ioc[.]one - OSINT Cyber Threat Intelligence Database

Attributing i-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups

Show in Graph

Common Information

Type	Value
UUID	7469fa4f-1d81-4e62-8438-a05f66a5e33a
Fingerprint	44af1321a92d09f65a9bffd3a61784c16980fb14611ba288f938bf3c2ac68521
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 19, 2024, 3:41 p.m.
Added to db	April 9, 2024, 12:49 p.m.
Last updated	Aug. 31, 2024, 1:50 a.m.
Headline	Attributing i-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups
Title	Attributing i-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups
Detected Hints/Tags/Attributes	147/3/74

Source URLs

	Redirection	Url
Details	Source	https://go.recordedfuture.com/hubfs/reports/cta-2024-0320.pdf

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	go.recordedfuture.com

Attributes

Details	Type	#Events	Value
Details	Domain	546	www.recordedfuture.com
Details	Domain	2	lengmo.myds.me
Details	Domain	1	libcmdmgr.so
Details	Domain	1	libfilemanagerremote.so
Details	Domain	1	libfiletransferremote.so
Details	Domain	5	mailnotes.online
Details	Domain	2	mailteso.online
Details	Domain	3	gmailapp.me
Details	Domain	2	gmail.isooncloud.com
Details	Domain	2	www.gmailapp.me
Details	Domain	2	www.sw-hk.services
Details	Domain	2	antspam-mail.services
Details	Domain	2	i-soon.net
Details	Domain	2	lengmo.net
Details	Domain	2	linercn.org
Details	Domain	99	qq.com
Details	Domain	179	hotmail.com
Details	Domain	2	news.1ds.me
Details	Domain	2	1ds.me
Details	Domain	2	docx.1ds.me
Details	Domain	2	web.goog1eweb.com
Details	Domain	2	ip.1ds.me
Details	Domain	1	fmis.mef.gov
Details	Domain	2	mpt.buzz
Details	Domain	2	mptcdn.com
Details	Domain	2	bayantele.xyz
Details	Domain	2	mydigi.site
Details	Domain	4	dnslookup.services
Details	Domain	6	livehost.live
Details	Domain	2	whkedu.dnslookup.services
Details	Domain	2	wcuhk.livehost.live
Details	Domain	1	b-999e-2569860fd348.md
Details	Domain	1	fwl.homes
Details	Domain	1	msew.homes
Details	Domain	2	ekaldhfl.club
Details	Domain	1174	gmail.com
Details	Domain	6	139.com
Details	Domain	272	outlook.com
Details	Domain	85	163.com
Details	Domain	265	recordedfuture.com
Details	Email	4	6060841@qq.com
Details	Email	1	tao_tingting@i-soon.net
Details	Email	3	girder1992@hotmail.com
Details	Email	2	l3n6m0@gmail.com
Details	Email	2	yetiddbb@qq.com
Details	Email	2	girvtr@gmail.com
Details	Email	2	liang007@outlook.com
Details	Email	2	gird4r@gmail.com
Details	Email	2	leungguodong@outlook.com
Details	Email	2	l3nor@hotmail.com
Details	File	58	test.exe
Details	File	1	gmail.iso
Details	sha256	1	ae9d6848f33644795a0cc3928a76ea194b99da3c10f802db22034d9f695a0c23
Details	sha256	1	4741c2884d1ca3a40dadd3f3f61cb95a59b11f99a0f980dbadc663b85eb77a2a
Details	IPv4	4	118.31.3.116
Details	IPv4	3	171.88.143.72
Details	IPv4	4	74.120.172.10
Details	IPv4	1	207.246.101.169
Details	IPv4	1	107.150.102.143
Details	IPv4	1	23.249.165.150
Details	IPv4	1	43.239.156.63
Details	IPv4	6	8.218.67.52
Details	IPv4	1	45.146.234.159
Details	IPv4	1	85.209.17.107
Details	IPv4	1	45.195.198.103
Details	IPv4	3	1.192.194.162
Details	IPv4	3	66.98.127.105
Details	IPv4	3	101.219.17.111
Details	IPv4	3	171.88.142.148
Details	IPv4	3	171.88.143.37
Details	IPv4	3	221.13.74.218
Details	Threat Actor Identifier - APT	522	APT41
Details	Threat Actor Identifier by Recorded Future	18	TAG-22
Details	Url	1	https://74.120.172.10:10092/home