The Rise of Earth Aughisky: Tracking the Campaigns Taidoor Started
Common Information
| Type | Value |
|---|---|
| UUID | 5696d3cd-35e2-4bb4-8607-72f1036fc98d |
| Fingerprint | 99fd2bcc64bb21aefad84452d45b732e6a4f1daeb62e12e6071a1fe3d23f12f3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 21, 2022, 6:35 p.m. |
| Added to db | April 14, 2024, 11:33 a.m. |
| Last updated | Aug. 30, 2024, 10:59 p.m. |
| Headline | The Rise of Earth Aughisky: Tracking the Campaigns Taidoor Started |
| Title | The Rise of Earth Aughisky: Tracking the Campaigns Taidoor Started |
| Detected Hints/Tags/Attributes | 245/4/220 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | fourk-asptree.qc.to |
|
| Details | Domain | 1 | lily.onmypc.net |
|
| Details | Domain | 2 | www.lily.onmypc.net |
|
| Details | Domain | 2 | ftp.lily.onmypc.net |
|
| Details | Domain | 1 | davy.myddns.com |
|
| Details | Domain | 1 | yourdomainnames.myddns.com |
|
| Details | Domain | 1 | avstore.com.tw |
|
| Details | Domain | 5 | com.tw |
|
| Details | Domain | 1 | lightening.com.tw |
|
| Details | Domain | 36 | contagiodump.blogspot.com |
|
| Details | Domain | 3 | reversinglabs.com |
|
| Details | Domain | 3 | www.ithome.com.tw |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 26 | www.lac.co.jp |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 3 | community.broadcom.com |
|
| Details | Domain | 18 | blog.trendmicro.co.jp |
|
| Details | Domain | 15 | www.macnica.co.jp |
|
| Details | Domain | 13 | hitcon.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 138 | www.securityweek.com |
|
| Details | Domain | 7 | jp.security.ntt |
|
| Details | Domain | 1 | files.macnica.co.jp |
|
| Details | Domain | 4 | airbus-cyber-security.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 132 | www.sophos.com |
|
| Details | Domain | 7 | apt.etda.or.th |
|
| Details | Domain | 46 | jsac.jpcert.or.jp |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 2 | codeblue.jp |
|
| Details | Domain | 60 | documents.trendmicro.com |
|
| Details | File | 1 | fc.asp |
|
| Details | File | 1 | dw.html |
|
| Details | File | 1 | i.dat |
|
| Details | CVE | 30 | cve-2015-2545 |
|
| Details | CVE | 79 | cve-2010-3333 |
|
| Details | Domain | 245 | shutterstock.com |
|
| Details | Domain | 3 | envato.com |
|
| Details | Domain | 43 | sites.google.com |
|
| Details | Domain | 2 | sslvps.top |
|
| Details | Domain | 2 | roudan.serveftp.com |
|
| Details | Domain | 2 | theoreticalmodel.onmypc.us |
|
| Details | Domain | 1 | kaiwanxiao.pixnet.net |
|
| Details | Domain | 1 | pixnet.net |
|
| Details | Domain | 6 | www.google |
|
| Details | Domain | 4 | dynssl.com |
|
| Details | Domain | 1 | sexxxy.biz |
|
| Details | Domain | 1 | task.zip |
|
| Details | Domain | 2 | fsc-kd.ns01.info |
|
| Details | Domain | 1 | moeas.agent.tw |
|
| Details | File | 1 | alot.dat |
|
| Details | File | 1 | sysconf.dll |
|
| Details | File | 1 | %c%c%c%c%c.asp |
|
| Details | File | 1 | sprxx.dll |
|
| Details | File | 1 | java.txt |
|
| Details | File | 2 | u.txt |
|
| Details | File | 1 | 123.dll |
|
| Details | File | 1 | task.zip |
|
| Details | File | 1 | x64-1102.dll |
|
| Details | File | 1 | x86-1102.dll |
|
