UNKNOWN
Common Information
| Type | Value |
|---|---|
| UUID | 7eacea31-975a-44b2-8ac8-d4e889e9e514 |
| Fingerprint | dc0bdfdfdabeb84f55c45ccfafcee6eeff9c3b4ba2402144f0cbcd91b43cb74b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 8, 2019, 3:42 p.m. |
| Added to db | April 5, 2024, 3:47 p.m. |
| Last updated | Aug. 31, 2024, 6:16 a.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 40/2/252 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 31 | cve-2018-20250 |
|
| Details | Domain | 2 | www.tandan.com.vn |
|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | Domain | 3 | 2018.zip |
|
| Details | Domain | 2 | open.betaoffice.net |
|
| Details | Domain | 2 | office.allsafebrowsing.com |
|
| Details | Domain | 359 | com.apple |
|
| Details | Domain | 2 | rio.imbandaad.com |
|
| Details | Domain | 2 | images.ucange.com |
|
| Details | Domain | 2 | preload.ointalt.com |
|
| Details | Domain | 2 | maintenance.allidayser.com |
|
| Details | Domain | 2 | report.cottallid.com |
|
| Details | Domain | 2 | web.dalalepredaa.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 5 | syn.servebbs.com |
|
| Details | Domain | 4 | word.webhop.info |
|
| Details | Domain | 3 | beta.officopedia.com |
|
| Details | Domain | 3 | outlook.updateoffices.net |
|
| Details | Domain | 3 | outlook.betamedias.com |
|
| Details | Domain | 2 | outlook.officebetas.com |
|
| Details | Domain | 3 | cortanazone.com |
|
| Details | Domain | 4 | cortanasyn.com |
|
| Details | Domain | 3 | api.blogdns.com |
|
| Details | Domain | 3 | dominikmagoffin.com |
|
| Details | Domain | 2 | blog.artinhauvin.com |
|
| Details | Domain | 3 | worker.baraeme.com |
|
| Details | Domain | 2 | kingsoftcdn.com |
|
| Details | Domain | 2 | style.fontstaticloader.com |
|
| Details | Domain | 3 | plan.evillese.com |
|
| Details | Domain | 2 | bluesky2018man.com |
|
| Details | Domain | 3 | enum.arkoorr.com |
|
| Details | Domain | 3 | background.ristians.com |
|
| Details | Domain | 2 | pong.dynathome.net |
|
| Details | Domain | 2 | zone.servehttp.com |
|
| Details | Domain | 2 | cdn.eworldship-news.com |
|
| Details | Domain | 2 | online.stienollmache.xyz |
|
| Details | Domain | 2 | image.fontstaticloader.com |
|
| Details | Domain | 2 | mappingpotentials.com |
|
| Details | Domain | 2 | vnbizcom.com |
|
| Details | Domain | 2 | cdn3.onlinesurveygorilla.com |
|
| Details | Domain | 2 | eworldship-news.com |
|
| Details | Domain | 2 | enormousamuses.com |
|
| Details | Domain | 2 | 163mailservice.com |
|
| Details | Domain | 2 | stackbio.com |
|
| Details | Domain | 2 | mailserviceactivation.com |
|
| Details | Domain | 2 | p12.alerentice.com |
|
| Details | Domain | 1 | download-attachments.s3.amazonaws.com |
|
| Details | Domain | 4 | ristineho.com |
|
