|
|
|
Analysis Tech Art Repositories |
|
|||||||
Tue Aug 29 22:13:35 2023
“We have begun a difficult and uncertain journey, and none of us can see its end, but our cause remains a just one. That truth honours and sanctifies our fallen comrades who have made the ultimate sacrifice so that we might carry on the work that is ahead of us. We are gathered here today to honour their memory and their names.”
“May God stand between you and harm in all the empty places where you must walk.”
(all are still regularly updated as of roughly the above date; I apologize for any organizational issues and the raw nature of this data, there’s a lot to manage and a lot coming in while still trying to analyze manually to a certain degree while monitoring services; I also have a disorganized mess of a mind)
https://bcable.net/analysis-ukr-prelim.html
https://bcable.net/analysis-ukr-graphs.html
https://bcable.net/analysis-ukr-indicators.html
https://bcable.net/analysis-ukr-ru_map_sessions.html
https://bcable.net/analysis-ukr-cn_map_sessions.html
https://bcable.net/analysis-ukr-miori_fail.html
https://bcable.net/analysis-ukr-botnet_perl.html
https://bcable.net/analysis-ukr-ddos_gh0st.html
https://bcable.net/analysis-ukr-indicators_2023.html
https://bcable.net/analysis-ukr-crew_001.html
https://bcable.net/analysis-ukr-inventory_attack.html
https://bcable.net/analysis-ukr-crew_002.html
Original cowrie attack came from this IP.
NetRange: 207.246.64.0 - 207.246.127.255
CIDR: 207.246.64.0/18
NetName: CONSTANT
NetHandle: NET-207-246-64-0-1
Parent: NET207 (NET-207-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS20473
Organization: The Constant Company, LLC (CHOOP-1)
RegDate: 2017-10-13
Updated: 2022-09-20
Comment: Geofeed https://geofeed.constant.com/
Ref: https://rdap.arin.net/registry/ip/207.246.64.0
OrgName: The Constant Company, LLC
OrgId: CHOOP-1
Address: 319 Clematis St. Suite 900
City: West Palm Beach
StateProv: FL
PostalCode: 33401
Country: US
RegDate: 2006-10-03
Updated: 2022-12-21
Comment: http://www.constant.com/
Ref: https://rdap.arin.net/registry/entity/CHOOP-1
Malware drop included:
davinci.root.sx. 3600 IN A 147.182.165.99
NetRange: 147.182.128.0 - 147.182.255.255
CIDR: 147.182.128.0/17
NetName: DIGITALOCEAN-147-182-128-0
NetHandle: NET-147-182-128-0-1
Parent: NET147 (NET-147-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2020-01-17
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref: https://rdap.arin.net/registry/ip/147.182.128.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2022-05-19
Ref: https://rdap.arin.net/registry/entity/DO-13
$ curl -i http://207.246.71.152
HTTP/1.1 302 Found
Date: Mon, 10 Apr 2023 23:46:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Location: http://207.246.71.152/public/admin
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjZLajQ2QUZ5bHFHbHlickU3ZmcyWXc9PSIsInZhbHVlIjoiTTNVblJRMTJsVVVEeXIzZ3o5SFBjMmFMNkxhMWtGVVNUQ3JrUklJQnJnTU5Sb3NrVG9HNkI4VmRkK2ZvZjh0Tk9tdGlpXC9xQ2w1QW5DOWhlNlU5VUFnPT0iLCJtYWMiOiI5YmFlNTJmNjBiZDdmOTM4ZWUwNzNhZmYwZjJhNzVjNDhmNTY3ZmM0YTExYWY5Mzg1OTg1N2JkMjg1ZjFhOGM0In0%3D; expires=Tue, 11-Apr-2023 01:46:25 GMT; Max-Age=7200; path=/
Set-Cookie: lippo-gudang-session=eyJpdiI6Ik1nMlhxU3FpMGQ5a1lyOWxcLyt3NUV3PT0iLCJ2YWx1ZSI6ImZ5WTZOUjFPYmxSek5MTEMzdmxOTXM3WW16UXV6OU1hdnM1bHlacTYwWTdpbUFRTTRQdEJ4bVIrOW5VdmVDRkFGQ3JzY0N6cGVcL3BSY0E1Q0k4dnhLQT09IiwibWFjIjoiNDM2ODRmZmFlOGY1NGExMGVjNTk1OWNjZGZiNTJiMGY4YTc5N2M1Mzc4YTE2MmQwZjVlMWFkYjQwMDMzNDFiYyJ9; expires=Tue, 11-Apr-2023 01:46:25 GMT; Max-Age=7200; path=/; httponly
Content-Length: 382
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta http-equiv="refresh" content="0;url='http://207.246.71.152/public/admin'" />
<title>Redirecting to http://207.246.71.152/public/admin</title>
$ curl -i http://207.246.71.152/public/admin/login
HTTP/1.1 200 OK
Date: Mon, 10 Apr 2023 23:49:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkM1c1k4UzYzcklrYkU3ZXpoMU92XC9BPT0iLCJ2YWx1ZSI6IkQ0ZFgyOVVnNWpYS0RNSk13Z3dlaFIwdFNVMGZQclltY0JXVFFpeGFFaFJSXC9TUFVueDkwcndualdCb0FBOVoyS3pYSzJHN1hBRm53em5FdzI3eUVXQT09IiwibWFjIjoiYmNhODZkYmNmODJmN2I1MmE2N2U5NWIxZDNjZGYzODcyMmNlYzE4OTlkZjJhZjA5OGVlOTc3NzQyNTM1MmRlMyJ9; expires=Tue, 11-Apr-2023 01:49:57 GMT; Max-Age=7200; path=/
Set-Cookie: lippo-gudang-session=eyJpdiI6IjdnMVd4aStXVW1wNVdTcDlQb3orSlE9PSIsInZhbHVlIjoiWEcyZUpVZGNsS1dMdmR0Z3NSUWpNOEE0WnJlQkZkdnJ0dERlaDN6dStWWVZFV1VpcXJoN2FsMFFLVm9GNERLclF1b1Vrb3dQUjNSY3p4VU5HMWpPdmc9PSIsIm1hYyI6ImY0YzYzMWRlNzg2YTAwNjU4YTE5MmFiNWI4YzVkOGMzNGQxNWEzZGY0NzBmMTI1YmNiOTIzY2NlZjU1Yjg1YmQifQ%3D%3D; expires=Tue, 11-Apr-2023 01:49:57 GMT; Max-Age=7200; path=/; httponly
Vary: Accept-Encoding
Content-Length: 4986
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Login Panel : </title>
<meta name='generator' content='CRUDBooster'/>
<meta name='robots' content='noindex,nofollow'/>
<link rel="shortcut icon"
href="http://207.246.71.152/public/vendor/crudbooster/assets/logo_crudbooster.png">
<meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'>
<!-- Bootstrap 3.3.2 -->
<link href="http://207.246.71.152/public/vendor/crudbooster/assets/adminlte/bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<!-- Font Awesome Icons -->
<link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css"/>
<!-- Theme style -->
<link href="http://207.246.71.152/public/vendor/crudbooster/assets/adminlte/dist/css/AdminLTE.min.css" rel="stylesheet" type="text/css"/>
“BRPH IT Asset Management” is embedded in there.