Pulling the PKPLUG: the Adversary Playbook for the long-standing espionage activity of a Chinese nation-state adversary
Common Information
| Type | Value |
|---|---|
| UUID | e792bd40-6134-42b2-9394-d1997989837e |
| Fingerprint | 2836448fcff13896b44a3074a784f911e67727e53dc070ed6d73b0d9a4acb2b6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 4, 2019, 10:39 a.m. |
| Added to db | April 18, 2024, 10:44 a.m. |
| Last updated | Aug. 31, 2024, 1:15 a.m. |
| Headline | Pulling the PKPLUG: the Adversary Playbook for the long-standing espionage activity of a Chinese nation-state adversary |
| Title | Pulling the PKPLUG: the Adversary Playbook for the long-standing espionage activity of a Chinese nation-state adversary |
| Detected Hints/Tags/Attributes | 210/4/154 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 247 | www.virusbulletin.com |
|
| Details | Domain | 32 | paloaltonetworks.com |
|
| Details | Domain | 5 | uyghurapps.net |
|
| Details | Domain | 188 | com.android |
|
| Details | Domain | 3 | com.ziipin.software |
|
| Details | Domain | 3 | cn.android |
|
| Details | Domain | 6 | mefound.com |
|
| Details | Domain | 4 | libloc4d.so |
|
| Details | Domain | 3 | libkernel.so |
|
| Details | Domain | 26 | com.skype |
|
| Details | Domain | 16 | com.twitter.android |
|
| Details | Domain | 10 | jp.naver.line.android |
|
| Details | Domain | 3 | lala513.gicp.net |
|
| Details | Domain | 5 | cdncool.com |
|
| Details | Domain | 5 | www3.mefound.com |
|
| Details | Domain | 4 | www5.zyns.com |
|
| Details | Domain | 4 | w3.changeip.org |
|
| Details | Domain | 5 | tcpdo.net |
|
| Details | Domain | 4 | adminsysteminfo.com |
|
| Details | Domain | 5 | md5c.net |
|
| Details | Domain | 4 | linkdatax.com |
|
| Details | Domain | 4 | csip6.biz |
|
| Details | Domain | 4 | adminloader.com |
|
| Details | Domain | 4 | logitechwkgame.com |
|
| Details | Domain | 4 | admin.nslookupdns.com |
|
| Details | Domain | 4 | jackhex.md5c.net |
|
| Details | Domain | 3 | querlyurl.com |
|
| Details | Domain | 4 | gooledriveservice.com |
|
| Details | Domain | 4 | appupdatemoremagic.com |
|
| Details | Domain | 3 | sony36.com |
|
| Details | Domain | 3 | md.son36.com |
|
| Details | Domain | 5 | outhmail.com |
|
| Details | Domain | 3 | newfacebk.com |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 4 | up.outhmail.com |
|
| Details | Domain | 3 | wd.w3.ezua.com |
|
| Details | Domain | 6 | 21cn.com |
|
| Details | Domain | 4 | smtp.21cn.com |
|
| Details | Domain | 2 | lxy.cn |
|
| Details | Domain | 85 | 163.com |
|
| Details | Domain | 4 | asean.org |
|
| Details | Domain | 2 | www.sporcle.com |
|
| Details | Domain | 83 | www.theguardian.com |
|
| Details | Domain | 3 | thegeopolitics.com |
|
| Details | Domain | 18 | www.cfr.org |
|
| Details | Domain | 22 | www.businessinsider.com |
|
| Details | Domain | 40 | edition.cnn.com |
|
| Details | Domain | 3 | www.military.com |
|
| Details | Domain | 20 | www.idc.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 17 | www.lockheedmartin.com |
|
| Details | Domain | 6 | oasis-open.github.io |
|
| Details | Domain | 21 | foreignpolicy.com |
|
| Details | Domain | 14 | com.cn |
|
| Details | Domain | 9 | www.rfa.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 105 | web.archive.org |
|
| Details | Domain | 23 | www.arbornetworks.com |
|
| Details | Domain | 7 | pan-unit42.github.io |
|
| Details | 1 | ahinchliffe@paloaltonetworks.com |
||
| Details | File | 172 | androidmanifest.xml |
|
| Details | File | 14 | a.zip |
|
| Details | File | 4 | setting.txt |
|
| Details | File | 8 | b.dat |
|
| Details | File | 5 | lib.dat |
|
| Details | File | 3 | rv.db |
|
| Details | File | 4 | jackhex.md5 |
|
| Details | File | 11 | slmgr.vbs |
|
| Details | File | 3 | bscmake.exe |
|
| Details | File | 6 | mspdb80.dll |
|
| Details | File | 8 | sys.dll |
|
| Details | File | 4 | stub.bin |
|
| Details | File | 13 | sys.dat |
|
| Details | File | 25 | main.exe |
|
| Details | File | 8 | aa.txt |
|
| Details | File | 21 | www.mil |
|
| Details | File | 3 | china-demands-us-cancel-arms-sale-taiwan.html |
|
| Details | File | 13 | cyber-kill-chain.html |
|
| Details | File | 2 | content_30041010.htm |
