216.40.34.41 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 216.40.34.41 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: Canada
• Noticed: 31 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Guatemala, Japan, Korea Republic of, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Taiwan, Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 80
• Tor Node: No
• Associated Malware Samples: 61

Tags

• 09azaz
• 199899
• 2005 aug
• 240pm
• 443 ma2592000
• 540am
• 5511940750757
• aaaa
• abraniuk
• absence
• abstract
• accept
• accepted
• accepts
• access
• account
• acommonfolder
• acommonfolderid
• acsaps group
• acs cron
• acshost
• acs property
• acs site
• actiondate
• actionreason
• actividades
• activits
• add all
• addaspect
• added
• add error
• adding entity
• adding person
• addp
• addp move
• addresses
• a div
• adjfprem ord
• admin
• admindate
• admission
• admissions
• adm workflow
• a domains
• advancement
• advising notes
• adwind
• afa admission
• afa bundle
• afabundling
• afaconfig
• afa main
• afa paper
• afas
• afas name
• afns
• agent tesla
• agreementtype
• agricultural
• ahscon
• ahsrespect
• aims
• akamaias
• akamaiasn1
• alberta
• alberta freedom
• alberta health
• al contenuto
• ales file
• alfresco
• alfresco afa
• alfresco client
• alfresco locale
• alfresco prop
• alfrescos
• alfresco search
• alfresco share
• a li
• allmul vbaget4
• alloc
• allow
• all scoreblue
• all submissions
• already
• alta
• amazon02
• am mdt
• am mst
• a my
• anaesthes
• anaesthesiology
• anchor
• and aspect
• and not
• android
• andromeda
• and type
• anmeldung zu
• a nxdomain
• apasresponseid
• apeaksoft ios
• api call
• apis
• apple
• apple ios
• apple private
• applicant
• application
• application for
• application id
• applicationjson
• applications
• applies
• appl nbr
• applyfilter
• appointment
• approveddate
• approvereject
• approvers
• apptreappt
• april
• aps api
• aps appointment
• aps group
• aps guideline
• aps list
• apsmaster
• aps process
• apsprocess
• apsprod
• aps ro
• apsservice
• apsserviceprod
• aps status
• aps student
• aps task
• apstaskproperty
• aps user
• archival
• args
• arkeistealer
• arra y
• array
• array length
• arraytocsv
• arraytoxml
• arrcounter
• as15169
• as15169 google
• as16509
• as20940
• as29791
• as3215 orange
• as3359
• as4230 claro
• as44273 host
• as54113
• as55293 a2
• as62597
• as8075
• as8426 claranet
• as852
• ascii text
• asnone
• asnone denmark
• aspect
• asprox
• assembly common
• assembly name
• assignee
• assignment
• assigntogroup
• assignuser
• assistant
• associate dean
• assocname
• asyncrat
• atentamente
• atlas
• attempts
• attivit
• aucun
• aucune
• aufgaben stehen
• aufgabe zu
• august
• authentication
• author
• auto-generated security
• automation
• auxiliary
• available
• avg win32
• avm folder
• avm store
• avm stores
• award sponsor
• aws promotion
• az09
• azureadmyorg
• babuk
• bachelor
• backdoor
• backscanreview
• backup
• backupname
• bad query
• banload
• barcode
• bassa media
• basse moyenne
• batch
• batchid
• batch ids
• batchprocess
• batchsize
• bearbeiter
• bearer
• bear tracks
• beschreibung
• beschrijving
• beskrivelse
• bibliography
• bid exception
• bid update
• bind
• bitcoin
• blackfoot
• blog query
• board review
• body
• body html
• body length
• bonjour
• bonusbitcoin
• boolean
• borland delphi
• bq jul
• brazzers
• broker
• bundlingprop
• cached data
• calendar year
• call
• callback phishing
• cambia password
• campusid
• canada unknown
• cap application
• cap document
• cap ea
• cap epsb
• cap final
• cap generate
• capid
• cap mail
• cap report
• caps aps
• care
• career
• caro
• carry
• cartella
• case files
• category
• ccid
• ccids
• cdkey
• ceeb
• cell
• cerber
• certificate
• change
• change log
• change password
• changer
• change xml
• channelsurfcli
• cheat
• check
• checkapiuser
• checkdict
• checker
