Cyber Threat Hunting in Healthcare, File Infectors, Botnets

URL/Domain

stresser.pw

9z9t.com

daohang08.com

IP Address

141.98.11.96

91.234.99.177

185.244.25.200

185.244.25.202

Hash

d7a79484965a3425c2ab4750d1283e80f9903b023f65aed347f0329818189d2d

3bb1a8ef950e79184585eff7c44f15b6cbef66d90c128a69070e2ca0b2db50f6

b2fc6d4e65e42174c09fb2d3ff902e7e31408fe36617e3e53c543418f3a9fc21

975b9b27760f8b6db9874c6c74e7eee9122e7c8cd663f7212acc4a9edaf8222b

178a0b90512f4013a7c6577e4595a89e5d8d6f8c8a85f672424dffa6c79d776f

94951a1f9830d7a97286b5cc5a9b01b12c143e5c6d7aa9226642ed6507ab9d12

a545d8993f069a237627c8fbcad60629404d61460efcdf084a8d276a90c57258

d953b7cd781a0a3c31b8770b3179bdd1612f4ac058f8f78f2934c914457def92

7fb44d3a60fedc6c9eb00bf51316d07aadf7e4062495ec917605b04c0b966db5

a614796e796b3691a6c4175082d4d42246ebb0d36ac7bab311b3964f54749e4e

38b61236407f4f28ee4d5b7798d1d6f5f3fc8cf937b9fc54c07d75464810ebc3

8c570534b77d41bcacf1d2ecc7aec75c4ece59a80f0241f450a72e7de89c35c1

6f91a07e48d01858ee308ef430c6dae3694d540687c2341e427b340dbfd31c32

9363f5e74acfccc83762e17076ce18e4079430dca2352a4d37a210303380e23c

975ab3b9b306cada378bed98b68368cbf389c718767b91fde67df154c1e6417c

61f640364ab398db7d32c87585481d3b34578324491c6070cc45d2ddd2faea1d

29b30fd8e8dfe1308df164298b6dee16960c7f5b8cd70098ef542a8506c91ece

e375646b471b137a9c65a444acc4d50153600e6d6cd0e995d7d569b05791bfce

3d6a6cfb19e1e1a9cf8c9cd56b7477ecfed2de3acacd7b90345b3eba6c324ac8

447a3b7a4b549fd237e31b4a833466690dfa75c12104e6d5bdac80d6c321336a

d6155a83e85dad5f8e66267c99bc6152dff5a5f53ec67ccd3b8cf1f1a0193b73

97f71348c5ebc187091ec61860110473ab4f2ca78dcae9890e5fbec5c45ad4be

Detection Query 1

userdomainname like "stresser.pw" or url like "stresser.pw" or userdomainname like "9z9t.com" or url like "9z9t.com" or userdomainname like "daohang08.com" or url like "daohang08.com"

Detection Query 2

dstipaddress IN ("185.244.25.202","185.244.25.200","141.98.11.96","91.234.99.177") or ipaddress IN ("185.244.25.202","185.244.25.200","141.98.11.96","91.234.99.177") or publicipaddress IN ("185.244.25.202","185.244.25.200","141.98.11.96","91.234.99.177") or srcipaddress IN ("185.244.25.202","185.244.25.200","141.98.11.96","91.234.99.177")

Detection Query 3

sha256hash IN ("d7a79484965a3425c2ab4750d1283e80f9903b023f65aed347f0329818189d2d","d6155a83e85dad5f8e66267c99bc6152dff5a5f53ec67ccd3b8cf1f1a0193b73","9363f5e74acfccc83762e17076ce18e4079430dca2352a4d37a210303380e23c","97f71348c5ebc187091ec61860110473ab4f2ca78dcae9890e5fbec5c45ad4be","a614796e796b3691a6c4175082d4d42246ebb0d36ac7bab311b3964f54749e4e","975b9b27760f8b6db9874c6c74e7eee9122e7c8cd663f7212acc4a9edaf8222b","94951a1f9830d7a97286b5cc5a9b01b12c143e5c6d7aa9226642ed6507ab9d12","38b61236407f4f28ee4d5b7798d1d6f5f3fc8cf937b9fc54c07d75464810ebc3","d953b7cd781a0a3c31b8770b3179bdd1612f4ac058f8f78f2934c914457def92","975ab3b9b306cada378bed98b68368cbf389c718767b91fde67df154c1e6417c","178a0b90512f4013a7c6577e4595a89e5d8d6f8c8a85f672424dffa6c79d776f","b2fc6d4e65e42174c09fb2d3ff902e7e31408fe36617e3e53c543418f3a9fc21","3bb1a8ef950e79184585eff7c44f15b6cbef66d90c128a69070e2ca0b2db50f6","29b30fd8e8dfe1308df164298b6dee16960c7f5b8cd70098ef542a8506c91ece","61f640364ab398db7d32c87585481d3b34578324491c6070cc45d2ddd2faea1d","447a3b7a4b549fd237e31b4a833466690dfa75c12104e6d5bdac80d6c321336a","7fb44d3a60fedc6c9eb00bf51316d07aadf7e4062495ec917605b04c0b966db5","a545d8993f069a237627c8fbcad60629404d61460efcdf084a8d276a90c57258","8c570534b77d41bcacf1d2ecc7aec75c4ece59a80f0241f450a72e7de89c35c1","6f91a07e48d01858ee308ef430c6dae3694d540687c2341e427b340dbfd31c32","e375646b471b137a9c65a444acc4d50153600e6d6cd0e995d7d569b05791bfce","3d6a6cfb19e1e1a9cf8c9cd56b7477ecfed2de3acacd7b90345b3eba6c324ac8")