| Details | File | 38 | x64.dll |
|
| Details | File | 23 | x86.dll |
|
| Details | File | 89 | version.dll |
|
| Details | File | 40 | cryptbase.dll |
|
| Details | File | 1 | master_patch.dat |
|
| Details | File | 1 | master_update.dat |
|
| Details | File | 1 | crypt_base.dat |
|
| Details | File | 1 | extensions.xml |
|
| Details | File | 1 | ipatch.dat |
|
| Details | File | 1 | chinas-military-build.html |
|
| Details | File | 1 | 20200424_002177.html |
|
| Details | File | 63 | report.html |
|
| Details | File | 1 | day2-h-r2.pdf |
|
| Details | File | 1 | taidoor.pdf |
|
| Details | File | 3 | mpressioncss_ta_report_2019.pdf |
|
| Details | File | 4 | jsac2022_8_hara_en.pdf |
|
| Details | File | 1 | trooper-targets-transportation-and-government-organizations.html |
|
| Details | File | 1 | tropic-trooper-new-strategy.html |
|
| Details | File | 1 | environments.html |
|
| Details | File | 1 | cyberespionage-campaign.html |
|
| Details | File | 1 | taidoor-started.pdf |
|
| Details | md5 | 1 | 7c5841f19740350d36a0644205dcb558 |
|
| Details | md5 | 1 | 003a58739d420d344e2a78221663fac4 |
|
| Details | md5 | 1 | b6380439ff9ed0c6d45759da0f3b05b8 |
|
| Details | sha1 | 1 | 18c67331716ae672e46583700c4a3eb2abdaa61c |
|
| Details | sha1 | 1 | f2dfd3910017cd9b3798e9b9dce8ddcace5c6af6 |
|
| Details | sha1 | 1 | 0dfd5669f67a3a992817ca6db096a4cbeadc3257 |
|
| Details | sha1 | 1 | 4dc73b64f25c96d9bd58f9bc84aa9efa413620ed |
|
| Details | sha1 | 1 | a9982fede417d96b0a8604b485c548ad1c5f845b |
|
| Details | sha1 | 1 | 44673e28e03d642e937eb5d6fed9fc6535e4b872 |
|
| Details | sha1 | 1 | 13d0961daf1166d95795f2c7e2ee88f32037ea1b |
|
| Details | sha1 | 1 | 3c55249b6512e1b1f7e721c2fd9faa5d30e56fe6 |
|
| Details | sha1 | 1 | 26b8faaf301c2b6bc180f179d0d68f3f0fd419ab |
|
| Details | sha1 | 1 | 775eac7787a351fed43a0150484b9870ecbc4ec9 |
|
| Details | sha1 | 1 | f3987d5629dfb61c518528cb8314e60f1bb2dd5c |
|
| Details | sha1 | 1 | 0a5895e0c360a25d5abb7fbd7959da044c2c6c93 |
|
| Details | sha1 | 1 | 341cbeb81e6cba15442ee5f9544b7d7593686a2e |
|
| Details | sha1 | 1 | 789614db37fb2302957028fd6c30cea492636f3e |
|
| Details | sha1 | 1 | 1a30a00b394aa4443f44d7645b67d22c82875ad7 |
|
| Details | sha1 | 1 | c6f2d78b5f89d522306f74426e4b0d8e00841c46 |
|
| Details | sha1 | 1 | 90ca82604d29a87da95f68aaca7d2b0748b1504b |
|
| Details | sha1 | 1 | 071e0693b5b6219e6cf02621e02c09f36ddee5e3 |
|
| Details | sha256 | 1 | 663fb74f33dde51b6ca3c0faf5bfd5b1431a43b2b1650e83f14ba11a35a2c326 |
|
| Details | sha256 | 1 | 4d55d8e4354501207affb7aaa2d79108e6596fe6c3d753c32aa22e075853ba6e |
|
| Details | sha256 | 1 | c11a9d7c06130fc05430bcca32f7c3e4621e838efb888ebddc52985f5cd17d0e |
|
| Details | sha256 | 1 | 73846ec3f92b723ee6b5648ca957b5d9a518974d9358569ab6f23bf611938659 |
|
| Details | sha256 | 1 | 93e1c51d0c0c01673187d40f4b41a8fd461f4bb46572c2c6dee5077d9dff4a97 |
|
| Details | sha256 | 1 | 8b4e42a2abbcd47f3fd8e9b75913d05633efb610d646565ef43e3f9daaabaeaf |
|
| Details | sha256 | 1 | 4e6c21ccab81af36e58da66347a301240a005044ca2bd7521a79f56373356ed2 |
|
| Details | sha256 | 1 | c377923108a2bdae1c06819eea9db49ea7883537a31d92a904405f6d813ab4b6 |
|
| Details | sha256 | 1 | e5f3c3053da3707274b8e958a4b498f70f8a92e1beae74da5ea49174e255f898 |