• checkin
• checkmarx
• checkpath
• checks
• checks amount
• childlist
• childname2
• childname3
• childname4
• children
• choose
• chs admin
• chs agreement
• chs docs
• chsdocs
• chsdocument
• chs form
• chs placement
• chs school
• chssiteid
• chs student
• chs upload
• class
• clicca
• clicca su
• click
• clio
• clioacs update
• cliquez
• cliquez sur
• cloud na
• clr version
• cname
• code
• collaborator
• college
• college level
• colour bar
• column
• command
• commentkeyarr
• comments
• common folder
• commonfolder
• common law
• comp
• company home
• competitive
• competitive bid
• complete basic
• completed
• completion
• completion of
• compromise iocs
• computer security
• conclin
• condissi
• conditionval
• config
• config file
• configfilename
• conflict
• confuser
• confuserex
• connections ip
• connector
• conphoto
• consent for
• consigno
• consumer
• consumer march
• contact
• contained
• content
• contenteml
• content id
• contentid
• content type
• content url
• contenturl
• context
• contrasea
• converter
• converttocsv
• convocation
• cookie
• copy
• copy file
• copyright
• cordialement
• cordiali saluti
• core
• corrupt
• cosupccid
• co supervisor
• count
• counter
• country
• courseauditform
• coveo
• coverage
• cprbls
• creado
• creador
• create
• createchildren
• create content
• created date
• createdirectory
• create file
• create header
• creation date
• creato
• creator
• cree
• criado
• criador
• critical
• cryptbot
• csvcontent
• csv data
• csv file
• csvtoarray
• cuba
• currentline
• currentuser
• currjson
• customer
• cve202240684
• cvs report
• cyber attacks
• cyber defense
• cyber news
• cyber security news
• cyber security news today
• cyber security updates
• cyber updates
• cycbot
• daily
• daily qa
• dailyschedule
• danabot
• data
• data breach
• data collection
• data dictionary
• data length
• data need
• data rtversion
• date
• date name
• dateofbirthstr
• datestr
• datetime
• deanaheed
• debug
• debugstr
• december
• declaration
• default
• defunc
• delegate group
• delegategroup
• delete
• delete email
• delimiters
• delphi generic
• dene
• dental benefits
• dentistry fomd
• department
• department doc
• department name
• deptjson
• dept param
• descommonnode
• desconfnode
• descrio
• descripcin
• description
• descriptorpath
• designer
• desktop
• desrochers
• details
• development
• dev testing
• didx
• dimensioni
• direct
• directorhrsbs
• directory
• disclosure of
• discord
• discord nitro
• display
• disponibile
• div div
• div section
• doc00c200004txg
• doccd
• doc name
• docnamearr
• docs
• doctoratephd
• doctype
• doctypelabel
• doctypemap
• doctypes
• document
• documentation
• documentcount
• document link
• documentlink
• document linkn
• documentlist
• documentlistarr
• document moved
• document name
• documentname
• document type
• documenttype
• does
• domain
• domains
• done
• dos borland
• dossier du
• double click
• download
• downloads
• download url
• downloadurl
• drawdown
• dropbox
• dropped c
• dropped file
• du contenu
• due date
• duedate
• due daten
• duplicate file
• dynamics
• e1234
• ebeaton script
• edelepexe
• edmonton ab
• edmonton area
• edmonton public
• edrms
• edrmsteam
• effective date
• einladung von
• elk island
• elmid
• email
• email address
• emailobj
• emails
• email security
• emails meta
• emailsubject
• emailtemplate
• embargo
• embargodate
• emotet
• emplid
• emplobject
• employee
• employee ccid
• employeeccid
• employeeclass
• employee id
• employeeid
• empty argument
• encrypt
• endpoint na
• endpoint secure
• enggfilescanner
• enter
• enterprise
• entity
• entries
• entropy chi2
• entry
• entry point
• environmental
• epehsoft
• ephdocumenttype
• ephesoft
• epsb
• e rev
• error
• error occured
• ersteller
• erstellt
• eset research
• et tor
• et trojan
• eval
• event
• everything
• e weowe64e
• executable
• execute
• exe size
• expand
