Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea Taiwan
Common Information
| Type | Value |
|---|---|
| UUID | 0e71a31a-8f75-4db5-8895-d44185b1cd57 |
| Fingerprint | 33e431b081a09039b8d51523b2abf46f3e17218701ee0870d347f2fc489e1c93 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 20, 2023, 8:19 a.m. |
| Added to db | March 10, 2024, 1:16 a.m. |
| Last updated | Aug. 31, 2024, 2:17 a.m. |
| Headline | Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea Taiwan |
| Title | Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea Taiwan |
| Detected Hints/Tags/Attributes | 138/2/90 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2023-0420.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 3 | cve-2022-34305 |
|
| Details | CVE | 3 | cve-2022-20006 |
|
| Details | CVE | 5 | cve-2022-34918 |
|
| Details | CVE | 5 | cve-2021-23017 |
|
| Details | Domain | 1 | eisae.org |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 1 | gnews.org |
|
| Details | Domain | 3 | koreatimes.co.kr |
|
| Details | Domain | 3 | weleakinfo.com |
|
| Details | Domain | 74 | proton.me |
|
| Details | Domain | 1 | tubosheu.github.io |
|
| Details | Domain | 1 | vdi.ntu.edu.tw |
|
| Details | Domain | 1 | ricon.re.kr |
|
| Details | Domain | 1 | kab.or.kr |
|
| Details | Domain | 1 | chrome-android-and-windows-0day-rce-sbx-main.zip |
|
| Details | Domain | 1 | scu.co.id |
|
| Details | Domain | 1 | letters-to-jokowi.zip |
|
| Details | Domain | 7 | cia.gov |
|
| Details | Domain | 1 | woorimal.org |
|
| Details | Domain | 1 | aspg.or.kr |
|
| Details | Domain | 1 | kriece.or.kr |
|
| Details | Domain | 1 | kmhs.newnonmun.com |
|
| Details | Domain | 1 | klsgss.or.kr |
|
| Details | Domain | 1 | kewms.co.kr |
|
| Details | Domain | 1 | cleftlp.or.kr |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | 1 | adkf3r@proton.me |
||
| Details | 1 | xiaoeisae@proton.me |
||
| Details | File | 1 | 028cc9bd7fbfe1bfa963c40a63e0a71.png |
|
| Details | File | 1 | 1659665503104.png |
|
| Details | File | 1 | 1659665516233.png |
|
| Details | File | 1 | 1663574132558.png |
|
| Details | File | 1 | 2022年苹果越狱.docx |
|
| Details | File | 1 | 2ef7eddf1db93a0fd43d377c146f432.png |
|
| Details | File | 1 | 57f028d9c743ff63e1a141ca86b09d2.png |
|
| Details | File | 1 | 59d7c5b56cdda281f74edfc2477f81e.png |
|
| Details | File | 1 | 8a757b292c6.7z |
|
| Details | File | 1 | 604e88f08910155b245248ef0422070.png |
|
| Details | File | 1 | 7b9f85b999f114d4209ad6b635929cb.png |
|
| Details | File | 4 | ransomware.pdf |
|
| Details | File | 1 | aa21-265a-conti_ransomware_tlp_white.pdf |
|
| Details | File | 1 | changeurlscheme.exe |
|
| Details | File | 1 | chrome-android-and-windows-0day-rce-sbx-main.zip |
|
| Details | File | 1 | _original.jar |
|
| Details | File | 1 | t_guide.ep |
|
| Details | File | 1 | gbl_user.csv |
|
| Details | File | 1 | i3gsvcmanager.exe |
|
| Details | File | 1 | mst_invoice_detail.csv |
|
| Details | File | 1 | sats.txt |
|
| Details | File | 1 | optus-10200-leak.rar |
|
| Details | File | 1 | 库远程代码执行poc.txt |
|
| Details | File | 1 | rfatw成员挖掘与关联猜想报告.doc |
|
| Details | File | 1 | manualen.pdf |
|
| Details | File | 1 | borat.rar |
|
| Details | File | 1 | af470804de1edd93a0a7fecd6143139.png |
|
| Details | File | 1 | bruteratel.rar |
|
| Details | File | 1 | crack.rar |
|
| Details | File | 45 | 1.zip |
|
| Details | File | 3 | cobaltstrike.jar |
|
| Details | File | 4 | 4.rar |
|
| Details | File | 1 | b8a8263ddd173.7z |
|
| Details | File | 1 | f610ee3c19.7z |
|
| Details | File | 1 | fb0420918514a5836cb1d04813f0935.png |
|
| Details | File | 1 | fbileak文件.rar |
|
| Details | File | 1 | ins封号思路.txt |
|
| Details | File | 1 | killnet成员信息.txt |
|
| Details | File | 1 | letters-to-jokowi.zip |
|
| Details | File | 1 | rrrrrrrrr.wmv |
|
| Details | File | 22 | sitemap.xml |
|
| Details | File | 1 | twitter.rar |
|
| Details | File | 5 | com.rar |
|
| Details | File | 1 | xiaomi_remove_mi_account_and_frp.rar |
|
| Details | File | 1204 | index.php |
|
| Details | File | 816 | index.html |
|
| Details | IPv4 | 1 | 172.67.139.24 |
|
| Details | IPv4 | 1 | 104.21.87.2 |
|
| Details | IPv4 | 28 | 34.102.136.180 |
|
| Details | IPv4 | 1 | 211.56.76.12 |
|
| Details | IPv4 | 1 | 114.108.133.70 |
|
| Details | IPv4 | 1 | 61.79.234.100 |
|
| Details | IPv4 | 1 | 222.107.71.133 |
|
| Details | IPv4 | 1 | 211.220.216.122 |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |
|
| Details | Threat Actor Identifier - APT | 121 | APT36 |
|
| Details | Url | 8 | https://t.me |
|
| Details | Url | 1 | http://211.56.76.12:11001/wls-wsat/index.html |
|
| Details | Url | 1 | http://114.108.133.70:7001/wls-wsat/index.html |
|
| Details | Url | 1 | http://61.79.234.100:7002/wls-wsat/index.html |
|
| Details | Url | 1 | http://222.107.71.133:8111/wls-wsat/index.html |
|
| Details | Url | 1 | http://211.220.216.122:8015/wls-wsat/index.html |