Taylor ParizoMar 4

Censys queries to track CharmingKitten / MuddyWater

host.services.endpoints.http.body_hash_sha256="de3b9b38fc63a27bc8899a1cdba4130347b3a76d8a694245aa7f018cce693d11"



host.services.endpoints.http.html_title="McCluskey"



host.services:((software.cpe="cpe:2.3:a:microsoft:internet_information_services:10.0:*:*:*:*:*:*:*" or hardware.cpe="cpe:2.3:a:microsoft:internet_information_services:10.0:*:*:*:*:*:*:*" or operating_systems.cpe="cpe:2.3:a:microsoft:internet_information_services:10.0:*:*:*:*:*:*:*") and endpoints.http.html_title="URL Shortener")

#ThreatIntel #CTI

Show threadTaylor ParizoMar 5

The second html_title query has been updated to:

host.services.endpoints.http.html_title={"McCluskey", "MotoGP Fans Deutschland"}

Show threadTaylor Parizo

One more for good measure because why not:

host.services.cert.parsed.issuer_dn="cgWUqATNuKVKop+/nRG88+u7AEo2ulPc/6DzDNJyq3Q"

#ThreatIntel #CTI #MuddyWater

Mar 6 at 4:06amWeb