A vine climbing over the Great Firewall: a long‑term attack against China
Show in Graph
Image Description
Common Information
Type Value
UUID e414dada-93e5-4f06-8b84-6707f9ac5a50
Fingerprint 9f2bd04ca5e611789353e56166b267a9dc7b1cd8df14668cd3f167e9e92f834b
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 6, 2019, 11:27 a.m.
Added to db April 18, 2024, 10:50 a.m.
Last updated Aug. 31, 2024, 1:15 a.m.
Headline A vine climbing over the Great Firewall: a long‑term attack against China
Title A vine climbing over the Great Firewall: a long‑term attack against China
Detected Hints/Tags/Attributes 110/4/68
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Pan-Gu.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details CVE 39 
cve-2014-4114
Details CVE 57 
cve-2017-8759
Details CVE 31 
cve-2018-20250
Details CVE 176 
cve-2012-0158
Details CVE 18 
cve-2014-6352
Details Domain 247 
www.virusbulletin.com
Details Domain 1 
lion.gu
Details Domain 1174 
gmail.com
Details Domain 13 
qianxin.com
Details Domain 3 
updateinfo.servegame.org
Details Domain 1 
ink.com
Details Domain 4 
www.chinamil.com.cn
Details Domain 4 
soagov.sytes.net
Details Domain 4 
soagov.zapto.org
Details Domain 4 
soasoa.sytes.net
Details Domain 3 
www.soa.gov.cn
Details Domain 4 
xinhua.redirectme.net
Details Domain 17 
www.xinhuanet.com
Details Domain 3 
126mailserver.serveftp.com
Details Domain 4 
mail163.mypop3.net
Details Domain 22 
126.com
Details Domain 85 
163.com
Details Domain 4 
kav2011.mooo.com
Details Domain 4 
safe360.dns05.com
Details Domain 3 
cluster.safe360.dns05.com
Details Domain 4 
rising.linkpc.net
Details Domain 3 
javainfo.upgrinfo.com
Details Domain 58 
ti.qianxin.com
Details Domain 9 
www.isightpartners.com
Details Domain 2 
kanbox.com
Details Domain 1373 
twitter.com
Details Domain 1 
www.jianguoyun.com
Details Domain 22 
reeye.com
Details Domain 38 
blogs.cisco.com
Details Domain 20 
blogs.360.cn
Details Email 1 
lion.gu@gmail.com
Details Email 1 
panbowen@qianxin.com
Details File 8 
svch0st.exe
Details File 3 
tiny1detvghrt.tmp
Details File 2 
任书.pps
Details File 2 
书.pps
Details File 1 
指挥控制专委会评审责任书.pps
Details File 456 
mshta.exe
Details File 4 
cluster.safe
Details File 3 
rpt-poison-ivy.pdf
Details File 2 
apt_c_01_en.html
Details md5 2 
da807804fa5f53f7cbcaac82b901689c
Details md5 2 
19f967e27e21802fe92bc9705ae0a770
Details md5 1 
6f8ad451646c9eda1f75c5d31f39f668
Details MITRE ATT&CK Techniques 49 
T1193
Details MITRE ATT&CK Techniques 245 
T1203
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 12 
T1170
Details MITRE ATT&CK Techniques 80 
T1064
Details MITRE ATT&CK Techniques 149 
T1102
Details MITRE ATT&CK Techniques 28 
T1022
Details MITRE ATT&CK Techniques 534 
T1005
Details Threat Actor Identifier - APT-C 19 
APT-C-01
Details Url 3 
http://updateinfo.servegame.org/tiny1detvghrt.tmp
Details Url 2 
https://ti.qianxin.com/blog/articles
Details Url 1 
https://ti.qianxin.com/uploads/2018/09/20/6f8ad451646c9eda1f75c5d31f39f668.
Details Url 1 
http://www.isightpartners.com/2014/10/cve-2014-4114/.
Details Url 1 
https://kanbox.com/.
Details Url 1 
https://twitter.com/reddrip7/status/1118009381679878144.
Details Url 1 
https://www.jianguoyun.com/.
Details Url 17 
https://www.fi
Details Url 1 
https://blogs.cisco.com/security/talos/opening-zxshell.
Details Url 1 
http://blogs.360.cn/post/apt_c_01_en.html