|
| Details | sha256 | 1 | c67db6af5873a558145452341e34de74eda78cec7ef33921d2885038a1e6aaaa |
|
| Details | sha256 | 1 | a1054e8b5336ead42c1a43947bbd50a896f5fe551c5994aa7414e44c14339e29 |
|
| Details | sha256 | 1 | a7b7a6a9b4aafe2ac1f792c901a21906df3c09adea6549446da1ed72f90b9194 |
|
| Details | sha256 | 1 | 5888b026ab7df42ed32d53038e9b8541cf272f0010385694e2ba28e0454f14c2 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | IPv4 | 1 | 210.240.26.2 |
|
| Details | IPv4 | 1 | 61.216.128.129 |
|
| Details | IPv4 | 1 | 211.22.7.237 |
|
| Details | IPv4 | 1 | 193.170.111.210 |
|
| Details | IPv4 | 1 | 121.241.81.116 |
|
| Details | IPv4 | 1 | 118.175.7.74 |
|
| Details | IPv4 | 2 | 78.39.236.6 |
|
| Details | IPv4 | 1 | 103.110.80.48 |
|
| Details | IPv4 | 1 | 202.54.49.5 |
|
| Details | IPv4 | 1 | 202.55.92.56 |
|
| Details | IPv4 | 1 | 190.143.87.148 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1598 |
|
| Details | MITRE ATT&CK Techniques | 66 | T1583 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 43 | T1546 |
|
| Details | MITRE ATT&CK Techniques | 164 | T1574 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 306 | T1078 |
|
| Details | MITRE ATT&CK Techniques | 208 | T1068 |
|
| Details | MITRE ATT&CK Techniques | 48 | T1480 |
|
| Details | MITRE ATT&CK Techniques | 30 | T1211 |
|
| Details | MITRE ATT&CK Techniques | 107 | T1564 |
|
| Details | MITRE ATT&CK Techniques | 247 | T1070 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 550 | T1112 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 91 | T1620 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1205 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 36 | T1586 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1203 |
|
| Details | MITRE ATT&CK Techniques | 120 | T1129 |
|
| Details | MITRE ATT&CK Techniques | 50 | T1072 |
|
| Details | MITRE ATT&CK Techniques | 78 | T1569 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 66 | T1584 |
|
| Details | MITRE ATT&CK Techniques | 56 | T1587 |
|
| Details | MITRE ATT&CK Techniques | 145 | T1588 |
|
| Details | MITRE ATT&CK Techniques | 46 | T1608 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | MITRE ATT&CK Techniques | 152 | T1056 |
|
| Details | MITRE ATT&CK Techniques | 125 | T1110 |
|
| Details | MITRE ATT&CK Techniques | 172 | T1555 |
|
| Details | MITRE ATT&CK Techniques | 176 | T1135 |
|
| Details | MITRE ATT&CK Techniques | 118 | T1570 |
|
| Details | MITRE ATT&CK Techniques | 157 | T1560 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 126 | T1567 |
|
| Details | MITRE ATT&CK Techniques | 96 | T1132 |
|
| Details | MITRE ATT&CK Techniques | 75 | T1001 |
|
| Details | MITRE ATT&CK Techniques | 163 | T1573 |
|
| Details | MITRE ATT&CK Techniques | 41 | T1008 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1095 |
|
| Details | MITRE ATT&CK Techniques | 115 | T1571 |
|
| Details | MITRE ATT&CK Techniques | 152 | T1090 |
|
| Details | MITRE ATT&CK Techniques | 149 | T1102 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1016 |
|
| Details | MITRE ATT&CK Techniques | 534 | T1005 |
|
| Details | MITRE ATT&CK Techniques | 89 | T1114 |
|
