ThreatBook Labs
Common Information
| Type | Value |
|---|---|
| UUID | 5e8b0740-9aa8-408e-be39-6d4ce5332bf4 |
| Fingerprint | 27e14301073cad3cd44a18427963f18f84103931b8cf017fd283911ea739acb0 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 30, 2021, 2:14 p.m. |
| Added to db | April 14, 2024, 1:27 a.m. |
| Last updated | Aug. 31, 2024, 6:20 a.m. |
| Headline | ThreatBook Labs |
| Title | ThreatBook Labs |
| Detected Hints/Tags/Attributes | 12/1/43 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://report.threatbook.cn/LS.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.threatbook.cn |
|
| Details | Domain | 1 | mantis.linkundlink.de |
|
| Details | Domain | 2 | mante.li |
|
| Details | Domain | 2 | bmanal.com |
|
| Details | Domain | 3 | shopandtravelusa.com |
|
| Details | Domain | 2 | industryinfostructure.com |
|
| Details | Domain | 1 | www.canyonzcc.com |
|
| Details | Domain | 2 | www.devguardmap.org |
|
| Details | Domain | 55 | blog.google |
|
| Details | File | 1 | officetemplate.php |
|
| Details | File | 2 | draw.php |
|
| Details | File | 2 | monolog.php |
|
| Details | File | 73 | view.php |
|
| Details | File | 13 | down.php |
|
| Details | File | 10 | template.php |
|
| Details | File | 1 | msxml3r.dll |
|
| Details | File | 1 | pdfview.php |
|
| Details | File | 1 | 最后通过rundll32.exe |
|
| Details | File | 1 | 安装包的内部组件win_fw.dll |
|
| Details | File | 1 | win_fw.dll |
|
| Details | File | 1 | 并启动另外一个恶意组件idahelper.dll |
|
| Details | File | 1 | idahelper.dll |
|
| Details | File | 1 | board_read.asp |
|
| Details | md5 | 1 | a28a25fd2ab85a2fc69019412629e5c9 |
|
| Details | sha256 | 1 | ef2d3e488b781a7c6144afa8fc8ba2b6d085ca671100d04686097f3b4dd2ed42 |
|
| Details | sha256 | 1 | 8562f6b2a95963f076f7bc6ff00401d96656eafda1cfad3af53b3e3b99ae6452 |
|
| Details | sha256 | 1 | 5924369d08855b0c1a9a6434a25e2b34149cfe08353c53fa1ad942ed0916e474 |
|
| Details | sha256 | 2 | 803dda6c8dc426f1005acdf765d9ef897dd502cd8a80632eef4738d1d7947269 |
|
| Details | sha256 | 1 | 9daa1e4de0046469a2e1e419383cf4a0e6f028f4b6d6ba4c2958e79272bf8185 |
|
| Details | sha256 | 1 | 41ee1b1a36577bfc36d2964cf031e0180a50d1171943c04fa3215768db0b028e |
|
| Details | sha256 | 1 | fe80e890689b0911d2cd1c29196c1dad92183c40949fe6f8c39deec8e745de7f |
|
| Details | IPv4 | 1 | 10.10.130.129 |
|
| Details | Url | 1 | https://mantis.linkundlink.de/logs/officetemplate.php?templateid=3535 |
|
| Details | Url | 2 | https://mante.li/images/draw.php |
|
| Details | Url | 2 | https://bmanal.com/images/draw.php |
|
| Details | Url | 2 | https://shopandtravelusa.com/vendor/monolog/monolog/src/monolog/monolog.php |
|
| Details | Url | 2 | https://industryinfostructure.com/templates/worldgroup/view.php |
|
| Details | Url | 1 | http://10.10.130.129:4080/down.php?id=2383 |
|
| Details | Url | 1 | https://www.canyonzcc.com/system/templates/template.php?templateid=1010 |
|
| Details | Url | 1 | https://industryinfostructure.com/templates/pdfview.php |
|
| Details | Url | 1 | https://www.devguardmap.org/board/board_read.asp?boardid=01 |
|
| Details | Url | 1 | https://blog.google/threat-analysis-group/update-campaign-targeting-security-resear |
|
| Details | Url | 1 | https://www.canyonzcc.com/system/templates/down.php |