| Details | Domain | 434 | medium.com |
|
| Details | File | 2 | sungroup.rar |
|
| Details | File | 1 | 的winword.exe |
|
| Details | File | 1 | chinh.exe |
|
| Details | File | 1 | 相关样本的压缩包名为cplh-nhnn-01-2019.rar |
|
| Details | File | 1 | 越南国家银行-01-2019.rar |
|
| Details | File | 1 | 而压缩包中的winword.exe |
|
| Details | File | 1 | chiphilienhoannhnn-bc2019.exe |
|
| Details | File | 3 | 2019.exe |
|
| Details | File | 1 | kaspersky.rar |
|
| Details | File | 2 | kaspersky.doc |
|
| Details | File | 2 | cv-nguyenquynhchi.docx |
|
| Details | File | 1 | cv-anthonywei-customerservice.docx |
|
| Details | File | 2 | cv-103237-ewqdsd.doc |
|
| Details | File | 82 | default.aspx |
|
| Details | File | 2 | tut_photoshop_scan_bank_id.rar |
|
| Details | File | 1 | 其名称为coccocupated.exe |
|
| Details | File | 1 | 释放的为coccocupdated.exe |
|
| Details | File | 2 | uyfc.doc |
|
| Details | File | 3 | 2018.zip |
|
| Details | File | 8 | meeting.doc |
|
| Details | File | 2 | retreat.doc |
|
| Details | File | 1 | 东盟高级官员筹备会议的议程.doc |
|
| Details | File | 2 | msohtml.log |
|
| Details | File | 1 | 并把wscript.exe |
|
| Details | File | 2 | msohtml.exe |
|
| Details | File | 1 | 通过复制的msohtml.exe |
|
| Details | File | 1 | 就是wcript.exe |
|
| Details | File | 1 | 执行msohtml.log |
|
| Details | File | 2 | cvfemale.png |
|
| Details | File | 2 | xxx.png |
|
| Details | File | 2 | fdsw.png |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 3 | main_background.png |
|
| Details | File | 1 | %systemroot%\system32\playsndsrv.dll |
|
| Details | File | 1 | 去执行mcods.exe |
|
| Details | File | 1 | 而mcods.exe |
|
| Details | File | 1 | 文件名是msvchr.exe |
|
| Details | File | 1 | 下载的压缩包cplh-nhnn-01-2019.rar |
|
| Details | File | 1 | 发现该压缩包把winword.exe |
|
| Details | File | 1 | 白文件和wwlib.dll |
|
| Details | File | 1 | 他们使用winword.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 1 | 会默认加载同目录下的wwlib.dll |
|
| Details | File | 1 | 之所以使用winword.exe |
|
| Details | File | 1 | 因为winword.exe |
|
| Details | File | 33 | wwlib.dll |
|
| Details | File | 1 | 所以他们只需要把winword.exe |
|
| Details | File | 17 | agent.pl |
|
| Details | File | 2 | eicu1gd6qme.js |
|
| Details | File | 130 | info.pl |
|
| Details | File | 1 | 对应的文件为coccocupdate.exe |
|
| Details | File | 1 | 这个coccocupdate.exe |
|
| Details | File | 1 | 获取执行起来的coccocupdate.exe |
|
| Details | File | 1 | 指向rstrui.exe |
|
| Details | File | 1 | 该rstrui.exe |
|
| Details | File | 2 | dllhijack.dll |
|
| Details | File | 1 | 因为info.pl |
|
| Details | File | 10 | test.doc |
|
| Details | File | 1 | scan_mau_ao_thun.doc |
|
| Details | File | 6 | doc.doc |
|
| Details | File | 1 | lý_anh_trung_cv.doc |
|
| Details | File | 17 | cv.doc |
|
| Details | File | 1 | cv-ducnguyenminh.doc |
|
| Details | File | 1 | duc.docx |