• expected effort
• expects
• expiration date
• expired
• expires
• expiry date
• explorer
• extension
• external-resources
• facebook
• facetkey
• faculty
• facultykey
• failedcsvfolder
• false
• fare
• fast
• february
• fellow
• fgsr
• fgsr doc
• fgsr forms
• fgsrpr
• fgsr student
• fgsr supervisor
• field
• file
• filecontentstr
• filehash
• file hashes
• filemappingpdf
• file name
• filename
• filenode
• filepath
• files
• files c
• files deleted
• file share
• file system
• file test
• file transfer
• file type
• filetype
• fill
• filter
• final
• finalcapiddict
• finaldate
• final url
• find
• findkey
• find people
• finished
• first
• first check
• first name
• firstname
• first nations
• fiscal
• foip
• folder
• foldercondition
• foldercreate
• folder level
• foldername
• followers
• following
• fomd
• food
• foreign visitor
• form
• form applicant
• format
• formatjson
• formbook
• formbook cnc
• forms
• formsengg
• formspcm
• formsrso
• form submitted
• for privacy
• fortigate
• fortinet
• fortios
• fortiproxy
• fortiproxy web
• found
• found document
• france
• france unknown
• freedom
• friday
• fromscanner
• front
• fullpath
• func
• function
• fund report
• fvca
• fvca assessment
• fvca status
• gamaredon
• game
• geen
• gehen sie
• gemaakt
• gendert
• generator
• generic
• geoip
• getallurlparams
• getapsdbid
• getapsperson
• getcsvfile
• getcustomscript
• getdc copyimage
• getdefination
• getemailbody
• getexecutetime
• getfilesize
• getgroupid
• get http
• getlogfile
• get path
• getrandomnumber
• get site
• gewijzigd
• ghost
• github
• gitworm
• global env
• globals
• gmt cache
• gmt etag
• gmt path
• google
• google addon
• google form
• gpt analyzer
• grabnodeprop
• graddate
• graduate
• graduate file
• graduate folder
• graduation
• graph
• gren alfresco
• grootte
• group
• groupapiaccess
• groupcapadmin
• group created
• group december
• groupeveryone
• grouplist
• groupn
• group request
• groupsite
• grps2
• gta gra
• gtagra
• guloader
• hacker
• hacker news
• hacking news
• haga
• hallo
• harassment
• hasaccess
• haut
• header intel
• headers
• health
• health sciences
• hello
• here
• hidden
• high
• hiring
• hiring info
• historical ssl
• hkcrclsid
• hkcuclsid
• hoch
• hola
• holiday pay
• home
• home help
• hoog
• hoogachtend
• host
• hostname
• how to hack
• hrsbs
• hrsbs config
• hrsbssyncccids
• hrs document
• hrsfilescanner
• hspnet
• html info
• http
• httphttps
• http method
• http response
• human resource
• hybrid
• hyperlink
• ico rtgroupicon
• iddocumenttype
• idnumber
• id otherwise
• id property
• id var
• if csv
• if file
• if node
• iframes
• ihnen
• ihnen nahe
• il mio
• il seguente
• immformdocs
• import
• important
• im system
• inbound rule
• inbox
• inbox folder
• incomplete
• index
• indicate
• indonesia
• infinity
• info
• info header
• information
• information security
• ingen
• inhaltselement
• initiated all
• initiators
• initiators all
• initsavestatus
• innhold mappe
• input
• input date
• input folder
• inquiry
• inst
• instagram
• institution
• institution not
• intake
• intel
• invalid student
• invalid url
• invito
• ip address
• ip detections
• ipv4
• iroquois
• iso88591
• iso format
• ist coi
• ist site
• item
• items
• jan04 now
• january
• jason
• java
• jfrog
• jile
• job error
• jobj
• john
• json
• jsonarchive
• json config
• json containing
• jsoncontent
• json descriptor
• json document
• json file
• jsonfile
• jsonfunction
• jsonobj
• jsonobj3
• json object
• jsonoutput
• json post
• json response
• jsonstr
• jsonuser
• jstr
• july
• june
• kaspersky
• kawasaki
• kb body
• kb content
• kb file
• kb graph
• kb link
• kb links
• keepalive
• keine
• keiner
• keylabel
• keyword search
• klicken
• klicken sie
• klik
• klik op
• knowledge
• known tor
• koafx
• kofax
• kofax index
• ko liens
• konto
• konto fr
• kuluoz
• laag gemiddeld
• label
• language
• larger
