net 2024-08-12
hostname cosmossextans.osdinfra.net 2024-08-12
hostname cosmostaurus.osdinfra.net 2024-08-12
hostname cosmosveritas.osdinfra.net 2024-08-12
hostname cosmosvetest.osdinfra.net 2024-08-12
hostname cws.cosmos08.osdinfra.net 2024-08-12
hostname cws.cosmos09.osdinfra.net 2024-08-12
hostname cws.cosmos11.osdinfra.net 2024-08-12
hostname cws.cosmos12.osdinfra.net 2024-08-12
hostname cws.cosmos14.osdinfra.net 2024-08-12
hostname cws.cosmos15.osdinfra.net 2024-08-12
hostname cws.cosmos17.osdinfra.net 2024-08-12
hostname cws.cosmosfreshbcp.osdinfra.net 2024-08-12
hostname instalytics01.osdinfra.net 2024-08-12
hostname kobo-2-aad.ppe.credential.osdinfra.net 2024-08-12
hostname kobo-2-aad.prod.credential.osdinfra.net 2024-08-12
hostname konafedrdev.osdinfra.net 2024-08-12
hostname ndastreamingclienttest.osdinfra.net 2024-08-12
hostname ndm.osdinfra.net 2024-08-12
hostname netgraphcy2.osdinfra.net 2024-08-12
hostname netgraphfe.osdinfra.net 2024-08-12
hostname netgraphpf.osdinfra.net 2024-08-12
hostname netperf.osdinfra.net 2024-08-12
hostname netperf1.osdinfra.net 2024-08-12
hostname netperf2.osdinfra.net 2024-08-12
hostname netperfpf.osdinfra.net 2024-08-12
hostname netval.osdinfra.net 2024-08-12
hostname pfportal.osdinfra.net 2024-08-12
hostname phynet.osdinfra.net 2024-08-12
hostname pinglist.azpingmesh.osdinfra.net 2024-08-12
hostname rdm.osdinfra.net 2024-08-12
hostname soyfedr.osdinfra.net 2024-08-12
hostname store2.osdinfra.net 2024-08-12
hostname wsproxy.osdinfra.net 2024-08-12
hostname wsproxy2.osdinfra.net 2024-08-12
hostname wsproxyfe.osdinfra.net 2024-08-12
hostname wsproxyfrontend.osdinfra.net 2024-08-12
hostname xping-to-cfe.test.osdinfra.net 2024-08-12
hostname 11.223.198.in-addr.arpa 2024-08-12
hostname 112.248.166.in-addr.arpa 2024-08-12
hostname 113.146.166.in-addr.arpa 2024-08-12
hostname 114.168.166.in-addr.arpa 2024-08-12
hostname 177.247.166.in-addr.arpa 2024-08-12
hostname 177.251.166.in-addr.arpa 2024-08-12
hostname 178.158.166.in-addr.arpa 2024-08-12
hostname 178.167.166.in-addr.arpa 2024-08-12
hostname 178.225.198.in-addr.arpa 2024-08-12
hostname 178.241.166.in-addr.arpa 2024-08-12
hostname 178.255.166.in-addr.arpa 2024-08-12
hostname 179.146.166.in-addr.arpa 2024-08-12
hostname 179.147.166.in-addr.arpa 2024-08-12
hostname 179.154.166.in-addr.arpa 2024-08-12
hostname 179.223.198.in-addr.arpa 2024-08-12
hostname 179.225.198.in-addr.arpa 2024-08-12
hostname 179.250.166.in-addr.arpa 2024-08-12
hostname 18.152.166.in-addr.arpa 2024-08-12
hostname 18.246.166.in-addr.arpa 2024-08-12
hostname 180.144.166.in-addr.arpa 2024-08-12
hostname 180.159.166.in-addr.arpa 2024-08-12
hostname 180.167.166.in-addr.arpa 2024-08-12
hostname 180.211.166.in-addr.arpa 2024-08-12
hostname 180.240.166.in-addr.arpa 2024-08-12
hostname 180.241.166.in-addr.arpa 2024-08-12
