Skip to main content

HYAS Insight

This Integration is part of the HYAS Insight Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

HYAS Insight#

HYAS Insight is a threat investigation and attribution solution that uses exclusive data sources and non-traditional mechanisms to improve visibility and productivity for analysts, researchers, and investigators while increasing the accuracy of findings. HYAS Insight connects attack instances and campaigns to billions of indicators of compromise to deliver insights and visibility. With an easy-to-use user interface, transforms, and API access, HYAS Insight combines rich threat data into a powerful research and attribution solution. HYAS Insight is complemented by the HYAS Intelligence team that helps organizations to better understand the nature of the threats they face on a daily basis.

Use the HYAS Insight integration to interactively lookup PassiveDNS, DynamicDNS, WHOIS, Malware and C2 Attribution Information.

How to get a HYAS API Key#

In order to obtain a HYAS Insight API key to use with Cortex XSOAR, please contact your HYAS Insight Admin. If you are unsure who your Admin is, you can also contact HYAS Support via email at support@hyas.com, by visiting the HYAS website https://www.hyas.com/contact, or by using the HYAS Insight web UI by clicking the ‘help’ icon at the top right of the screen, to request a key.

Partner Contributed Integration#

Integration Author: HYAS#

Support and maintenance for this integration are provided by the author. Please use the following contact details: Email: support@hyas.com URL: https://www.hyas.com/contact

Configure HYAS Insight on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for HYAS Insight.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    HYAS Insight Api KeyTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

hyas-get-passive-dns-records-by-indicator#


Returns PassiveDNS records for the provided indicator value.

Base Command#

hyas-get-passive-dns-records-by-indicator

Input#

Argument NameDescriptionRequired
indicator_typeIndicator Type. Possible values are: ipv4, domain.Required
indicator_valueIndicator value to query.Required
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
HYAS.PassiveDNS.countNumberThe passive dns count
HYAS.PassiveDNS.domainStringThe domain of the passive dns information requested
HYAS.PassiveDNS.first_seenDateThe first time this domain was seen
HYAS.PassiveDNS.ip.geo.city_nameStringCity of the ip organization
HYAS.PassiveDNS.ip.geo.country_iso_codeStringCountry ISO code of the ip organization
HYAS.PassiveDNS.ip.geo.country_nameStringCountry name of the ip organization
HYAS.PassiveDNS.ip.geo.location_latitudeNumberThe latitude of the ip organization
HYAS.PassiveDNS.ip.geo.location_longitudeNumberThe longitude of the ip organization
HYAS.PassiveDNS.ip.geo.postal_codeStringThe longitude of the ip organization
HYAS.PassiveDNS.ip.ipStringIP of the organization
HYAS.PassiveDNS.ip.isp.autonomous_system_numberStringThe ASN of the ip
HYAS.PassiveDNS.ip.isp.autonomous_system_organizationStringThe ASO of the ip
HYAS.PassiveDNS.ip.isp.ip_addressStringThe IP
HYAS.PassiveDNS.ip.isp.ispStringThe Internet Service Provider
HYAS.PassiveDNS.ip.isp.organizationStringThe ISP organization
HYAS.PassiveDNS.ipv4StringThe ipv4 address of the passive dns record
HYAS.PassiveDNS.last_seenDateThe last time this domain was seen
HYAS.PassiveDNS.sourcesUnknownA list of pDNS providers which the data came from

Command Example#

!hyas-get-passive-dns-records-by-indicator indicator_type="domain" indicator_value="domain.org" limit="3"