|
| Details | File | 2 | pham.doc |
|
| Details | File | 1 | ty.docx |
|
| Details | File | 1 | minh.docx |
|
| Details | File | 1 | ds-card-chienthang-travinh.docx |
|
| Details | File | 1 | hopdong-xxx-tp-092018.docx |
|
| Details | File | 1 | bblv_asc_dg_092018.docx |
|
| Details | File | 1 | indo.docx |
|
| Details | File | 3 | 9.doc |
|
| Details | File | 2 | 2019.rar |
|
| Details | File | 5 | webhop.inf |
|
| Details | File | 3 | a:\code\macro_nb2\request\postdata32.exe |
|
| Details | File | 2 | blak32.gif |
|
| Details | File | 3 | kuss32.gif |
|
| Details | File | 2 | a:\code\nb2vbs\request\postdata32.exe |
|
| Details | File | 2 | threex32.png |
|
| Details | File | 2 | kirr32.png |
|
| Details | File | 2 | c:\users\win7utl64\desktop\macro_nb2_new\request\postdata32.exe |
|
| Details | File | 2 | fdsw32.png |
|
| Details | File | 2 | securityandmaintenance_error.bin |
|
| Details | File | 2 | d:\work\malware\vinacap\securityandmaintenance_error.png |
|
| Details | File | 2 | d:\work\forensics\vinacap\dfir\nhule\files\securityandmaintenance_error.png |
|
| Details | md5 | 2 | 56b5a96b8582b32ad50d6b6d9e980ce7 |
|
| Details | md5 | 2 | 3fd2a37c3b8d9eb587c71ceb8e3bb085 |
|
| Details | md5 | 2 | 4c30e792218d5526f6499d235448bdd9 |
|
| Details | md5 | 2 | d8a5a375da7798be781cf3ea689ae7ab |
|
| Details | md5 | 2 | d497bd06b34a046841bb63d3bf20e605 |
|
| Details | md5 | 1 | 2ea902abe453b70cf77e402cc16eb552 |
|
| Details | md5 | 2 | cc7b9ee1b026e16a9d37e3988a714479 |
|
| Details | md5 | 2 | e60c35dd36c9f525007955e6b3a88b82 |
|
| Details | md5 | 2 | ac5f18f1c20901472d4708bd06a2d191 |
|
| Details | md5 | 2 | 221e9962c9e7da3646619ccc47338ee8 |
|
| Details | md5 | 2 | 26ea45578e05040deb0cc46ea3103184 |
|
| Details | md5 | 2 | 200033d043c13b88d121f2c1d8d2dfdf |
|
| Details | md5 | 2 | 9972111cc944d20c9b315fd56eb3a177 |
|
| Details | md5 | 2 | bf040c081ad1b051fdf3e8ba458d3a9c |
|
| Details | md5 | 2 | 6c2a8612c6511df2876bdb124c33d3e1 |
|
| Details | md5 | 2 | 7dace8f91a35766e9c66dd6258552b02 |
|
| Details | md5 | 2 | c9093362a83b0e7672a161fd9ef9498a |
|
| Details | md5 | 2 | 38f9655c72474b6c97dc9db9b3609677 |
|
| Details | md5 | 2 | 4bb4d19b42e74bd11459c9358c1a6f01 |
|
| Details | md5 | 2 | f42611ac0ea2c66d9f27ae14706c1b00 |
|
| Details | md5 | 2 | c28abdfe45590af0ef5c4e7a96d4b979 |
|
| Details | md5 | 2 | cf0b74fe79156694a2e3ea81e3bb1f85 |
|
| Details | md5 | 2 | c78fd680494b505525d706c285d5ebce |
|
| Details | md5 | 2 | 77390c852addc3581d14acf06991982e |
|
| Details | md5 | 2 | 49e969a9312ee2ae639002716276073f |
|
| Details | md5 | 2 | f5ad93917cd5b119f82b52a0d62f4a93 |
|
| Details | md5 | 2 | 6291eabf6a8c58cad6a04879b7ba229f |
|
| Details | md5 | 2 | 9a10292157ac3748212fb77769873f6c |
|
| Details | md5 | 2 | a406626173132c8bd6fe52672deacbe7 |