• la siguiente
• last
• lastmonth
• lastname
• la tche
• ldap
• ldapperson
• ldap query
• leave
• length
• lenker for
• less see
• letter
• leve
• level
• level3
• library
• life
• limit
• link
• linkedin
• link klicken
• link library
• links content
• link um
• list
• list fgsr
• li ul
• live
• load
• loads
• local
• localisotime
• location canada
• lofygang
• lofylife
• log debug
• logfoldername
• logger
• logging
• logistics
• logs
• lokibot
• lookupentity
• lookupjson
• los datos
• lucene path
• lucene paths
• lucene query
• magnus
• main
• main department
• main function
• maker
• makes
• malware
• malwarebytes
• malware http
• managerccid
• manual data
• mapdoctypeurl
• mappedobj
• maps initiated
• march
• master
• match
• match2
• matches1
• match list
• match result
• materialcode
• materialextid
• materialkey
• maxcount
• maxfile
• maxitems
• maxlimit
• mbameng
• mbamsc
• mb first
• md import
• mdphd
• media
• media alta
• medicine
• medium
• medium high
• meister
• memcommit
• memo
• memreserve
• meng
• menu
• merge
• message
• meta
• metaarr
• metadata
• metadata header
• metadatamap
• method
• mexico
• microsoft azure
• microsoft crm
• microsoft power
• microsoft teams
• middle
• middle name
• middlename
• mijn profiel
• mike
• mini
• min to
• mi perfil
• mitarbeiter
• mitarbeitern
• mitre att
• mmm yyyy
• modelnodepath
• modifi
• modificado
• modificador
• modificateur
• modificato
• modifikator
• modifisert
• module load
• monday
• mon profil
• monthcount
• monthly report
• morechildren
• move
• move aspect
• moved
• move file
• moving
• msgstr
• ms visual
• ms windows
• mtd1
• mtis
• multi
• music
• mustang panda
• mv asmar
• my profile
• nakota sioux
• name
• namearr
• name dob
• name md5
• names
• name servers
• namespace
• na note
• na stealthwatch
• navigatebrowse
• ndern
• need
• needle
• nenhum
• nenhuma
• nessuna
• nessuno
• netwire
• network
• network security
• neutral
• newdata
• new doc
• newdocname
• newdoctype
• new document
• newgroup
• newname
• newpath
• next
• niedrig mittel
• ninguna
• ninguno
• njrat
• njson
• no data
• node
• node1
• node2
• node id
• nodeid
• nodeidx
• nodename
• nodes
• nomatch
• nombre
• nome
• nome utente
• nordvpnsetup
• normal
• not aspect
• note
• not found
• no title
• not path
• not type
• nous
• null
• number
• numbers
• nxdomain
• object
• objectives
• occurrences ip
• october
• offer letter
• office
• officiality
• offset
• okrnserver
• onload
• open
• opprettet
• oral hlth
• or condition
• order inquiry
• orgid
• orion
• orion logo
• orion wi
• override
• overview
• page
• page search
• pagesite
• pageuser
• pang
• paperfileconfig
• paperfileutils
• para hacerlo
• param
• parameters
• paramname
• params
• parent
• parentgrp
• parent name
• paris
• parse
• part time
• passcount
• passive dns
• password
• passwort
• passwort bei
• patch
• path
• pattern match
• pay action
• payroll
• pcm competitive
• pdfa format
• pdf var
• pe32
• pe32 executable
• pe32 protector
• peoplesoft
• pe resource
• permission
• per rifiutare
• person
• person id
• personid
• phone no
• picvsc
• pinames today
• placement
• placementdocs
• plan
• please
• please check
• please click
• please contact
• please enter
• please wait
• pledged gift
• plugx
• pm mdt
• pm mst
• populated
• porn related
• possibile
• post doc
• postdoctoral
• post request
• pour ce
• prefix
• premium
• preqa
• prerequisites
• prevmonth
• prioridad
• priorit
• prioriteit
• prioritt
• priority
• privacy act
• problem
• process
• process32nextw
• process api
• process id
• processid
• process info
• processjson
• process landing
• processsetidset
• process status
• procid
• prod
• prod url
• profile
• program
• programs
• programyear
• progress report
• project id
• prop
• property
• property name
• propidx
• propname
• proposal id
• protection
• proton
• province
• psaudit
• psperson
• public schools
• public site