Context Example#

{
"HYAS": {
"PassiveDNS": [
{
"count": "273983",
"domain": "domain.org",
"first_seen": "2015-06-08T19:16:18Z",
"ip": {
"geo": {
"city_name": "Boston",
"country_iso_code": "US",
"country_name": "United States",
"location_latitude": "42.3584",
"location_longitude": "-71.0598",
"postal_code": "02108"
},
"ip": "65.254.244.180",
"isp": {
"autonomous_system_number": "AS29873",
"autonomous_system_organization": "Newfold Digital, Inc.",
"ip_address": "65.254.244.180",
"isp": "Newfold Digital, Inc.",
"organization": "Newfold Digital, Inc."
}
},
"ipv4": "65.254.244.180",
"last_seen": "2021-11-08T22:39:59Z",
"sources": [
"farsight"
]
},
{
"count": "62645",
"domain": "domain.org",
"first_seen": "2010-07-13T17:29:58Z",
"ip": {
"geo": {
"city_name": "Tukwila",
"country_iso_code": "US",
"country_name": "United States",
"location_latitude": "47.4740",
"location_longitude": "-122.2610",
"postal_code": "98178"
},
"ip": "216.34.94.184",
"isp": {
"autonomous_system_number": "AS3561",
"autonomous_system_organization": "CenturyLink Communications, LLC",
"ip_address": "216.34.94.184",
"isp": "Dotster, Inc.",
"organization": "Dotster, Inc."
}
},
"ipv4": "216.34.94.184",
"last_seen": "2015-06-08T17:50:06Z",
"sources": [
"farsight"
]
},
{
"count": "1",
"domain": "biszhu.com.domain.org",
"first_seen": "2017-09-05T00:00:00Z",
"ip": {
"geo": {
"city_name": "Boston",
"country_iso_code": "US",
"country_name": "United States",
"location_latitude": "42.3584",
"location_longitude": "-71.0598",
"postal_code": "02108"
},
"ip": "65.254.244.180",
"isp": {
"autonomous_system_number": "AS29873",
"autonomous_system_organization": "Newfold Digital, Inc.",
"ip_address": "65.254.244.180",
"isp": "Newfold Digital, Inc.",
"organization": "Newfold Digital, Inc."
}
},
"ipv4": "65.254.244.180",
"last_seen": "2017-09-05T00:00:00Z",
"sources": [
"zetalytics"
]
}
]
}
}

Human Readable Output#

HYAS PassiveDNS records for domain : domain.org#

CountDomainFirst seenCity NameCountry CodeCountry NameLatitudeLongitudePostal CodeIPISP ASNISP ASN OrganizationISP IP AddressISPISP OrganizationIPV4Last SeenSources
273983domain.org2015-06-08T19:16:18ZBostonUSUnited States42.3584-71.05980210865.254.244.180AS29873Newfold Digital, Inc.65.254.244.180Newfold Digital, Inc.Newfold Digital, Inc.65.254.244.1802021-11-08T22:39:59Zfarsight
62645domain.org2010-07-13T17:29:58ZTukwilaUSUnited States47.4740-122.261098178216.34.94.184AS3561CenturyLink Communications, LLC216.34.94.184Dotster, Inc.Dotster, Inc.216.34.94.1842015-06-08T17:50:06Zfarsight
1biszhu.com.domain.org2017-09-05T00:00:00ZBostonUSUnited States42.3584-71.05980210865.254.244.180AS29873Newfold Digital, Inc.65.254.244.180Newfold Digital, Inc.Newfold Digital, Inc.65.254.244.1802017-09-05T00:00:00Zzetalytics

hyas-get-dynamic-dns-records-by-indicator#


Returns DynamicDNS records for the provided indicator value.