|
| Details | md5 | 2 | 93c3d6cffdcb0a2f29844ff130a920be |
|
| Details | md5 | 2 | 6b8fc8c9fe4f4ef90b2fcbcc0d24cfc9 |
|
| Details | md5 | 2 | 1211dea7b68129d48513662e546c6e21 |
|
| Details | md5 | 2 | 2f1f8142d479a1daf3cbd404c7c22f9f |
|
| Details | md5 | 2 | 0f877ad5464fcbb12e1c019adf7065cc |
|
| Details | md5 | 2 | cab262b84dbd319f3df84f221e5c451f |
|
| Details | md5 | 2 | 07ff4f943b202f4e16c227679d9b598a |
|
| Details | md5 | 2 | 7a6ba3e26c86f3366f544f4553c9d00a |
|
| Details | md5 | 2 | 518f52aabd9a059d181bfe864097091e |
|
| Details | md5 | 2 | 70a64ae401c0a5f091b5382dea2432df |
|
| Details | md5 | 2 | d40b4277e0d417e2e0cff47458ddd62d |
|
| Details | md5 | 2 | 5f1bc795aa784f781d91acc97bec6644 |
|
| Details | md5 | 2 | 305d992821740a9cbbda9b3a2b50a67c |
|
| Details | md5 | 2 | 7df61bc3a146fcf56fe1bbd3c26ea8c0 |
|
| Details | md5 | 2 | 3c04352c5230b8cbaa12f262dc01d335 |
|
| Details | md5 | 2 | 41f717eda9bc37de6ea584597f60521f |
|
| Details | md5 | 2 | db81a7e405822be63634001ec0503620 |
|
| Details | md5 | 2 | 865a7e3cd87b5bc5feec9d61313f2944 |
|
| Details | md5 | 2 | aad445e7ffc5ce463996e5db13350c5b |
|
| Details | md5 | 2 | 9bcd0b2590c53e4c0ed5614b127c6ba7 |
|
| Details | md5 | 2 | 7338852de96796d7f733123f04dd1ae9 |
|
| Details | md5 | 2 | 906a6898d099eb50c570a4014c1760f5 |
|
| Details | md5 | 2 | a530410bca453c93b65d0de465c428e4 |
|
| Details | md5 | 2 | de409b2fe935ca61066908a92e80be29 |
|
| Details | md5 | 2 | 2756b2f6ba5bcf811c8baced5e98b79f |
|
| Details | md5 | 2 | 5c9ef8b5263651a08ea1b79057a5ee28 |
|
| Details | md5 | 2 | b858c08cf7807e462ca335233bd83fe7 |
|
| Details | md5 | 2 | c313f8a5fd8ca391fc85193bc879ab02 |
|
| Details | md5 | 2 | 473fdfefa92725099ca87e992edbc92c |
|
| Details | md5 | 2 | 02cec2f17a7910b6fa994f340bbbc297 |
|
| Details | md5 | 2 | dd5ae0c0a7e17d101f570812fec4e5e4 |
|
| Details | md5 | 2 | 90e5ff68bf06cb930ed8c040139c4650 |
|
| Details | md5 | 2 | 6db450c4c756071ecafff425d6183d7d |
|
| Details | md5 | 2 | cb39e2138af92c32e53c97c0aa590d48 |
|
| Details | md5 | 2 | 8e13895504e643cd8e0e87377b25bd6b |
|
| Details | md5 | 2 | d3c27f779d615a1d3a35dff5e9561eb0 |
|
| Details | md5 | 2 | 27425360d18feea54860420006ea9833 |
|
| Details | md5 | 2 | cf0142da12509f544a59093495c3a6dd |
|
| Details | md5 | 2 | b1df440e5dd64ffae9f7e792993f2f4c |
|
| Details | md5 | 2 | 878fa022bd5e5caf678fe8d728ce42ee |
|
| Details | md5 | 2 | f78be074f6bc67a712e751254df5f166 |
|
| Details | md5 | 2 | e2aed850c18449a43886fc79b342132f |
|
| Details | md5 | 2 | 74b456adf2ae708789fb2d34ecccb954 |
|
| Details | md5 | 2 | 72263750df84e24fe645206a51772c88 |
|
| Details | md5 | 2 | 3a574c28beca4f3c94d30e3cf3979f4c |
|
| Details | md5 | 2 | ee836e0f7a40571523bf56dba59898f6 |
|
| Details | md5 | 2 | f6068b672a19ce14981df011a55081e4 |
