UNKNOWN
Common Information
| Type | Value |
|---|---|
| UUID | e6323b94-a9bf-4691-9fd8-9fd9590ca21f |
| Fingerprint | 6f5ff89e7fdf8ebbe7c1bcf7965a57504148d0a5ece6f068520bcf32a7c2698b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 16, 2023, 8:58 p.m. |
| Added to db | March 9, 2024, 11:30 p.m. |
| Last updated | Aug. 30, 2024, 10:17 p.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 167/4/199 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | China National Vulnerability Database CNVD | 8 | CNVD-2022-03672 |
|
| Details | CVE | 7 | cve-2022-26485 |
|
| Details | CVE | 4 | cve-2022-26486 |
|
| Details | CVE | 43 | cve-2020-0674 |
|
| Details | CVE | 9 | cve-2022-39197 |
|
| Details | CVE | 6 | cve-2022-22587 |
|
| Details | CVE | 9 | cve-2022-42827 |
|
| Details | CVE | 9 | cve-2022-22675 |
|
| Details | CVE | 19 | cve-2022-32894 |
|
| Details | CVE | 13 | cve-2022-32917 |
|
| Details | CVE | 9 | cve-2022-22674 |
|
| Details | CVE | 7 | cve-2022-22620 |
|
| Details | CVE | 17 | cve-2022-32893 |
|
| Details | CVE | 25 | cve-2022-42856 |
|
| Details | CVE | 122 | cve-2022-26134 |
|
| Details | CVE | 22 | cve-2022-0609 |
|
| Details | CVE | 21 | cve-2022-1096 |
|
| Details | CVE | 13 | cve-2022-1364 |
|
| Details | CVE | 20 | cve-2022-2294 |
|
| Details | CVE | 14 | cve-2022-2856 |
|
| Details | CVE | 11 | cve-2022-3075 |
|
| Details | CVE | 30 | cve-2022-3723 |
|
| Details | CVE | 25 | cve-2022-4135 |
|
| Details | CVE | 34 | cve-2022-4262 |
|
| Details | CVE | 4 | cve-2021-22600 |
|
| Details | CVE | 6 | cve-2021-39793 |
|
| Details | CVE | 36 | cve-2022-1040 |
|
| Details | CVE | 105 | cve-2022-41040 |
|
| Details | CVE | 127 | cve-2022-41082 |
|
| Details | CVE | 29 | cve-2022-41128 |
|
| Details | CVE | 19 | cve-2022-21882 |
|
| Details | CVE | 38 | cve-2022-24521 |
|
| Details | CVE | 19 | cve-2022-26925 |
|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | CVE | 19 | cve-2022-22047 |
|
| Details | CVE | 13 | cve-2022-41033 |
|
| Details | CVE | 14 | cve-2022-41073 |
|
| Details | CVE | 10 | cve-2022-41125 |
|
| Details | CVE | 5 | cve-2022-26871 |
|
| Details | Domain | 2 | mailcantonfair.cssc.info |
|
| Details | Domain | 3 | api.onedrive.com |
|
| Details | Domain | 1 | qizzhq.dm.files.1drv.com |
|
| Details | Domain | 243 | cve.mitre.org |
|
| Details | Domain | 6 | www.pangulab.cn |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 2 | org.cn |
|
| Details | Domain | 20 | www.antiy.cn |
|
| Details | Domain | 6 | www.cverc.org.cn |
|
| Details | Domain | 16 | www.anquanke.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 55 | blog.google |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 84 | www.zscaler.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 81 | blog.malwarebytes.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 36 | www.volexity.com |
|
| Details | Domain | 112 | docs.google.com |
|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 98 | www.secureworks.com |
|
| Details | Domain | 67 | citizenlab.ca |
|
| Details | Domain | 29 | www.trellix.com |
|
| Details | Domain | 1 | opinion.huanqiu.com |
|
| Details | Domain | 12 | www.gov.cn |
|
| Details | File | 1 | 任务调用curl.exe |
|
| Details | File | 1 | 或msiexec.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | mskexec.exe |
|
| Details | File | 93 | curl.exe |
|
| Details | File | 2 | wmservice.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 1 | zdwm.exe |
|
| Details | File | 1 | msusocoreworker.exe |
|
| Details | File | 1 | sgtool.exe |
|
| Details | File | 3 | youdaodict.exe |
|
| Details | File | 4 | wpsupdate.exe |
|
| Details | File | 1 | sogouupdate.exe |
|
| Details | File | 1 | 360zipupdate.exe |
|
| Details | File | 2 | filesyncshell.dll |
|
| Details | File | 1 | windows中filesyncshell.dll |
|
| Details | File | 1 | modulemd.dll |
|
| Details | File | 1 | classic.dll |
|
| Details | File | 2 | rec2.doc |
|
| Details | File | 17 | filesyncshell64.dll |
|
| Details | File | 2 | mailcantonfair.css |
|
| Details | File | 2 | c.inf |
|
| Details | File | 4 | program.doc |
|
| Details | File | 1 | 例如kb330331.exe |
|
| Details | File | 1 | nwcworkstation.dll |
|
| Details | File | 1 | 其中解密后的nwcworkstation.dll |
|
| Details | File | 1 | 完成命名为scrnsvc.dll |
|
| Details | File | 51 | install.bat |
|
| Details | File | 2 | scrnsvc.ini |
|
| Details | File | 2 | scrnsvc.dll |
|
| Details | File | 4 | gammaload.ps1 |
|
| Details | File | 1 | news20220218-1.htm |
|
| Details | File | 1 | news20220629-foxacid.htm |
|
| Details | File | 3 | lazarus-three-rats.html |
|
| Details | File | 1 | hermit-kingdoms-ransomware-play.html |
|
| Details | File | 1 | content_5680843.htm |
|
| Details | Mandiant Uncategorized Groups | 10 | UNC961 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 207 | T1547 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 163 | T1573 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 247 | T1070 |
|