hostname 180.252.166.in-addr.arpa 2024-08-12
hostname 180.254.166.in-addr.arpa 2024-08-12
hostname 181.224.198.in-addr.arpa 2024-08-12
hostname 181.250.166.in-addr.arpa 2024-08-12
hostname 181.251.166.in-addr.arpa 2024-08-12
hostname 183.145.166.in-addr.arpa 2024-08-12
hostname 183.152.166.in-addr.arpa 2024-08-12
hostname 183.156.166.in-addr.arpa 2024-08-12
hostname 183.159.166.in-addr.arpa 2024-08-12
hostname 183.250.166.in-addr.arpa 2024-08-12
hostname 183.251.166.in-addr.arpa 2024-08-12
hostname 184.140.166.in-addr.arpa 2024-08-12
hostname 184.151.166.in-addr.arpa 2024-08-12
hostname 184.244.166.in-addr.arpa 2024-08-12
hostname 184.250.166.in-addr.arpa 2024-08-12
hostname 185.146.166.in-addr.arpa 2024-08-12
hostname 185.155.166.in-addr.arpa 2024-08-12
hostname 185.223.198.in-addr.arpa 2024-08-12
hostname 186.140.166.in-addr.arpa 2024-08-12
hostname 186.153.166.in-addr.arpa 2024-08-12
hostname 186.165.166.in-addr.arpa 2024-08-12
hostname 186.251.166.in-addr.arpa 2024-08-12
hostname 186.253.166.in-addr.arpa 2024-08-12
hostname 186.255.166.in-addr.arpa 2024-08-12
hostname 187.149.166.in-addr.arpa 2024-08-12
hostname 187.164.166.in-addr.arpa 2024-08-12
hostname 187.243.166.in-addr.arpa 2024-08-12
hostname 187.245.166.in-addr.arpa 2024-08-12
hostname 188.150.166.in-addr.arpa 2024-08-12
hostname 189.211.166.in-addr.arpa 2024-08-12
hostname 189.242.166.in-addr.arpa 2024-08-12
hostname 19.147.166.in-addr.arpa 2024-08-12
hostname 19.152.166.in-addr.arpa 2024-08-12
hostname 19.246.166.in-addr.arpa 2024-08-12
hostname 19.253.166.in-addr.arpa 2024-08-12
hostname 190.141.166.in-addr.arpa 2024-08-12
hostname 190.146.166.in-addr.arpa 2024-08-12
hostname 190.150.166.in-addr.arpa 2024-08-12
hostname 190.165.166.in-addr.arpa 2024-08-12
hostname 190.224.198.in-addr.arpa 2024-08-12
hostname 191.252.166.in-addr.arpa 2024-08-12
hostname 191.254.166.in-addr.arpa 2024-08-12
hostname 193.149.166.in-addr.arpa 2024-08-12
hostname 193.223.198.in-addr.arpa 2024-08-12
hostname 195.152.166.in-addr.arpa 2024-08-12
hostname 195.161.166.in-addr.arpa 2024-08-12
hostname 195.243.166.in-addr.arpa 2024-08-12
hostname aznetmeta.trafficmanager.net 2024-08-12
hostname cosmos11.trafficmanager.net 2024-08-12
hostname cosmos12.trafficmanager.net 2024-08-12
hostname cosmos14.trafficmanager.net 2024-08-12
hostname cosmos15.trafficmanager.net 2024-08-12
hostname configquery.trafficmanager.net 2024-08-12
hostname 186.97.in-addr.arpa 2024-08-12
hostname 192.70.in-addr.arpa 2024-08-12
hostname 192.97.in-addr.arpa 2024-08-12
hostname 194.97.in-addr.arpa 2024-08-12
hostname sub-174-231-94.myvzw.com 2024-08-12
hostname vma.verizon.com 2024-08-12
hostname 102.sub-66-174-70.myvzw.com 2024-08-12
hostname schemas.xmlsoap.org 2024-09-12