Base Command#

hyas-get-dynamic-dns-records-by-indicator

Input#

Argument NameDescriptionRequired
indicator_typeIndicator Type. Possible values are: ip, domain, email.Required
indicator_valueIndicator value to query.Required
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
HYAS.DynamicDNS.a_recordStringThe A record for the domain
HYAS.DynamicDNS.accountStringThe account holder name
HYAS.DynamicDNS.createdDateThe date which the domain was created
HYAS.DynamicDNS.created_ipStringThe ip address of the account holder
HYAS.DynamicDNS.domainStringThe domain associated with the dynamic dns information
HYAS.DynamicDNS.domain_creator_ipStringThe ip address of the domain creator
HYAS.DynamicDNS.emailStringThe email address connected to the domain

Command Example#

!hyas-get-dynamic-dns-records-by-indicator indicator_type="ip" indicator_value="4.4.4.4" limit="3"

Context Example#

{
"HYAS": {
"DynamicDNS": [
{
"a_record": "4.4.4.4",
"account": "free",
"created": "2019-03-30T14:39:49Z",
"created_ip": "78.191.27.210",
"domain": "seyir.duckdns.org",
"domain_creator_ip": "78.191.25.0",
"email": "halbayrak75@gmail.com"
},
{
"a_record": "4.4.4.4",
"account": "free",
"created": "2020-05-09T03:39:28Z",
"created_ip": "42.3.24.108",
"domain": "tempoary.duckdns.org",
"domain_creator_ip": "42.3.24.36",
"email": "benson877204@gmail.com"
},
{
"a_record": "4.4.4.4",
"account": "free",
"created": "2020-05-09T03:39:24Z",
"created_ip": "42.3.24.108",
"domain": "bensonwonghk.duckdns.org",
"domain_creator_ip": "42.3.24.108",
"email": "benson877204@gmail.com"
}
]
}
}

Human Readable Output#

HYAS DynamicDNS records for ip : 4.4.4.4#

A RecordAccountCreated DateAccount Holder IP AddressDomainDomain Creator IP AddressEmail Address
4.4.4.4free2019-03-30T14:39:49Z78.191.27.210seyir.duckdns.org78.191.25.0halbayrak75@gmail.com
4.4.4.4free2020-05-09T03:39:28Z42.3.24.108tempoary.duckdns.org42.3.24.36benson877204@gmail.com
4.4.4.4free2020-05-09T03:39:24Z42.3.24.108bensonwonghk.duckdns.org42.3.24.108benson877204@gmail.com

hyas-get-whois-records-by-indicator#


Returns WHOIS records for the provided indicator value.

Base Command#

hyas-get-whois-records-by-indicator

Input#

Argument NameDescriptionRequired
indicator_typeIndicator Type. Possible values are: domain, email, phone.Required
indicator_valueIndicator value to query.Required
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
HYAS.WHOIS.addressUnknownaddress
HYAS.WHOIS.cityUnknowncity
HYAS.WHOIS.countryUnknowncountry
HYAS.WHOIS.domainStringThe domain of the registrant
HYAS.WHOIS.domain_2tldStringThe second-level domain of the registrant
HYAS.WHOIS.domain_created_datetimeDateThe date and time when the whois record was created
HYAS.WHOIS.domain_expires_datetimeDateThe date and time when the whois record expires
HYAS.WHOIS.domain_updated_datetimeDateThe date and time when the whois record was last updated
HYAS.WHOIS.emailUnknownemail
HYAS.WHOIS.idn_nameStringThe international domain name
HYAS.WHOIS.nameserverUnknownnameserver
HYAS.WHOIS.phone.phoneStringThe phone number registrant contact in e164 format
HYAS.WHOIS.phone.phone_info.carrierStringPhone number carrier
HYAS.WHOIS.phone.phone_info.countryStringPhone number country
HYAS.WHOIS.phone.phone_info.geoStringPhone number geo. Can be city, province, region or country
HYAS.WHOIS.privacy_punchBooleanTrue if this record has additional information bypassing privacy protect
HYAS.WHOIS.registrarStringThe domain registrar

Command Example#

!hyas-get-whois-records-by-indicator indicator_type="domain" indicator_value="dulieuonline.net" limit="3"