| Details | MITRE ATT&CK Techniques | 157 | T1560 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1021 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | Threat Actor Identifier - APT-C | 4 | APT-C-63 |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-40 |
|
| Details | Threat Actor Identifier - APT-C | 9 | APT-C-39 |
|
| Details | Threat Actor Identifier - APT-C | 4 | APT-C-53 |
|
| Details | Threat Actor Identifier - APT-C | 3 | APT-C-13 |
|
| Details | Threat Actor Identifier - APT-C | 4 | APT-C-25 |
|
| Details | Threat Actor Identifier - APT-C | 9 | APT-C-20 |
|
| Details | Threat Actor Identifier - APT-C | 2 | APT-C-29 |
|
| Details | Threat Actor Identifier - APT-C | 22 | APT-C-08 |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-48 |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-24 |
|
| Details | Threat Actor Identifier - APT-C | 16 | APT-C-09 |
|
| Details | Threat Actor Identifier - APT-C | 14 | APT-C-56 |
|
| Details | Threat Actor Identifier - APT-C | 102 | APT-C-35 |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-61 |
|
| Details | Threat Actor Identifier - APT-C | 44 | APT-C-00 |
|
| Details | Threat Actor Identifier - APT-C | 83 | APT-C-36 |
|
| Details | Threat Actor Identifier - APT-C | 79 | APT-C-23 |
|
| Details | Threat Actor Identifier - APT-C | 3 | APT-C-49 |
|
| Details | Threat Actor Identifier - APT-C | 19 | APT-C-01 |
|
| Details | Threat Actor Identifier - APT-C | 15 | APT-C-28 |
|
| Details | Threat Actor Identifier - APT-C | 30 | APT-C-26 |
|
| Details | Threat Actor Identifier - APT-C | 15 | APT-C-55 |
|
| Details | Threat Actor Identifier - APT-C | 24 | APT-C-06 |
|
| Details | Threat Actor Identifier - APT-C | 11 | APT-C-12 |
|
| Details | Threat Actor Identifier - APT-C | 27 | APT-C-60 |
|
| Details | Threat Actor Identifier - APT-C | 1 | APT-C-62 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |
|
| Details | Url | 106 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve |
|
| Details | Url | 1 | https://www.pangulab.cn/post/the_bvp47_a_top-tier_backdoor_of_us_ |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/qthrx6fney38sahjyvbavw |
|
| Details | Url | 1 | http://www.cverc |
|
| Details | Url | 2 | https://www.antiy.cn/research/notice |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/27svsuna3avkudaigm3jbg |
|
| Details | Url | 1 | https://www.cverc.org.cn/head/zhaiyao/news20220629-foxacid.htm |
|
| Details | Url | 2 | https://www.anquanke.com/post/id/275517 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/cfklghqlb3hyvcdzquqwjq |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/dmfylxseryuzx7bqybl9yq |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/qsgxziitsui7o-_xmihlhg |
|
| Details | Url | 1 | https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still- |
|
| Details | Url | 1 | https://blog.google/threat-analysis-group/countering-threats-northkorea |
|
| Details | Url | 3 | https://www.cisa.gov/uscert/ncas/alerts/aa22-108a |
|
| Details | Url | 1 | https://www.zscaler.com/blogs/security-research/naver-ending-game- |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/34107 |
|
| Details | Url | 1 | https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2022/09/30/amazon-themed- |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/40495 |
|
| Details | Url | 3 | https://securelist.com/dtrack-targeting-europe-latin-america/107798 |
|
| Details | Url | 1 | https://www.volexity.com/blog/2022/12/01/buyer-beware-fake- |
|
| Details | Url | 1 | https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer- |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/l1xtkveetm3y93yltjrs5a |
|
| Details | Url | 2 | https://docs.google.com/spreadsheets/d/1lknj0uqwbec1ztrrxdtuplcil |
|
| Details | Url | 1 | https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability- |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned- |
|
| Details | Url | 5 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence |
|
| Details | Url | 2 | https://www.mandiant.com/resources/mobileiron-log4shell-exploitation |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging- |
|
| Details | Url | 2 | https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html |
|
| Details | Url | 3 | https://www.cisa.gov/uscert/ncas/alerts/aa22-257a |
|
| Details | Url | 1 | https://www.secureworks.com/blog/drokbk-malware-uses-github-as- |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/yaaybjbavxqrqwydg31bbw |
|
| Details | Url | 1 | https://citizenlab.ca/2022 |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/xs54_rdku5mvkvsppcgkew |
|
| Details | Url | 1 | https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the- |
|
| Details | Url | 1 | https://www.cisa.gov/uscert/ncas/alerts/aa22-187a |
|
| Details | Url | 1 | https://securelist.com/vilerat-deathstalkers-continuous-strike/107075 |
|
| Details | Url | 1 | https://www.secureworks.com/blog/opsec-mistakes-reveal-cobalt- |
|
| Details | Url | 1 | https://research.checkpoint.com/2022/state-sponsored-attack-groups- |
|
| Details | Url | 1 | https://opinion.huanqiu.com/article/49hwiyupxix |
|
| Details | Url | 1 | http://www.gov.cn/xinwen/2022-03/23/content_5680843.htm |