hostname dns.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname ns1.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname ns2.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname ns3.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname ns4.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname reachoutforbitswuzhere.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname test.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname vvv.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname www.idlercwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname xxx.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2024-09-12
hostname 207.148.66.49.vultrusercontent.com 2024-09-12
hostname 3a177179-d506-4989-8b70-f9699e05d10c.waconazure.com 2024-09-12
hostname 45.63.123.62.vultrusercontent.com 2024-09-12
hostname 4530f884-24c3-4182-834c-b965ea4ae1fb.waconazure.com 2024-09-12
hostname 53ec6030-7522-11eb-9f18-3baf7bf04e4a-local.solinkcloud.com 2024-09-12
hostname 54825a5e-9d9c-4b84-998f-69f3d38125f9.arc.waconazure.com 2024-09-12
hostname 76ec1b70-2b5d-11eb-b110-d17b2c14f7c3-local.solinkcloud.com 2024-09-12
hostname 7b2e5875-70fc-4831-90d1-860c169e480e.arc.waconazure.com 2024-09-12
hostname 7e2f1d60-910e-11ed-8ddb-094dab159323-local.solinkcloud.com 2024-09-12
hostname 9391d5c1-bfdd-4939-a8c1-55d6c33dbff4.arc.waconazure.com 2024-09-12
hostname alertsesslon.line.pm 2024-09-12
hostname b1d9d88b-3d72-4a77-a66d-39bbd0d92680.waconazure.com 2024-09-12
hostname bef017ed-9de4-482b-abe4-ac3f6fa5c866.arc.waconazure.com 2024-09-12
hostname canary-people-insights-api-alpha.prod-c15a-awsuse.ppops.net 2024-09-12
hostname cf6729e5-a1a2-458d-b79e-27413b265f7c.waconazure.com 2024-09-12
hostname e2af6b59-2ded-47c0-abeb-2214e2eae175.waconazure.com 2024-09-12
hostname fep6kf.dnslog.cn 2024-09-12
hostname people-insights-api-alpha.prod-c15b-awsuse.ppops.net 2024-09-12
hostname qqvvc.mesh.mmscloudteam.com 2024-09-12
hostname 167.179.72.76.vultrusercontent.com 2024-09-12
hostname 217.69.10.42.vultrusercontent.com 2024-09-12
hostname 45.32.212.189.vultrusercontent.com 2024-09-12
hostname 123.imag.ppuz7b.dnslog.cn 2024-09-12
hostname 2.qzawg4.dnslog.cn 2024-09-12
hostname 3.qzawg4.dnslog.cn 2024-09-12
hostname 3lkrjj.dnslog.cn 2024-09-12
hostname 4r3gp7.dnslog.cn 2024-09-12
hostname 5.qzawg4.dnslog.cn 2024-09-12
hostname 5lvigv.dnslog.cn 2024-09-12
hostname 6k77k5.dnslog.cn 2024-09-12
hostname b.0pbnkh.dnslog.cn 2024-09-12
hostname bxrqz-wgtmsqpzc5uyk_1lepyutvb9kylz_rar4sggv4lulhzo.2.lzylm6tz5a3q0k0.0a21nb.dnslog.cn 2024-09-12
hostname c8te5h0cv1ijxjgjuvnyc0hzh27tycwueo_xjomgsmfjk2kkis.680bgxao8fe46di.vp74pq.dnslog.cn 2024-09-12
hostname d0ahgl.dnslog.cn 2024-09-12
hostname dhs8iz.dnslog.cn 2024-09-12
hostname ft41v2.dnslog.cn 2024-09-12
hostname s6.33yi780u.ldap.go45gk.dnslog.cn 2024-09-12
hostname so1dsa.dnslog.cn 2024-09-12