Context Example#

{
"HYAS": {
"WHOIS": [
{
"address": [
"32 duong 885 kp 5 tt ba tri",
"vn"
],
"city": [
"hcm"
],
"country": [
"VN"
],
"domain": "dulieuonline.net",
"domain_2tld": "dulieuonline.net",
"domain_created_datetime": "2019-10-29T09:48:04Z",
"domain_expires_datetime": "2020-10-29T09:48:04Z",
"domain_updated_datetime": "None",
"email": [
"viendongonline@gmail.com",
"dns@cloudflare.com"
],
"idn_name": "None",
"nameserver": [],
"phone": [
{
"phone": "+84909095309",
"phone_info": {
"carrier": "MobiFone",
"country": "Vietnam",
"geo": "Vietnam"
}
}
],
"privacy_punch": true,
"registrar": "pdr ltd. d/b/a publicdomainregistry.com"
},
{
"address": [],
"city": [
"hcm"
],
"country": [
"VN"
],
"domain": "dulieuonline.net",
"domain_2tld": "None",
"domain_created_datetime": "2019-10-29T09:48:04Z",
"domain_expires_datetime": "2020-10-29T09:48:04Z",
"domain_updated_datetime": "2019-10-30T06:23:09.543083Z",
"email": [
"viendongonline@gmail.com",
"hostmaster@dulieuonline.net"
],
"idn_name": "None",
"nameserver": [],
"phone": [
{
"phone": "+84909095309",
"phone_info": {
"carrier": "MobiFone",
"country": "Vietnam",
"geo": "Vietnam"
}
}
],
"privacy_punch": true,
"registrar": "pdrltd.d/b/apublicdomainregistry.com"
},
{
"address": [],
"city": [
"hcm"
],
"country": [
"VN"
],
"domain": "dulieuonline.net",
"domain_2tld": "None",
"domain_created_datetime": "2019-10-29T09:48:04Z",
"domain_expires_datetime": "2020-10-29T09:48:04Z",
"domain_updated_datetime": "2019-10-31T09:04:17.873274Z",
"email": [
"viendongonline@gmail.com"
],
"idn_name": "None",
"nameserver": [
"viendong.mars.orderbox-dns.com",
"viendong.venus.orderbox-dns.com",
"viendong.mercury.orderbox-dns.com",
"viendong.earth.orderbox-dns.com"
],
"phone": [
{
"phone": "+84909095309",
"phone_info": {
"carrier": "MobiFone",
"country": "Vietnam",
"geo": "Vietnam"
}
}
],
"privacy_punch": false,
"registrar": "pdr ltd. d/b/a publicdomainregistry.com"
}
]
}
}

Human Readable Output#

HYAS WHOIS records for domain : dulieuonline.net#

AddressCityCountryDomainDomain_2tldDomain Created TimeDomain Expires TimeDomain Updated TimeEmail AddressIDN NameNameserverPhone InfoPrivacy_punchRegistrar
32 duong 885 kp 5 tt ba tri,
vn
hcmVNdulieuonline.netdulieuonline.net2019-10-29T09:48:04Z2020-10-29T09:48:04ZNoneviendongonline@gmail.com,
dns@cloudflare.com
None{'phone': '+84909095309', 'phone_info': {'carrier': 'MobiFone', 'country': 'Vietnam', 'geo': 'Vietnam'}}truepdr ltd. d/b/a publicdomainregistry.com
hcmVNdulieuonline.netNone2019-10-29T09:48:04Z2020-10-29T09:48:04Z2019-10-30T06:23:09.543083Zviendongonline@gmail.com,
hostmaster@dulieuonline.net
None{'phone': '+84909095309', 'phone_info': {'carrier': 'MobiFone', 'country': 'Vietnam', 'geo': 'Vietnam'}}truepdrltd.d/b/apublicdomainregistry.com
hcmVNdulieuonline.netNone2019-10-29T09:48:04Z2020-10-29T09:48:04Z2019-10-31T09:04:17.873274Zviendongonline@gmail.comNoneviendong.mars.orderbox-dns.com,
viendong.venus.orderbox-dns.com,
viendong.mercury.orderbox-dns.com,
viendong.earth.orderbox-dns.com
{'phone': '+84909095309', 'phone_info': {'carrier': 'MobiFone', 'country': 'Vietnam', 'geo': 'Vietnam'}}falsepdr ltd. d/b/a publicdomainregistry.com

hyas-get-whois-current-records-by-domain#


Returns WHOIS Current records for the provided indicator value.

