property | value |
tags | attack-vector-discovery,attacker-infrastructure,pkm-pocket-pipeline,shodan,threat-intel |
url | |
original_word_count | 627 |
Article Excerpt
In this blog, I will explain my hunting methodology with two practical examples. My process starts always looking for the first node in phase one, analyzing and escalation in phase two, and results in phase three.
Long Summary
This article explains a hunting methodology for malicious infrastructure using JARM and HTTP Response hash. The two examples used are QBot C2 and Brute Ratel C4. Despite the differences between the two, the same methodology can be used to hunt them.
The JARM (JSON Artifact Repository Model) is a data model that allows for the storage of artifacts in a structured way. It is used to store the data collected from the HTTP response hash. The HTTP response hash is a method of collecting data from the response of a web request. It is used to identify malicious infrastructure.
The article then goes into detail about how to use the JARM and HTTP response hash to hunt for malicious infrastructure. It explains how to use the JARM to store the data collected from the HTTP response hash. It also explains how to use the HTTP response hash to identify malicious infrastructure.
The article then provides two practical examples of how to use the JARM and HTTP response hash to hunt for malicious infrastructure. The first example is QBot C2, which is a type of malware that is used to steal data from computers. The second example is Brute Ratel C4, which is a type of malware that is used to launch distributed denial-of-service (DDoS) attacks.
The article concludes by summarizing the hunting methodology and providing a few tips for using the JARM and HTTP response hash to hunt for malicious infrastructure. It also provides a few resources for further reading.
Overall, this article provides a detailed explanation of how to use the JARM and HTTP response hash to hunt for malicious infrastructure. It provides two practical examples and a few tips for using the methodology. It is a useful resource for anyone looking to hunt for malicious infrastructure.
Short Summary
š Hunting Malicious Infrastructure using JARM and HTTP Response
šš½ In this blog, I will explain my hunting methodology with two practical examples. My process starts always looking for the first node in phase one, analyzing and escalation in phase two, and results in phase three. šš½ Explanation of hunting methodology for malicious infrastructure. šš½ Use of JARM for structured storage of artifacts. šš½ Collection of data from HTTP response hash to identify malicious infrastructure. šš½ Detailed guide on using JARM and HTTP response hash for hunting. šš½ Practical examples using QBot C2 and Brute Ratel C4 malware. šš½ Same methodology applicable to different types of malware. šš½ Summary of hunting methodology and tips for effective usage. šš½ Resource list for further reading. šš½ Valuable resource for those hunting for malicious infrastructure. šš½ Comprehensive article on JARM and HTTP response hash for identifying malicious infrastructure.
š source link: https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-using-jarm-and-http-response-bb4a039d4119
š summarized content: https://hut.threathunterz.com/battlefield-intel/articles-and-reports/hunting-malicious-infrastructure-using-jarm-and-http-response
#HuntingMethodology #JARM #HTTPResponseHash #MaliciousInfrastructure #PracticalExamples