hostname struts2xx4.7yhqhh.dnslog.cn 2024-09-12
hostname test.dnslog.cn 2024-09-12
hostname xxx.dnslog.cn 2024-09-12
hostname 5znn.line.pm 2024-09-12
hostname bagira.line.pm 2024-09-12
hostname foodgram.line.pm 2024-09-12
References (28)
↗ Researched: 174.215.26.0/255 AS 6167 (CELLCO-PART) US | Swipper | Loudon County, Va | Ongoing attacks ↗ Highlighted Text: The following text was observed as standard output, "[THEA-MALWARE]: Gimme Cum Pwease XD" ↗ Trojan.Linux.Mirai.1 | Crime_Mirai | DDoS:Linux/Gafgyt.YA!MTB: FILEHASH - SHA256 a1eff1e00a7d532a6e6d71b3c5328e ↗ Antivirus Detections: ELF:Mirai-AHC\ [Trj] , Unix.Trojan.Mirai-7100807-0 , DDoS:Linux/Gafgyt.YA!MTB ↗ IDS Detections: Huawei Remote Command Execution - Outbound (CVE-2017-17215) ↗ IDS Detections: Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound ↗ Yara Detections: Mirai_Botnet_Malware ↗ High Priority Alerts: dead_host network_icmp osquery_detection network_irc nolookup_communication p2p_cnc ↗ Interesting Strings: http://schemas.xmlsoap.org/soap/encoding/ http://0.0.0.0/nope ↗ Interesting Strings: http://schemas.xmlsoap.org/soap/envelope/ 185.244.25.117 127.0.0.1 ↗ ELF Info Header ELF32 2's complement, little endian 1 (current) UNIX - System V EXEC (Executable file) Intel 80386 0x1 ↗ Matches rule Mirai_Botnet_Malware from ruleset crime_mirai by Florian Roth ↗ Matches rule Linux_Trojan_Mirai_b14f4c5d from ruleset Linux_Trojan_Mirai by Elastic Security ↗ Matches rule SUSP_XORed_Mozilla from ruleset gen_xor_hunting by Florian Roth ↗ Matches rule Linux_Trojan_Mirai_fa3ad9d0 from ruleset Linux_Trojan_Mirai by Elastic Security ↗ https://github.com/Neo23x0/signature-base/search?q=Mirai_Botnet_Malware Desc: Detects Mirai Botnet Malware RULE_AUTHOR: Florian Roth ↗ Crime_WannaCry | Ransom:Win32/WannaCrypt.H | FILEHASH - SHA256 86f7e04aed8403e6b9f0d4ae880a55f7574c1b177cf6c24234ffa992eadb2c52 ↗ Yara Detections: WannaCry_Ransomware , Win32_Ransomware_WannaCry , Wanna_Cry_Ransomware_Generic , ↗ Yara Detections: MS17_010_WanaCry_worm , NHS_Strain_Wanna , stack_string , MS_Visual_Cpp_6_0 ↗ Alerts: nids_exploit_alert nids_malware_alert network_icmp nolookup_communication persistence_autorun network_cnc_http ↗ IDS Detections: W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 ↗ IDS Detections: Domain Sinkholed by Kryptos Logic (HTML Response) ↗ IDS Detections: Possible ETERNALBLUE Probe MS17-010 (MSF style) ↗ IDS Detections: Possible ETERNALBLUE Probe MS17-010 (Generic Flags) ↗ IDS Detections: ETERNALBLUE Probe Vulnerable System Response MS17-010 ↗ IDS Detections: Observed DNS Query to Suspicious Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com) ↗ IDS Detections: Behavioral Unusual Port 445 traffic Potential Scan or Infection ↗ Antivirus Detections Sf:WNCryLdr-A\ [Trj] , Win.Ransomware.WannaCry-6313787-0 , Ransom:Win32/WannaCrypt.H