Base Command#

hyas-get-whois-current-records-by-domain

Input#

Argument NameDescriptionRequired
domainDomain value to query.Required

Context Output#

PathTypeDescription
HYAS.WHOISCurrent.abuse_emailsUnknownabuse emails
HYAS.WHOISCurrent.addressUnknownaddress
HYAS.WHOISCurrent.cityUnknowncity
HYAS.WHOISCurrent.countryUnknowncountry
HYAS.WHOISCurrent.domainStringThe domain of the registrant
HYAS.WHOISCurrent.domain_2tldStringThe second-level domain of the registrant
HYAS.WHOISCurrent.domain_created_datetimeDateThe date and time when the whois record was created
HYAS.WHOISCurrent.domain_expires_datetimeDateThe date and time when the whois record expires
HYAS.WHOISCurrent.domain_updated_datetimeDateThe date and time when the whois record was last updated
HYAS.WHOISCurrent.emailUnknownemail
HYAS.WHOISCurrent.idn_nameStringThe international domain name
HYAS.WHOISCurrent.nameserverUnknownnameserver
HYAS.WHOISCurrent.organizationUnknownorganization
HYAS.WHOISCurrent.phoneUnknownThe phone number
HYAS.WHOISCurrent.registrarStringThe domain registrar
HYAS.WHOISCurrent.stateUnknownThe state

Command Example#

!hyas-get-whois-current-records-by-domain domain="www.hyas.com"

Context Example#

{
"HYAS": {
"WHOISCurrent": {
"abuse_emails": [
"abuse@godaddy.com"
],
"address": [],
"city": [],
"country": [
"Canada"
],
"domain": "hyas.com",
"domain_2tld": "hyas.com",
"domain_created_datetime": "2001-05-01T23:42:14",
"domain_expires_datetime": "2026-05-01T23:42:14",
"domain_updated_datetime": "2020-06-30T22:43:34",
"email": [],
"idn_name": "146",
"nameserver": [
"ns09.domaincontrol.com",
"ns10.domaincontrol.com"
],
"organization": [
"HYAS Infosec Inc."
],
"phone": [],
"registrar": "GoDaddy.com, LLC",
"state": [
"British Columbia"
]
}
}
}

Human Readable Output#

HYAS WHOISCurrent records for domain : www.hyas.com#

Abuse EmailsCountryDomainDomain_2tldDomain Created TimeDomain Expires TimeDomain Updated TimeIDN NameNameserverOrganizationRegistrarState
abuse@godaddy.comCanadahyas.comhyas.com2001-05-01T23:42:142026-05-01T23:42:142020-06-30T22:43:34146ns09.domaincontrol.com,
ns10.domaincontrol.com
HYAS Infosec Inc.GoDaddy.com, LLCBritish Columbia

hyas-get-malware-samples-records-by-indicator#


Returns Malware Sample records for the provided indicator value.

