ioc[.]one - OSINT Cyber Threat Intelligence Database

南亚地区 APT 组织 2019 年度攻击活动总结

Show in Graph

Common Information

Type	Value
UUID	9003d889-8201-44c1-8084-f21837c2ef57
Fingerprint	ded180d2e3144ab28f794806e4d4244ef73b1be97d403b6cab9e793e70d82e94
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 17, 2019, 6:53 a.m.
Added to db	March 9, 2024, 11:40 p.m.
Last updated	Aug. 30, 2024, 10:23 p.m.
Headline	南亚地区 APT 组织 2019 年度攻击活动总结
Title	南亚地区 APT 组织 2019 年度攻击活动总结
Detected Hints/Tags/Attributes	48/3/85

Source URLs

	Redirection	Url
Details	Source	http://pub1-bjyt.s3.360.cn/bcms/%E5%8D%97%E4%BA%9A%E5%9C%B0%E5%8C%BAAPT%E7%BB%84%E7%BB%872019%E5%B9%B4%E5%BA%A6%E6%94%BB%E5%87%BB%E6%B4%BB%E5%8A%A8%E6%80%BB%E7%BB%93.pdf

URL Provider

Details	Provider	Source level domain
Details	360.cn	pub1-bjyt.s3.360.cn

Attributes

Details	Type	#Events	Value
Details	CVE	375	cve-2017-11882
Details	CVE	58	cve-2018-0798
Details	CVE	9	cve-2017-12824
Details	Domain	7	it.rising.com.cn
Details	Domain	41	www.freebuf.com
Details	Domain	20	blogs.360.cn
Details	Domain	707	google.com
Details	Domain	16	www.anquanke.com
Details	File	1	更新预设零件库存信息系统.exe
Details	File	1	答记者问.doc
Details	File	1	审议批准.exe
Details	File	1	360_kb6784677.exe
Details	File	2	19639.html
Details	File	5	java-rmi.exe
Details	File	19	jli.dll
Details	File	1	程序会将msbuild.exe
Details	File	1	重命名为msbuild2.exe
Details	File	149	msbuild.exe
Details	File	1	msbuild2.exe
Details	File	1	随后启动java-rmi.exe
Details	File	1	其中java-rmi.exe
Details	File	1	会默认调用jli.dll
Details	File	1	路径指向木马文件msbuild2.exe
Details	File	1	157694.html
Details	File	1	上传键盘记录文件tpx498.dat
Details	File	1	上传屏幕截图文件tpx499.dat
Details	File	1	字节到文件adbfle.tmp
Details	File	1	上传搜集的特定后缀文件列表文件edg499.dat
Details	File	1	c:\intel\logs\audiodq.exe
Details	File	351	recycle.bin
Details	File	1	c:\windows\debug\wia\winlog0a.txt
Details	File	3	analysis_of_apt_c_08.html
Details	File	1	g:\sefam.exe
Details	File	2	e:\documents.exe
Details	File	1	h:\reply for swol notice.exe
Details	File	1	h:\windows 10.exe
Details	File	1	h:\windows 7.exe
Details	File	2	processmanager.dll
Details	File	3	boothelp.exe
Details	File	1	networkconnect.dll
Details	File	3	abode.exe
Details	File	1	vgagraphics.dll
Details	File	3	dspcheck.exe
Details	File	1	folderoptions.dll
Details	File	3	vstservice.exe
Details	File	13	config.bin
Details	File	1	集.pdf
Details	File	1	runtimebrowser.dll
Details	File	1	kbdriver.dll
Details	File	1	audiosync.exe
Details	File	1	cellrec.dll
Details	File	1	lava.bat
Details	File	10	storage.dll
Details	File	33	duser.dll
Details	File	21	write.exe
Details	File	7	%windir%\system32\mshta.exe
Details	File	1	目录下拷贝write.exe
Details	File	1	c:\programdata\authyfiles\write.exe
Details	File	17	propsys.dll
Details	File	1	后缀名为.tmp
Details	File	1	的write.exe
Details	File	1	会调用同目录下的propsys.dll
Details	File	1	反射加载同目录下的.tmp
Details	File	19	credwiz.exe
Details	File	8	cmdl32.exe
Details	File	5	cmpbk32.dll
Details	File	13	rekeywiz.exe
Details	File	1	%appdata%\templets\路径下创建文件imhosts.ini
Details	File	1	indertysduy.php
Details	File	1	juscheck.doc
Details	File	1	%userprofile%\microsoft32\support 下创建文件ugefy.dat
Details	IPv4	4	185.29.11.59
Details	IPv4	2	164.132.75.22
Details	IPv4	2	193.22.98.17
Details	IPv4	2	91.92.136.239
Details	IPv4	2	185.116.210.8
Details	IPv4	2	185.161.210.8
Details	IPv4	2	139.28.38.236
Details	IPv4	2	139.28.38.231
Details	Threat Actor Identifier - APT-C	22	APT-C-08
Details	Url	2	http://it.rising.com.cn/dongtai/19639.html
Details	Url	1	https://www.freebuf.com/vuls/157694.html
Details	Url	2	http://blogs.360.cn/post/analysis_of_apt_c_08.html
Details	Url	1	https://msftupdate.**.com/cdne/plds/zoxr4yr5kv.hta
Details	Url	1	https://www.anquanke.com/post/id/185147