“Beijing One Pass” Employee Benefits Software Exhibits Spyware Characteristics
Common Information
| Type | Value |
|---|---|
| UUID | 43813507-4dc6-4b5f-a512-12bf1e439015 |
| Fingerprint | 4f6459d3c0b83c072b3e767126a4f0963858544b04809afa5b787bc353dcdacb |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 29, 2021, 10:50 a.m. |
| Added to db | March 10, 2024, 1:05 a.m. |
| Last updated | Aug. 31, 2024, 2:02 a.m. |
| Headline | “Beijing One Pass” Employee Benefits Software Exhibits Spyware Characteristics |
| Title | “Beijing One Pass” Employee Benefits Software Exhibits Spyware Characteristics |
| Detected Hints/Tags/Attributes | 76/2/62 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2021-0729.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 1 | www.bjca.cn |
|
| Details | Domain | 1 | update.bjca.org.cn |
|
| Details | Domain | 1 | bjca.org.cn |
|
| Details | Domain | 1 | old.snca.com.cn |
|
| Details | Domain | 1 | snyzt.org |
|
| Details | Domain | 1 | time.bjca.org.cn |
|
| Details | Domain | 1 | cayzt.snyzt.org |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | File | 1 | wmcontrol.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | bjcaupdate.exe |
|
| Details | File | 50 | 3.exe |
|
| Details | File | 1 | bjcacrashhandler.exe |
|
| Details | File | 1 | gkarrfuvz.xlsx |
|
| Details | File | 1 | bjcaupdatesetup.exe |
|
| Details | File | 1 | 19082.exe |
|
| Details | File | 4 | 14.exe |
|
| Details | File | 1 | zfkeymonitor.exe |
|
| Details | File | 1 | snca.reg |
|
| Details | File | 1 | uniclient.exe |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 1 | %systemroot%\system32\dnsapi.dll |
|
| Details | File | 1 | regsvr32_x86.exe |
|
| Details | File | 1 | regsvr32_x64.exe |
|
| Details | File | 1 | %systemroot%\system32\p2pcollab.dll |
|
| Details | md5 | 1 | 7fa974366048f9c551ef45714595665e |
|
| Details | sha1 | 1 | 0e7559ecd1a8793fc2f78628328a60bb8b728150 |
|
| Details | sha1 | 1 | 81c240d9a20887f3fbe596bb314882e7ee76691a |
|
| Details | sha1 | 1 | dc3d7d38c1c26ccf6aaa1ba52fb448f5ed3b4431 |
|
| Details | sha1 | 2 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
|
| Details | sha1 | 2 | de28f4a4ffe5b92fa3c503d1a349a7f9962a8212 |
|
| Details | sha1 | 1 | a71052b091253a90ca3d423c8a1c0d56e75939af |
|
| Details | sha1 | 1 | 5070a0e2fa1db04c2ed63461ece36307ab3a863b |
|
| Details | sha1 | 1 | b4ed58f24e2d40b68da3bb6d5fd2453bdcf3caf4 |
|
| Details | sha1 | 1 | ec98f4a5096282fb192ffb168a574236c5a7dc6c |
|
| Details | sha256 | 1 | 1ade2588a552f715758ed74cf0c6da2bac5eeaafde27cb9e74cf14e56f1c7f12 |
|
| Details | sha256 | 1 | 4b6539eaebc10c14605f61e709be08f0246cec46f2662c496db8b2847aa4c887 |
|
| Details | sha256 | 1 | 918d6561fea3589a050e2462a488df82418811c00b72fe8997c991765864b1d0 |
|
| Details | sha256 | 1 | 4fe2e6d9686df2cbde98f78297c3b5640c743832812aed2a729213072cb3ab6f |
|
| Details | sha256 | 1 | 44e16d47c0ed74b28b7b3dfa3679a1db01f034b2a9108ea3bc2237125ddd52bd |
|
| Details | sha256 | 1 | d9c3f00e4351fff1aba9e72b320dbecdbcb001f553ba3ce3401e7c6f1a471469 |
|
| Details | sha256 | 1 | 6dc9413628655092e93ebe970c8a9e4d2cbd07b69b5b18bbd483508bb96aa7b3 |
|
| Details | sha256 | 1 | 1c03f092ea658270e295806ec1c07c84e12e4520b4344eb60aeeb6ae227fe8c4 |
|
| Details | sha256 | 1 | edfad91d7587e6206459db71205c23869ac028c429b24d359ee75c85cfd7f713 |
|
| Details | sha256 | 1 | bed0d1139adcec9292841b7315289bb43960f2c7a4ff1bbab536528b1317b075 |
|
| Details | sha256 | 1 | a94d56067aa15f28f66a139eecc90e49b008bfa1f0faf7d65721ecfb68a6a6a2 |
|
| Details | Microsoft Patch Numbers | 1 | KB5001337 |
|
| Details | Threat Actor Identifier by Recorded Future | 9 | TAG-21 |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Local |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0e7559ecd1a8793fc2f78628328a60bb8b728150\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\81C240D9A20887F3FBE596BB314882E7EE76691A\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DC3D7D38C1C26CCF6AAA1BA52FB448F5ED3B4431\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A71052B091253A90CA3D423C8A1C0D56E75939AF\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5070a0e2fa1db04c2ed63461ece36307ab3a863b\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B4ED58F24E2D40B68DA3BB6D5FD2453BDCF3CAF4\Blob |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EC98F4A5096282FB192FFB168A574236C5A7DC6C\Blob |