| Details | MITRE ATT&CK Techniques | 219 | T1113 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1201 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1007 |
|
| Details | MITRE ATT&CK Techniques | 119 | T1049 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 179 | T1087 |
|
| Details | Pdb | 1 | c:\users\user\desktop\luckdll\x64\release\luckdll.pdb |
|
| Details | Pdb | 1 | luckdll.pdb |
|
| Details | Pdb | 1 | msghandledll.pdb |
|
| Details | Threat Actor Identifier - APT | 7 | APT24 |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Url | 1 | http://contagiodump.blogspot.com/2011/03/cve-2010-3333-doc- |
|
| Details | Url | 1 | https://www.ithome.com.tw/news/139504. |
|
| Details | Url | 2 | https://www.cisa.gov/uscert/ncas/analysis-reports/ar20-216a. |
|
| Details | Url | 1 | https://www.lac.co.jp/lacwatch/people/20200424_002177.html |
|
| Details | Url | 1 | https://www.mandiant.com/resources/evasive-tactics-taidoor-3. |
|
| Details | Url | 1 | https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/taidoor-campaign-targets-government-agencies-in-taiwan. |
|
| Details | Url | 1 | https://blog.trendmicro.co.jp/archives/16893. |
|
| Details | Url | 1 | https://www.macnica.co.jp/business/security/manufacturers/mpressioncss/report.html |
|
| Details | Url | 1 | https://hitcon.org/2015/cmt/agenda/#day2 |
|
| Details | Url | 1 | https://hitcon.org/2015/cmt/download/day2-h-r2.pdf |
|
| Details | Url | 1 | https://securelist.com/cve-2015-2545-overview-of-current-threats/74828/. |
|
| Details | Url | 1 | https://community.netwitness.com/t5/netwitness-community-blog/detecting-glassrat-using-security-analytics-and-ecat/ba- |
|
| Details | Url | 1 | https://www.securityweek.com/glassrat-malware-stayed-under-radar-years-rsa. |
|
| Details | Url | 1 | https://jp.security.ntt/resources/taidoor.pdf |
|
| Details | Url | 1 | https://files.macnica.co.jp/mnc/mpressioncss_ta_report_2019.pdf |
|
| Details | Url | 1 | https://blog.trendmicro.com/trendlabs-security-intelligence/taidoor-update-taidoor-gang-tags-its-victims/. |
|
| Details | Url | 1 | https://airbus-cyber-security.com |
|
| Details | Url | 1 | https://attack.mitre.org/groups/g0011/. |
|
| Details | Url | 1 | https://www.mandiant.com/resources/insights |
|
| Details | Url | 1 | https://www.sophos.com/en-us/threat-center/threat- |
|
| Details | Url | 1 | https://apt.etda.or.th/cgi-bin/showcard.cgi?g=taidoor&n=1 |
|
| Details | Url | 1 | https://attack.mitre.org/software/s0011/. |
|
| Details | Url | 1 | https://apt.etda.or.th/cgi-bin/showcard.cgi?g=apt%2012%2c%20 |
|
| Details | Url | 4 | https://jsac.jpcert.or.jp/archive/2022/pdf/jsac2022_8_hara_en.pdf |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/21/l/collecting-in-the-dark-tropic- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/18/c/tropic-trooper-new-strategy.html |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/20/e/tropic-troopers-back-usbferry-attack-targets-air-gapped- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/21/h/apt41-resurfaces-as-earth-baku-with-new- |
|
| Details | Url | 1 | https://codeblue.jp/2021/en/talks/?content=talks_13 |
|
| Details | Url | 1 | https://documents.trendmicro.com/assets/txt/iocs-the-rise-of-earth-aughisky-tracking-the-campaigns- |