Base Command#

hyas-get-malware-samples-records-by-indicator

Input#

Argument NameDescriptionRequired
indicator_typeIndicator Type. Possible values are: domain, ipv4, md5.Required
indicator_valueIndicator value to query.Required
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
HYAS.MalwareSamples.datetimeDateThe date which the sample was processed
HYAS.MalwareSamples.domainStringThe domain of the sample
HYAS.MalwareSamples.ipv4StringThe ipv4 of the sample
HYAS.MalwareSamples.ipv6StringThe ipv6 of the sample
HYAS.MalwareSamples.md5StringThe md5 of the sample
HYAS.MalwareSamples.sha1StringThe sha1 of the sample
HYAS.MalwareSamples.sha256StringThe sha256 of the sample

Command Example#

!hyas-get-malware-samples-records-by-indicator indicator_type="domain" indicator_value="butterfly.bigmoney.biz" limit="3"

Context Example#

{
"HYAS": {
"MalwareSamples": [
{
"datetime": "2021-11-06",
"domain": "butterfly.bigmoney.biz",
"ipv4": "106.187.43.98",
"ipv6": "None",
"md5": "d3a107934774f288481a66d6a4c6b3f3",
"sha1": "None",
"sha256": "None"
},
{
"datetime": "2021-11-06",
"domain": "butterfly.bigmoney.biz",
"ipv4": "106.187.43.98",
"ipv6": "None",
"md5": "af73babf3276037b2d662fda0e3e40b3",
"sha1": "None",
"sha256": "None"
},
{
"datetime": "2021-11-02",
"domain": "butterfly.bigmoney.biz",
"ipv4": "106.187.43.98",
"ipv6": "None",
"md5": "70d72fcb14219b3c4649b9b7cc14afa0",
"sha1": "None",
"sha256": "None"
}
]
}
}

Human Readable Output#

HYAS MalwareSamples records for domain : butterfly.bigmoney.biz#

DatetimeDomainIPV4 AddressIPV6 AddressMD5 ValueSHA1 ValueSHA256 Value
2021-11-06butterfly.bigmoney.biz106.187.43.98Noned3a107934774f288481a66d6a4c6b3f3NoneNone
2021-11-06butterfly.bigmoney.biz106.187.43.98Noneaf73babf3276037b2d662fda0e3e40b3NoneNone
2021-11-02butterfly.bigmoney.biz106.187.43.98None70d72fcb14219b3c4649b9b7cc14afa0NoneNone

hyas-get-associated-ips-by-hash#


Returns associated IP's for the provided hash value.

Base Command#

hyas-get-associated-ips-by-hash

Input#

Argument NameDescriptionRequired
md5The md5 value to query.Required

Context Output#

PathTypeDescription
HYAS.HASH-IP.md5StringThe provided MD5 value
HYAS.HASH-IP.ipsUnknownAssociated IPS for the provided MD5 value

Command Example#

!hyas-get-associated-ips-by-hash md5="1d0a97c41afe5540edd0a8c1fb9a0f1c"

Context Example#

{
"HYAS": {
"HASH-IP": {
"ips": [
"106.187.43.98"
],
"md5": "1d0a97c41afe5540edd0a8c1fb9a0f1c"
}
}
}

Human Readable Output#

HYAS HASH-IP records for md5 : 1d0a97c41afe5540edd0a8c1fb9a0f1c#

Associated IPs
106.187.43.98

hyas-get-associated-domains-by-hash#


Returns associated Domain's for the provided hash value.

Base Command#

hyas-get-associated-domains-by-hash

Input#

Argument NameDescriptionRequired
md5The md5 value to query.Required

Context Output#

PathTypeDescription
HYAS.HASH-DOMAIN.domainsUnknownAssociated Domains for the provided MD5 value
HYAS.HASH-DOMAIN.md5StringThe provided MD5 value

Command Example#

!hyas-get-associated-domains-by-hash md5="1d0a97c41afe5540edd0a8c1fb9a0f1c"

Context Example#

{
"HYAS": {
"HASH-DOMAIN": {
"domains": [
"butterfly.sinip.es",
"qwertasdfg.sinip.es",
"butterfly.bigmoney.biz"
],
"md5": "1d0a97c41afe5540edd0a8c1fb9a0f1c"
}
}
}

Human Readable Output#

HYAS HASH-DOMAIN records for md5 : 1d0a97c41afe5540edd0a8c1fb9a0f1c#

Associated Domains
butterfly.sinip.es
qwertasdfg.sinip.es
butterfly.bigmoney.biz

hyas-get-c2attribution-records-by-indicator#


Return C2 Attribution records for the provided indicator value.