• public url
• pull hiring
• pulse pulses
• pulse submit
• purpose
• python
• qabatchgrp
• qacounter
• qadocument
• qa folder
• qanotselected
• qaoperator
• qaoperatorindex
• qaoperatorlabel
• qapercentage
• qa selected
• qaselected
• qaselectednode
• qastartdate
• qa var
• qbot
• queries
• query
• query language
• query sort
• quoted
• raheel
• raheel bhojani
• raheel var
• rand
• random2digit
• ransom
• ransomware
• ransomware malware
• rats
• readme file
• reappointment
• reason
• reb approval
• rebcapiddict
• received date
• receiveddatestr
• recente
• record
• records site
• record value
• recreation fomd
• recruitment
• referrer
• refloadapihash
• refresh
• refresh list
• refund
• regards
• regbinary
• regdword
• regexp
• registry keys
• regsetvalueexa
• regsetvalueexw
• regtempdescr
• related
• relocation
• remcos
• replacement
• report
• report fgsr
• reportlogs
• reportlogslogs
• report of
• report on
• report process
• reports
• report sorry
• reporttype
• request
• requesteddate
• request status
• requireddate
• res0012345
• resources
• responsejson
• rest
• result
• resultdata
• result length
• resultstr
• retain title
• retrieves
• return
• returndata
• returns
• returns json
• retype
• reutrn false
• revdate
• reverse dns
• review
• reviewer
• reviewgroup
• review process
• review request
• review sorry
• rmcfg
• rm file
• rm filing
• rm system
• rnrn
• rnrncopyright
• ro adm
• ro backscan
• ro code
• ro document
• ro scripts
• rosm
• ro workflow
• rrfgroupname
• rso project
• rticon english
• rticon neutral
• rticon russian
• rule folder
• runasuser
• running report
• running script
• runyear
• rutktaib3
• rva entry
• safefilename
• safety manual
• salariedreg aux
• salicode
• saludos
• sample email
• samplename
• samplepath
• sample rm
• sandbox evasion
• save
• saved
• save form
• savemetadata
• saving
• scan doc
• scan endpoints
• scanned
• schedule
• school
• school district
• schools
• science addp
• scifilescanner
• script
• script started
• script urls
• search
• searchcriteria
• search length
• search match
• searchmatchdob
• searchmatchmove
• searchresult
• search term
• searchterm
• secure malware
• secureorigin
• securitytype
• seen
• select
• sendemail
• september
• server
• servers
• service
• service log
• services
• set message
• settings c
• setup error
• seznam
• sfsussl
• sha1
• sha256
• shared
• shared c
• shared drive
• sharedinkarsa c
• sharedinkbgbg c
• sharedink c
• sharedinkcscz c
• sharedinkdadk c
• sharepoint
• shareurl
• shortdescr
• shortxml
• show
• showing
• si desea
• sie auf
• sie eingeladen
• sie erstellt
• sie knnen
• sign
• signeddate
• signer
• signer1
• signer2
• sim unlock
• sincerely
• single family
• site
• siteconfig
• siteconfigjson
• siteconsumer
• sitecontext
• sitefile
• siteid
• sitemanager
• sitename
• sitepath
• site running
• sites
• sitetitle
• site viewer
• smfstr
• smokeloader
• Smokeloader
• snatch
• sneaky server
• software vulnerability
• solutions
• sonatype
• sorry
• sortparameter
• span
• spark
• spasite
• spring
• sptox
• spybanker
• spytox og
• standard
• start
• start april
• start building
• start date
• startdate
• startdatetime
• start december
• started
• start february
• start fgsr
• start form
• startindex
• starting
• starting name
• start january
• start june
• start kofax
• start march
• status
• status code
• statusevent
• statusname
• staus
• stdapl
• step0statusfail
• step workflow
• store
• store id
• storeid
• streams size
• string
• stringify
• strings
• stripcharacter
• strong name
• strrelse
• stuccid
• studdept
• student
• student case
• student ccid
• studentccid
• studentfiles
• student id
• studentid
• studentref
• student term
• student view
• stuid
• stuln
• subdoctype
• subject
• subject title
• submission date
• submissions
• submit button
• submit form
• subset
• success
• successfully
• successfully ea
• summary
• supccid
• supdept
