ioc[.]one - OSINT Cyber Threat Intelligence Database

Chinese Cyberespionage Originating From Tsinghua University Infrastructure

Show in Graph

Image Description

Common Information

Type	Value
UUID	3eedbb24-d4f2-41a9-a5c3-8164431ead95
Fingerprint	d131df061691e492ef1ab671c62cd7de20bdcbadadd43767d9172c12bd54b19a
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 20, 2018, 9:21 p.m.
Added to db	March 10, 2024, 12:48 a.m.
Last updated	Aug. 30, 2024, 10:32 p.m.
Headline	Chinese Cyberespionage Originating From Tsinghua University Infrastructure
Title	Chinese Cyberespionage Originating From Tsinghua University Infrastructure
Detected Hints/Tags/Attributes	147/3/16

Source URLs

	Redirection	Url
Details	Source	https://go.recordedfuture.com/hubfs/reports/cta-2018-0816.pdf

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	go.recordedfuture.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	546		www.recordedfuture.com
Details	Domain	3		merics.org
Details	Domain	2		snap.safetynetaccess.com
Details	Domain	622		en.wikipedia.org
Details	File	2		snap.safe
Details	md5	1		d08de00e7168a441052672219e717957
Details	sha1	1		7f77d2f18c82b4fedf313b2df7d2b581a9b73a48
Details	sha256	1		acd07de34cc15f49fd919dc18e695632a08a132fcfc4e9b6292e1a0d45e953e5
Details	IPv4	2		166.111.8.246
Details	IPv4	2		98.180.88.145
Details	IPv4	2		68.105.161.74
Details	Mandiant Temporary Group Assumption	44		TEMP.PERISCOPE
Details	Threat Actor Identifier - APT	66		APT17
Details	Threat Actor Identifier - APT	278		APT10
Details	Url	12		https://en.wikipedia.org
Details	Yara rule	1		rule apt_ext4_linuxlistener { meta: description = "Detects Unique Linux Backdoor, Ext4" author = "Insikt Group, Recorded Future" TLP = "White" date = "2018-08-14" md5_x64 = "d08de00e7168a441052672219e717957" strings: $s1 = "rm /tmp/0baaf161db39" $op1 = { 3C 61 0F } $op2 = { 3C 6E 0F } $op3 = { 3C 74 0F } $op4 = { 3C 69 0F } $op5 = { 3C 3A 0F } condition: all of them }