Base Command#

hyas-get-c2attribution-records-by-indicator

Input#

Argument NameDescriptionRequired
indicator_typeIndicator Type. Possible values are: ip, domain, sha256, email.Required
indicator_valueIndicator Value.Required
limitThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
HYAS.C2_Attribution.actor_ipv4StringThe actor ipv4
HYAS.C2_Attribution.c2_domainStringThe c2 domain
HYAS.C2_Attribution.c2_ipStringThe c2 ip
HYAS.C2_Attribution.c2_urlStringThe C2 panel url
HYAS.C2_Attribution.datetimeStringC2 Attribution datetime
HYAS.C2_Attribution.emailStringThe actor email
HYAS.C2_Attribution.email_domainStringThe email domain
HYAS.C2_Attribution.referrer_domainStringThe referrer domain
HYAS.C2_Attribution.referrer_ipv4StringThe referrer ipv4
HYAS.C2_Attribution.referrer_urlStringThe referrer url
HYAS.C2_Attribution.sha256StringThe sha256 malware hash

Command Example#

!hyas-get-c2attribution-records-by-indicator indicator_type=domain indicator_value=himionsa.com limit=3

Context Example#

{
"HYAS": {
"C2_Attribution": [
{
"actor_ipv4": "197.210.53.224",
"c2_domain": "himionsa.com",
"c2_ip": "89.208.229.55",
"c2_url": "http://himionsa.com/rich/panel/pvqdq929bsx_a_d_m1n_a.php?mazm=report",
"datetime": "2020-02-21T10:16:06Z",
"email": "None",
"email_domain": "None",
"referrer_domain": "None",
"referrer_ipv4": "None",
"referrer_url": "None",
"sha256": "None"
},
{
"actor_ipv4": "197.210.84.26",
"c2_domain": "himionsa.com",
"c2_ip": "89.208.229.55",
"c2_url": "http://himionsa.com/rich/panel/pvqdq929bsx_a_d_m1n_a.php?mazm=report",
"datetime": "2020-02-20T13:08:36Z",
"email": "None",
"email_domain": "None",
"referrer_domain": "None",
"referrer_ipv4": "None",
"referrer_url": "None",
"sha256": "None"
},
{
"actor_ipv4": "197.210.53.79",
"c2_domain": "himionsa.com",
"c2_ip": "89.208.229.55",
"c2_url": "http://himionsa.com/rich/panel/pvqdq929bsx_a_d_m1n_a.php?mazm=report",
"datetime": "2020-02-21T09:03:46Z",
"email": "None",
"email_domain": "None",
"referrer_domain": "None",
"referrer_ipv4": "None",
"referrer_url": "None",
"sha256": "None"
}
]
}
}

Human Readable Output#

HYAS C2_Attribution records for domain : himionsa.com#

Actor IPv4C2 DomainC2 IPC2 URLDatetimeEmailEmail DomainReferrer DomainReferrer IPv4Referrer URLSHA256
197.210.53.224himionsa.com89.208.229.55http://himionsa.com/rich/panel/pvqdq929bsx_a_d_m1n_a.php?mazm=report2020-02-21T10:16:06ZNoneNoneNoneNoneNoneNone
197.210.84.26himionsa.com89.208.229.55http://himionsa.com/rich/panel/pvqdq929bsx_a_d_m1n_a.php?mazm=report2020-02-20T13:08:36ZNoneNoneNoneNoneNoneNone
197.210.53.79himionsa.com89.208.229.55http://himionsa.com/rich/panel/pvqdq929bsx_a_d_m1n_a.php?mazm=report2020-02-21T09:03:46ZNoneNoneNoneNoneNoneNone