|
| Details | File | 2 | hackers-09062012153043.html |
|
| Details | md5 | 3 | 0914D1D428914B09A5372866B39524B9 |
|
| Details | sha1 | 1 | 271e29fe8e23901184377ab5d0d12b40d485f8c4 |
|
| Details | IPv4 | 3 | 47.90.81.23 |
|
| Details | IPv4 | 3 | 222.139.212.16 |
|
| Details | IPv4 | 4 | 59.188.196.172 |
|
| Details | IPv4 | 4 | 222.239.91.30 |
|
| Details | IPv4 | 3 | 45.32.251.7 |
|
| Details | IPv4 | 3 | 45.32.53.250 |
|
| Details | IPv4 | 3 | 45.32.44.52 |
|
| Details | IPv4 | 3 | 45.32.45.77 |
|
| Details | IPv4 | 3 | 59.188.196.162 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1249 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1264 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1265 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1295 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1307 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1312 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1345 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1474 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1476 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1406 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 16 | T1402 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1418 |
|
| Details | MITRE ATT&CK Techniques | 26 | T1065 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 14 | T1412 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1413 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1416 |
|
| Details | MITRE ATT&CK Techniques | 5 | T1421 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1422 |
|
| Details | MITRE ATT&CK Techniques | 25 | T1426 |
|
| Details | MITRE ATT&CK Techniques | 22 | T1429 |
|
| Details | MITRE ATT&CK Techniques | 21 | T1430 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1432 |
|
| Details | MITRE ATT&CK Techniques | 9 | T1433 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1319 |
|
| Details | MITRE ATT&CK Techniques | 4 | T1328 |
|
| Details | MITRE ATT&CK Techniques | 279 | T1060 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 29 | T1045 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1073 |
|
| Details | MITRE ATT&CK Techniques | 60 | T1043 |
|
| Details | Pdb | 3 | e:\workspace\a1\coding\farseer\remoteshellsremote\release\remoteshellsremote.pdb |
|
| Details | Url | 3 | http://www3.mefound.com/aa.txt |
|
| Details | Url | 2 | https://asean.org/asean/asean-member-states/. |
|
| Details | Url | 1 | https://www.sporcle.com/blog/2019/04 |
|
| Details | Url | 1 | https://www.theguardian.com/cities/ng- |
|
| Details | Url | 1 | https://thegeopolitics.com/china-and-xinjiang-the-fate- |
|
| Details | Url | 1 | https://www.cfr.org/backgrounder/chinas- |
|
| Details | Url | 1 | https://www.businessinsider.com/map-explains-china-crackdown-on-uighur- |
|
| Details | Url | 1 | https://edition.cnn.com/interactive/2018/08/asia |
|
| Details | Url | 1 | https://www.military.com/daily- |
|
| Details | Url | 4 | https://www.idc.com/getdoc. |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/. |
|
| Details | Url | 12 | https://attack.mitre.org/. |
|
| Details | Url | 1 | https://www.lockheedmartin.com/en-us/capabilities/cyber |
|
| Details | Url | 1 | https://oasis-open.github.io/cti- |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/unit42- |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/unit42-henbox-inside-coop/. |
|
| Details | Url | 1 | https://foreignpolicy.com/2014/04/21/welcome-to-the-uighur- |
|
| Details | Url | 1 | http://www.chinadaily |
|
| Details | Url | 1 | https://www.rfa.org/english/news/uyghur |
|
| Details | Url | 1 | https://securelist.com/cyber- |
|
| Details | Url | 2 | https://en.wikipedia.org/wiki/turkistan_islamic_party. |
|
| Details | Url | 4 | https://unit42.paloaltonetworks.com |
|
| Details | Url | 7 | https://web.archive.org |
|
| Details | Url | 1 | https://www.arbornetworks.com/blog/asert/recent-poison-iv/. |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/farseer-previously-unknown-malware-family-bolsters- |
|
| Details | Url | 2 | https://pan-unit42.github.io/playbook_viewer/. |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |