ioc[.]one - OSINT Cyber Threat Intelligence Database

APT1: Exposing One of China’s Cyber Espionage Units | Mandiant | FireEye

Show in Graph

Common Information

Type	Value
UUID	659b4321-87c3-4633-8fde-40b083c0b8b6
Fingerprint	763a94ce2375210cd3a9afa88bb9c9274d67a39c49fc1fdd29bf679e4721dcdd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 18, 2013, 1:50 p.m.
Added to db	May 1, 2024, 5:28 p.m.
Last updated	Aug. 31, 2024, 2:06 a.m.
Headline	APT1: Exposing One of China’s Cyber Espionage Units \| Mandiant \| FireEye
Title	APT1: Exposing One of China’s Cyber Espionage Units \| Mandiant \| FireEye
Detected Hints/Tags/Attributes	349/3/278

Source URLs

	Redirection	Url
Details	Source	https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf

URL Provider

Details	Provider	Source level domain
Details	mandiant.com	www.mandiant.com

Attributes

Details	Type	#Events	Value
Details	Domain	182	www.mandiant.com
Details	Domain	1	intelligence.house.gov
Details	Domain	66	www.washingtonpost.com
Details	Domain	13	www.rand.org
Details	Domain	5	project2049.net
Details	Domain	1	www.paper.edu.cn
Details	Domain	1	www.hbsh.org
Details	Domain	1	file.lw23.com
Details	Domain	1	www.ecice06.com
Details	Domain	1	downloadarticlefile.do
Details	Domain	1	www.cs.zju.edu.cn
Details	Domain	1	today.hit.edu.cn
Details	Domain	1	city8.com
Details	Domain	1	114.mingluji.com
Details	Domain	1	www.pudong-edu.sh.cn
Details	Domain	1	r9.he3.com.cn
Details	Domain	18	www.uscc.gov
Details	Domain	1	www.hoovers.com
Details	Domain	1	sb.hugesoft.org
Details	Domain	216	www.symantec.com
Details	Domain	5	www.digitalbond.com
Details	Domain	8	labs.alienvault.com
Details	Domain	1	go.bloomberg.com
Details	Domain	6	rocketmail.com
Details	Domain	1	2012chinausaviationsymposium.zip
Details	Domain	1	employee-benefit-and-overhead-adjustment-keys.zip
Details	Domain	1	market-comment-europe-ends-sharply-lower-on-data-yields-jump.zip
Details	Domain	1	oil-field-services-analysis-and-outlook.zip
Details	Domain	1	social-security-reform.zip
Details	Domain	1	webc2.yahoo
Details	Domain	8	www.foofus.net
Details	Domain	1	www.truesec.se
Details	Domain	16	blog.gentilkiwi.com
Details	Domain	2	oss.coresecurity.com
Details	Domain	1	www.tarasco.org
Details	Domain	1	reedarvin.thearvins.com
Details	Domain	2	chinaunicom.cn
Details	Domain	707	google.com
Details	Domain	1	ug-co.hugesoft.org
Details	Domain	1	hugesoft.org
Details	Domain	1	7cback.hugesoft.org
Details	Domain	85	163.com
Details	Domain	1	ustvb.com
Details	Domain	2	uszzcs.com
Details	Domain	1	hvmetal.com
Details	Domain	1	hkcastte.com
Details	Domain	1	attnpower.com
Details	Domain	1	ifexcel.com
Details	Domain	1	bpyoyo.com
Details	Domain	1	skyswim.net
Details	Domain	1	cslisten.com
Details	Domain	1	bigish.net
Details	Domain	1	chileexe77.com
Details	Domain	1	issnbgkit.net
Details	Domain	1	progammerli.com
Details	Domain	1	idirectech.com
Details	Domain	1	livemymsn.com
Details	Domain	1	webservicesupdate.com
Details	Domain	1	giftnews.org
Details	Domain	1	onefastgame.net
Details	Domain	1	conferencesinfo.com
Details	Domain	1	cometoway.org
Details	Domain	1	usnftc.org
Details	Domain	1	phoenixtvus.com
Details	Domain	1	ushongkong.org
Details	Domain	2	newsesport.com
Details	Domain	1	youipcam.com
Details	Domain	2	olmusic100.com
Details	Domain	1	todayusa.org
Details	Domain	2	bluecoate.com
Details	Domain	2	bigdepression.net
Details	Domain	1	arrowservice.net
Details	Domain	1	blackcake.net
Details	Domain	1	businessconsults.net
Details	Domain	1	infosupports.com
Details	Domain	2	newsonet.net
Details	Domain	2	purpledaily.com
Details	Domain	1	avvmail.com
Details	Domain	1	shepmas.com
Details	Domain	1	syscation.com
Details	Domain	1	tibethome.org
Details	Domain	1	microsoft-update-info.com
Details	Domain	1	busketball.com
Details	Domain	1	comrepair.net
Details	Domain	1	gmailboxes.com
Details	Domain	1	oplaymagzine.com
Details	Domain	1	maltempata.com
Details	Domain	1	nirvanaol.com
Details	Domain	2	cnndaily.com
Details	Domain	1	myyahoonews.com
Details	Domain	1	satellitebbs.com
Details	Domain	2	msnhome.org
Details	Domain	1	usabbs.org
Details	Domain	1	ns06.net
Details	Domain	1	copporationnews.com
Details	Domain	1	nytimesnews.net
Details	Domain	1	cnnnewsdaily.com
Details	Domain	1	applesoftupdate.com
Details	Domain	2	micyuisyahooapis.com
Details	Domain	1	infobusinessus.org
Details	Domain	287	yahoo.com
Details	Domain	1	www.china-one.org
Details	Domain	2	aunewsonline.com
Details	Domain	2	canadatvsite.com
Details	Domain	2	aoldaily.com
Details	Domain	2	canoedaily.com
Details	Domain	1	cnndaily.net
Details	Domain	1	defenceonline.net
Details	Domain	1	freshreaders.net
Details	Domain	2	mediaxsds.net
Details	Domain	1	newsonlinesite.com
Details	Domain	1	newspappers.org
Details	Domain	1	reutersnewsonline.com
Details	Domain	1	rssadvanced.org
Details	Domain	1	saltlakenews.org
Details	Domain	1	sportreadok.net
Details	Domain	1	usapappers.com
Details	Domain	2	usnewssite.com
Details	Domain	2	yahoodaily.com
Details	Domain	2	aolon1ine.com
Details	Domain	1	blackberrycluter.com
Details	Domain	1	dnsweb.org
Details	Domain	1	downloadsite.me
Details	Domain	1	firefoxupdata.com
Details	Domain	1	globalowa.com
Details	Domain	2	mcafeepaying.com
Details	Domain	1	pcclubddk.net
Details	Domain	1	softsolutionbox.net
Details	Domain	1	symanteconline.net
Details	Domain	1	advanbusiness.com
Details	Domain	2	businessformars.com
Details	Domain	1	companyinfosite.com
Details	Domain	1	jobsadvanced.com
Details	Domain	1	domains.adrforum.com
Details	Domain	29	appspot.com
Details	Domain	330	facebook.com
Details	Domain	1373	twitter.com
Details	Domain	4	www.chinamil.com.cn
Details	Domain	1	bbs.chinamil.com.cn
Details	Domain	35	translate.google.com
Details	Domain	1	ug-opm.hugesoft.org
Details	Domain	1	ug-rj.arrowservice.net
Details	Domain	1	ug-hst.msnhome.org
Details	Domain	12	rootkit.com
Details	Domain	1	08.zip
Details	Domain	1	www.pudn.com
Details	Domain	5	pudn.com
Details	Domain	179	hotmail.com
Details	Domain	1175	gmail.com
Details	Domain	18	sohu.com
Details	Domain	1	tuziw.com
Details	Domain	1	methodology.in
Details	Domain	4	openioc.org
Details	Domain	1	forums.mandiant.com
Details	Email	1	kevin.mandia@rocketmail.com
Details	Email	1	sh-ipmaster@chinaunicom.cn
Details	Email	1	etejedaa@yahoo.com
Details	Email	1	d0ta010@hotmail.com
Details	Email	1	dota.d013@gmail.com
Details	Email	1	d0ta001@hotmail.com
Details	Email	1	dota.sb005@gmail.com
Details	Email	1	dota.d001@gmail.com
Details	Email	1	mei_qiang_82@sohu.com
Details	File	1	d5a44fde-6cb1-11e2-bd36-c0fe61a205f6_story.html
Details	File	1	cf182.html
Details	File	1	uscc%20report_chinese_capabilitiesforcomputer_networkoperationsandcyberespionage.pdf
Details	File	2	china_electronic_intelligence_elint_satellite_developments_easton_stokes.pdf
Details	File	3	pla_third_department_sigint_cyber_stokes_lin_hsiao.pdf
Details	File	1	98401889-9da6-4c38-b9d2-5a5202fd1a33.pdf
Details	File	1	f14e7b60-3d60-4184-a48f-4a50dd21927c.pdf
Details	File	252	www.cs
Details	File	6	redir.php
Details	File	1	12619.htm
Details	File	1	baominginfo.aspx
Details	File	1	jyzc_school.aspx
Details	File	1	f%e7%94%a8%e6%88%91%e5%85%ac%e5%8f%b8%e9%80%9a%e4%bf%a1.pdf
Details	File	1	12th-fiveyearplan_062811.pdf
Details	File	1	discussion_press_release_in_next_week8.zip
Details	File	1	2012chinausaviationsymposium.zip
Details	File	1	employee-benefit-and-overhead-adjustment-keys.zip
Details	File	1	market-comment-europe-ends-sharply-lower-on-data-yields-jump.zip
Details	File	1	negative_reports_of_turkey.zip
Details	File	1	new_technology_for_fpga_and_its_developing_trend.zip
Details	File	1	north_korean_launch.zip
Details	File	1	oil-field-services-analysis-and-outlook.zip
Details	File	1	power_gen_2012.zip
Details	File	1	proactive_investors_one2one_energy_investor_forum.zip
Details	File	1	social-security-reform.zip
Details	File	1	south_china_sea_security_assessment_report.zip
Details	File	1	telephonics_supplier_manual_v3.zip
Details	File	1	the_latest_syria_security_assessment_report.zip
Details	File	1	updated_office_contact_v1.zip
Details	File	1	updated_office_contact_v2.zip
Details	File	1	welfare_reform_and_benefits_development_plan.zip
Details	File	2126	cmd.exe
Details	File	1	webc2.cs
Details	File	1	webc2.tab
Details	File	2	oss.core
Details	File	2	pshtoolkit.htm
Details	File	41	www.tar
Details	File	1	c:\winnt\debug\1.txt
Details	File	30	at.exe
Details	File	1	rar.log
Details	File	1	xxxxxxxx.rar
Details	File	1	1409001.htm
Details	File	1	content_705216.htm
Details	File	1	bbsui.jsp
Details	File	1	08.zip
Details	File	1205	index.php
Details	md5	1	d7aa32b7465f55c368230bb52d52d885
Details	md5	1	c1393e77773a48b1eea117a302138554
Details	IPv4	1	98.16.17.18
Details	IPv4	1	223.166.0.0
Details	IPv4	1	223.167.255.255
Details	IPv4	1	58.246.0.0
Details	IPv4	1	58.247.255.255
Details	IPv4	1	112.64.0.0
Details	IPv4	1	112.65.255.255
Details	IPv4	1	139.226.0.0
Details	IPv4	1	139.227.255.255
Details	IPv4	1	114.80.0.0
Details	IPv4	1	114.95.255.255
Details	IPv4	1	101.80.0.0
Details	IPv4	1	101.95.255.255
Details	IPv4	1	58.247.242.254
Details	IPv4	1	143.89.0.0
Details	IPv4	1	143.89.255.255
Details	IPv4	1	222.64.0.0
Details	IPv4	1	222.73.255.25
Details	IPv4	1	116.224.0.0
Details	IPv4	1	116.239.255.255
Details	IPv4	1	58.246.255.28
Details	IPv4	1	58.247.26.59
Details	IPv4	1	58.247.237.4
Details	Pdb	1	aaaaaaa.pdb
Details	Pdb	1	d:\my documents\visual studio projects\rouji\svcmain.pdb
Details	Threat Actor Identifier - APT	115	APT1
Details	Url	1	http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/100411cyberhearingrogers.
Details	Url	1	http://www.washingtonpost.com/business
Details	Url	3	http://www.mandiant.com
Details	Url	1	http://www.rand.org/pubs/conf_proceedings/cf182.html
Details	Url	2	http://project2049.net/documents/china_electronic_intelligence_elint_satellite_developments_easton_stokes.pdf
Details	Url	2	http://project2049.net/documents/pla_third_department_sigint_cyber_stokes_lin_hsiao.pdf
Details	Url	1	http://www.paper.edu.cn/journal/downcount/0490-6756
Details	Url	1	http://www.hbsh.org/shej_ejsheqmsg.
Details	Url	1	http://file.lw23.com/9/98/984/98401889-9da6-4c38-b9d2-5a5202fd1a33.pdf
Details	Url	1	http://file.lw23.com/f/f1/f14/f14e7b60-3d60-4184-a48f-4a50dd21927c.pdf
Details	Url	1	http://www.ecice06.com/cn/article/downloadarticlefile.do?attachtype=pdf&id=19627
Details	Url	1	http://www.cs.zju.edu.cn/chinese/redir.php?catalog_id=101913&object_id=106021
Details	Url	1	http://today.hit.edu.cn/articles/2004/2-23/12619.htm
Details	Url	1	http://www.czzbb.net/czzb/yw_info/yw_zigeys/baominginfo.aspx?yw_rowid=41726&biaoduanbh=czs20091202901&enterprise_
Details	Url	1	http://114.mingluji.com/minglu/%e4%b8%ad%e5%9b%bd%e4%ba%ba%e6
Details	Url	1	http://114.mingluji.com/minglu/%e4%b8%ad%e5%9b%bd%e4%ba%ba%e6%b0%
Details	Url	1	http://114.mingluji.com/minglu/%e4%b8%ad%e5%9b%bd%e4%ba%ba%e6%b0%9
Details	Url	1	http://114.mingluji.com/category/%e7%b1%b-
Details	Url	1	http://www.pudong-edu.sh.cn/web/pd/jyzc_school.aspx?siteid=45&unitid=2388
Details	Url	1	http://r9.he3.com.cn/%e8%a7%84%e5%88%92/%e9%81%93%e8%b7%af%e5%8f%8a%e5%85%b6%e
Details	Url	1	http://www.uscc.gov/researchpapers/2011/12th-fiveyearplan_062811.pdf
Details	Url	1	http://www.hoovers.com
Details	Url	1	http://www.symantec.com/ja/jp/security_response/print_writeup.
Details	Url	1	https://www.digitalbond.com/blog/2012/06/07/spear-phishing-attempt
Details	Url	1	http://labs.alienvault.com/labs/index.
Details	Url	1	http://go.bloomberg.com/multimedia/following-hackers-trail
Details	Url	1	http://www.foofus.net/fizzgig/fgdump
Details	Url	1	http://www.truesec.se
Details	Url	8	http://blog.gentilkiwi.com/mimikatz
Details	Url	2	http://oss.coresecurity.com/projects/pshtoolkit.htm
Details	Url	1	http://www.tarasco.org/security/pwdump_7
Details	Url	1	http://reedarvin.thearvins.com
Details	Url	1	http://www.chinamil.com.cn/site1/gflt/2004-09/30/content_705216.htm
Details	Url	1	http://www.chinamil.com.cn/site1/gflt/2004-09/30
Details	Url	1	http://bbs.chinamil.com.cn/forum/bbsui.jsp?id=
Details	Url	1	http://tuziw.com/index.php?m=ta&id=1864863532
Details	Url	2	http://www.mandiant.com/apt1.
Details	Url	1	http://www.mandiant
Details	Url	1	http://www.mandiant.com/resources/download/redline.
Details	Url	1	http://openioc.org
Details	Url	1	https://forums.mandiant.com