• superccid
• supervisor
• supervisor ccid
• support
• suresh
• suresh joshee
• surnamechar
• susp
• syntaxerror
• system
• system overview
• t1027
• t1036
• t1055
• t1056
• t1080
• t1082
• t1113
• t1497
• t1547
• t1566
• ta569
• tags viewport
• taille
• tamanho
• tamao
• target
• targetfile
• task
• task assigned
• taskassignee
• taskenddate
• taskfilter
• taskid
• task info
• taskjson
• tasks
• tasks dashlet
• tasks filter
• tasktype
• team
• teams
• telecom
• tempfilename
• template
• term
• terry harris
• teslacrypt
• test
• test effective
• test java
• test person
• text
• text/html
• textjavascript
• textpart
• tfrith
• thank
• the hacker news
• therapy fomd
• therecord
• thesis
• thesis deposit
• thesis programs
• thesis status
• third
• third-party-cookies
• this
• this determine
• threat roundup
• thursday
• time
• time click
• time limit
• timeperiod
• tinba
• titel
• title
• title spytox
• titolo
• titre
• tittel
• tmobile metro
• today
• to max
• to now
• tony
• tools
• total
• total afa
• trackers
• tran
• transcriptarr
• transcripts
• treaties
• tre rcupre
• trevor report
• trident
• trigger
• trigger aps
• trimlr
• trojan
• trojandropper
• trojanspy
• true
• tsara brashears
• ttulo
• tuesday
• twitter
• twitter andor
• type
• typeerror
• typekey
• type name
• typeprop
• type win32
• uaesign
• uappol
• uappol content
• uappol function
• uappol metadata
• uarmm
• uaroduedate
• uaroemplid
• uaropriority
• uarotasktype
• uathdep
• ubuntu
• ukraine
• ukraine crisis
• u kunt
• unauthorized
• united
• university
• university home
• university vpn
• unknown
• unknown command
• unprocesseddata
• unsuccessful1
• uofacap
• uofa ecm
• uofa edrms
• update
• upload
• uploader
• upload file
• uri args
• urlorigin
• urls
• url webdav
• url zum
• user
• user group
• user name
• username
• users
• user sync
• utc google
• utf8
• util function
• utility enter
• v4inhxvlhx0
• val2
• valid
• value
• var csvfile
• var currentuser
• var document
• var folder
• var logfile
• varname
• var startdate
• var taskid
• var title
• verfgung
• verify
• version
• version history
• versionhistory
• very
• view
• viewer access
• view error
• view warning
• virtool
• visible
• void
• vous
• wachtwoord
• warning
• webdav
• webdav url
• web deployed
• web link
• web script
• webscript
• web scripts
• web service
• web services
• wednesday
• weinedoewse net
• wendy
• whmis
• wi fi
• win16 ne
• win32
• win32 dynamic
• win32 exe
• win64
• windir
• wir legen
• workflow
• workflow desc
• workflow id
• workflowid
• workflow link
• workflow name
• workingtitle
• worm
• write
• written c
• x00x00
• x amz
• xmlcont
• xml field
• xml file
• xmlfile
• xmlfilename
• xmlfileobj
• xmlnode
• xml related
• xmlsourcenode
• xmlstr
• xmltoarray
• xmlutil
• xslayer
• yesno
• youth
• youtube
• y seleccione
• yumna
• yyyymmdd
• zeus
• zhreformengresp
• zhrroleuserresp
• zur site

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1027 - Obfuscated Files or Information
• T1036 - Masquerading
• T1047 - Windows Management Instrumentation
• T1055 - Process Injection
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1071 - Application Layer Protocol
• T1080 - Taint Shared Content
• T1082 - System Information Discovery
• T1105 - Ingress Tool Transfer
• T1113 - Screen Capture
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1176 - Browser Extensions
• T1195 - Supply Chain Compromise
• T1497 - Virtualization/Sandbox Evasion
• T1518.001 - Security Software Discovery
• T1518 - Software Discovery
• T1547 - Boot or Logon Autostart Execution
• T1553.002 - Code Signing
• T1553 - Subvert Trust Controls
• T1566 - Phishing
• T1568.002 - Domain Generation Algorithms
• T1568 - Dynamic Resolution
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1595 - Active Scanning
• T1598 - Phishing for Information

Passive DNS

• davidurch.com

Attack Log References

Whois Information