When you gaze into the Bottle,…
Image Description
Common Information
Type Value
UUID 95582fa2-7078-4b3e-8eab-24f7071db523
Fingerprint f611288a64a8cc8c8947a648ebcbf84a8621814078b455950c62accfff8b2bab
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 26, 2021, 4:29 p.m.
Added to db March 12, 2024, 7:43 p.m.
Last updated Aug. 31, 2024, 5:06 a.m.
Headline When you gaze into the Bottle,…
Title When you gaze into the Bottle,…
Detected Hints/Tags/Attributes 31/1/96
Attributes
Details Type #Events CTI Value
Details CVE 106
cve-2018-8174
Details CVE 59
cve-2018-15982
Details CVE 43
cve-2020-0674
Details Domain 4127
github.com
Details Domain 4
ftp.cadwork.ch
Details Domain 1
freddy-ru.starlink.ru
Details Domain 7
archive.torproject.org
Details Domain 3
app.update.auto
Details Domain 1
www.bank-japanpostpo.jp
Details Domain 1
www.bank-japanpost.com
Details Domain 1
www.jp-bamk.jp
Details Domain 1
www.jp-bank.japanp0st.jp
Details Domain 1
www.jp-bank.japampost.jp
Details Domain 3
tike.hatenablog.com
Details Domain 2
cionx.inteleksys.com
Details Domain 1
vtfound.tk
Details Domain 4
inteleksys.com
Details Domain 1
conforyou.ml
Details Domain 1
cyoumer.tk
Details Domain 1
cdnsok.tk
Details Domain 1
dnstod.tk
Details Domain 1
tokmix.tk
Details Domain 1
sortsoft.tk
Details Domain 1
softbring.tk
Details Domain 1
cksoft.tk
Details Domain 1
ddx2.dh57x.com
Details Domain 1
chrome5302785133.zip
Details Domain 1
e7biunhxnia2336s.onion
Details Domain 1
skmeym7dr5mq2b41.onion
Details Domain 1373
twitter.com
Details File 1
pageがmain.js
Details File 74
main.js
Details File 1
攻撃対象であると判断した場合はconn.php
Details File 4
conn.php
Details File 4
vbs.vbs
Details File 1
かswf.swf
Details File 2
swf.swf
Details File 1
shellcodeがconn.php
Details File 1
レスポンスを%temp%配下にsvchost.exe
Details File 2
r.js
Details File 1
あるいはjquery.js
Details File 1
shellcodeがpd.bin
Details File 1
あるいはp.jpg
Details File 1
%temp%配下にsvchost.exe
Details File 1
あるいはa.dll
Details File 88
1.txt
Details File 1
pd.bin
Details File 1
とsvchost.exe
Details File 1122
svchost.exe
Details File 12
unzip.exe
Details File 10
8.zip
Details File 33
tor.exe
Details File 62
taskhost.exe
Details File 7
vmmouse.sys
Details File 2
vmusbmouse.sys
Details File 2
vmrawdsk.sys
Details File 5
vboxmouse.sys
Details File 6
vboxguest.sys
Details File 3
vboxsf.sys
Details File 5
vboxvideo.sys
Details File 1018
rundll32.exe
Details File 1208
powershell.exe
Details File 3
i.txt
Details File 1
xo.txt
Details File 1
xn.txt
Details File 199
firefox.exe
Details File 56
iexplorer.exe
Details File 271
chrome.exe
Details File 131
spoolsv.exe
Details File 478
lsass.exe
Details File 18
a.dll
Details File 1
ディレクトリ以下のtaskhost.exe
Details File 156
1.exe
Details File 45
1.zip
Details File 1
あるいはrundll32.exe
Details File 1
chrome5302785133.zip
Details File 10
connect.php
Details Github username 2
maxpl0it
Details IPv4 5
0.3.5.8
Details IPv4 1
5.188.231.236
Details IPv4 1
111.90.151.176
Details IPv4 1
66.42.51.168
Details IPv4 8
139.99.115.204
Details IPv4 1
139.180.136.22
Details IPv4 1
156.32.15.3
Details Url 1
https://github.com/maxpl0it/cve-2020-0674-exploit
Details Url 4
ftp://ftp.cadwork.ch/dvd_v20/cadwork.dir/com/unzip.exe
Details Url 1
ftp://freddy-ru.starlink.ru/ckjlag/antivir/sdfix/apps/unzip.exe
Details Url 3
https://archive.torproject.org/tor-package-archive/torbrowser/8.0.8/tor-win32-0.3.5.8.zip
Details Url 1
https://x.x/8.p
Details Url 1
https://tike.hatenablog.com/entry/2019/12/28/234925
Details Url 1
https://archive.torproject.org/tor-package-
Details Url 1
http://ddx2.dh57x.com/test/chrome5302785133.zip
Details Url 1
http://e7biunhxnia2336s.onion/conn.php
Details Url 1
http://skmeym7dr5mq2b41.onion/connect.php
Details Url 1
https://twitter.com/globalntt_jp