|
| Details | md5 | 2 | 00ac0d7337290b74bdd7f43ec4a67ddb |
|
| Details | md5 | 2 | c4d35f3263fef4a533e7403682a034c3 |
|
| Details | md5 | 2 | bcbc1bef20d2befdd290e31269e0174a |
|
| Details | md5 | 2 | dfaa343552e8d470096a0a09a018930f |
|
| Details | md5 | 1 | 9b1ce9df321ce88ade4ff3b0ada5d414 |
|
| Details | md5 | 2 | da14eece6191551a31d37d1e96681cd1 |
|
| Details | md5 | 2 | 76289f02a0b31143d87d5e35839fb24a |
|
| Details | md5 | 2 | fd128b9f0cbdc374227cf5564371aacc |
|
| Details | md5 | 2 | 4a0144c7436e3ff67cf2d935d82d1743 |
|
| Details | md5 | 2 | 2d3fb8d5b4cefc9660d98e0ad46ff91a |
|
| Details | md5 | 2 | 89e3f31c6261f4725b891c8fd29049c9 |
|
| Details | md5 | 2 | 7b0e819bd8304773c3648ab03c9f182a |
|
| Details | md5 | 2 | a76be0181705809898d5d7d9aed86ee8 |
|
| Details | md5 | 2 | 2785311085b6ca782b476d9c2530259c |
|
| Details | md5 | 2 | 60501717f81eacd54facecf3ebadc306 |
|
| Details | md5 | 2 | 3d7cd531d17799832e262eb7995abde6 |
|
| Details | md5 | 2 | c7931fa4c144c1c4dc19ad4c41c1e17f |
|
| Details | md5 | 2 | 2f9af6b9d73218c578653d6d9bd02d4d |
|
| Details | md5 | 2 | c9d29501410e19938cd8e01630dc677b |
|
| Details | sha1 | 1 | f1ebdfdfa0c6ab158bc619350c54d3e337a5d849 |
|
| Details | sha1 | 1 | 80f54c13237d538cd3d885062e11c306b01d858f |
|
| Details | sha1 | 2 | 4e620abedafb4d9866cc9d9c2d29e2d7ea18adf1 |
|
| Details | sha1 | 2 | 07e74ff2ce9688c8f79b91ab32c95d11c140d3ac |
|
| Details | IPv4 | 2 | 198.15.119.125 |
|
| Details | Threat Actor Identifier - APT-C | 44 | APT-C-00 |
|
| Details | Threat Actor Identifier - APT | 132 | APT32 |
|
| Details | Url | 2 | https://www.tandan.com.vn/portal/home/default.aspx |
|
| Details | Url | 2 | https://ti.qianxin.com/blog/articles/oceanlotus-targets-chinese-university |
|
| Details | Url | 2 | https://open.betaoffice.net/cvfemale.png |
|
| Details | Url | 1 | https://office.allsafebrowsing.com/awpt |
|
| Details | Url | 2 | http://rio.imbandaad.com/v3/yq/r/eicu1gd6qme.js |
|
| Details | Url | 2 | https://twitter.com/vupt_bka/status/1083653486963638275 |
|
| Details | Url | 1 | http://download-attachments.s3.amazonaws.com/db08b565038ac83e89e7b55201479f37ea49 |
|
| Details | Url | 2 | https://word.webhop.info/blak32.gif |
|
| Details | Url | 3 | https://syn.servebbs.com/kuss32.gif |
|
| Details | Url | 2 | https://ristineho.com/threex32.png |
|
| Details | Url | 2 | https://cortanasyn.com/kirr32.png |
|
| Details | Url | 2 | https://office.allsafebrowsing.com/fdsw32.png |
|
| Details | Url | 2 | https://twitter.com/blackorbird/status/1118399331688570880 |
|
| Details | Url | 252 | https://medium.com |
|
| Details | Url | 2 | https://twitter.com/blackorbird/status/1086186184768815104 |
|
| Details | Url | 2 | https://twitter.com/reddrip7/status/1119204830633848834 |