盘旋在中亚上空的阴影-黄金雕(APT-C-34) 组织攻击活动揭露
Show in Graph
Image Description
Common Information
Type Value
UUID 376e4b51-d0f1-4df8-8419-c40248d20340
Fingerprint a5725c21c00705795d3cff195a72a7c4e49221880fb03b4baba61f8bccaea2dd
Analysis status DONE
Considered CTI value 1
Text language
Published Nov. 7, 2019, 6:33 a.m.
Added to db March 9, 2024, 11:41 p.m.
Last updated Aug. 30, 2024, 10:24 p.m.
Headline 盘旋在中亚上空的阴影-黄金雕(APT-C-34) 组织攻击活动揭露
Title 盘旋在中亚上空的阴影-黄金雕(APT-C-34) 组织攻击活动揭露
Detected Hints/Tags/Attributes 33/2/24
Source URLs
Redirection Url
Details Source http://pub1-bjyt.s3.360.cn/bcms/%E7%9B%98%E6%97%8B%E5%9C%A8%E4%B8%AD%E4%BA%9A%E4%B8%8A%E7%A9%BA%E7%9A%84%E9%98%B4%E5%BD%B1-%E9%BB%84%E9%87%91%E9%9B%95%EF%BC%88APT-C-34).pdf
URL Provider
Details Provider Source level domain
Details 360.cn pub1-bjyt.s3.360.cn
Attributes
Details Type #Events CTI Value
Details CVE 59 
cve-2018-15982
Details Domain 3 
lb.data
Details Domain 246 
mail.ru
Details Domain 29 
bk.ru
Details Email 2 
ev**n.bi***kyy@mail.ru
Details Email 2 
an_i**r@mail.ru
Details Email 2 
o**1975@bk.ru
Details Email 2 
x**n_i**r@mail.ru
Details File 2 
teamviewer_resource_fr.dll
Details File 2 
和tv.dll
Details File 2 
后门替换了原有的tv.dll
Details File 8 
tv.dll
Details File 2 
重信命名为userinit.dll
Details File 2 
同时伪造的tv.dll
Details File 3 
userinit.dll
Details File 2 
伪造的tv.dll
Details File 2 
恶意程序会在目录下寻找名为msmm.exe
Details File 2 
和msmn.exe
Details File 18 
jucheck.exe
Details File 7 
javaws.exe
Details File 10 
%systemroot%\system32\rundll32.exe
Details File 3 
lb.dat
Details Threat Actor Identifier - APT-C 7 
APT-C-34
Details Windows Registry Key 1 
HKEY_CLASSES_ROOT\.sctz