LuoYu: 新型WinDealerを用いた 日本を狙う2021年のスパイ活動
Common Information
| Type | Value |
|---|---|
| UUID | fe942899-3cb2-48b1-946f-b3f14396e40c |
| Fingerprint | 0cd58a1402417d2aaddd3442a1320ed2d827149e26eb12059b90f73abf1c89b7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 27, 2022, 6:54 a.m. |
| Added to db | March 12, 2024, 7:56 p.m. |
| Last updated | Aug. 31, 2024, 1:50 a.m. |
| Headline | LuoYu: 新型WinDealerを用いた 日本を狙う2021年のスパイ活動 |
| Title | LuoYu: 新型WinDealerを用いた 日本を狙う2021年のスパイ活動 |
| Detected Hints/Tags/Attributes | 90/3/62 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 12 | www.360.cn |
|
| Details | Domain | 62 | icanhazip.com |
|
| Details | Domain | 46 | jsac.jpcert.or.jp |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 2 | www.shuzhiduo.com |
|
| Details | Domain | 5 | bbs.kafan.cn |
|
| Details | File | 4 | getsign.asp |
|
| Details | File | 2 | getonefile.asp |
|
| Details | File | 3 | error.exe |
|
| Details | File | 4 | error.jpg |
|
| Details | File | 4 | u.bat |
|
| Details | File | 5 | tim.exe |
|
| Details | File | 2 | qbupd.exe |
|
| Details | File | 3 | youdaodict.exe |
|
| Details | File | 89 | version.dll |
|
| Details | File | 3 | _forap_1084_9993.exe |
|
| Details | File | 1 | windealerはcmd.exe |
|
| Details | File | 4 | jsac2021_301_shui-leon_en.pdf |
|
| Details | File | 3 | windealer.html |
|
| Details | File | 2 | thread-2157062-1-1.html |
|
| Details | File | 2 | newsclientplugin.exe |
|
| Details | File | 46 | runtimebroker.exe |
|
| Details | md5 | 3 | 76ba5272a17fdab7521ea21a57d23591 |
|
| Details | md5 | 2 | 6102f77c85541d00b4c3bc95f100febc |
|
| Details | md5 | 3 | cc7207f09a6fe41c71626ad4d3f127ce |
|
| Details | IPv4 | 3 | 113.62.0.0 |
|
| Details | IPv4 | 2 | 113.63.255.255 |
|
| Details | IPv4 | 4 | 111.120.0.0 |
|
| Details | IPv4 | 2 | 111.123.255.255 |
|
| Details | IPv4 | 2 | 221.195.68.71 |
|
| Details | IPv4 | 2 | 122.112.245.55 |
|
| Details | MITRE ATT&CK Techniques | 52 | T1199 |
|
| Details | MITRE ATT&CK Techniques | 333 | T1059.003 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 160 | T1027.002 |
|
| Details | MITRE ATT&CK Techniques | 227 | T1574.002 |
|
| Details | MITRE ATT&CK Techniques | 501 | T1012 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1016 |
|
| Details | MITRE ATT&CK Techniques | 42 | T1016.001 |
|
| Details | MITRE ATT&CK Techniques | 119 | T1049 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 188 | T1120 |
|
| Details | MITRE ATT&CK Techniques | 185 | T1518 |
|
| Details | MITRE ATT&CK Techniques | 219 | T1113 |
|
| Details | MITRE ATT&CK Techniques | 27 | T1568 |
|
| Details | MITRE ATT&CK Techniques | 130 | T1573.001 |
|
| Details | MITRE ATT&CK Techniques | 74 | T1573.002 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | Pdb | 2 | fat32.pdb |
|
| Details | Url | 2 | http://www.360.cn/status/getsign.asp |
|
| Details | Url | 2 | http://www.360.cn/status/getonefile.asp |
|
| Details | Url | 3 | http://www.microsoftcom/status/getsign.asp |
|
| Details | Url | 7 | http://icanhazip.com |
|
| Details | Url | 3 | https://jsac.jpcert.or.jp/archive/2021/pdf/jsac2021_301_shui-leon_en.pdf |
|
| Details | Url | 2 | https://www.fortinet.com/blog/threat-research/chinese-targeted-trojan-analysis |
|
| Details | Url | 2 | https://blogs.jpcert.or.jp/ja/2021/10/windealer.html |
|
| Details | Url | 2 | https://www.shuzhiduo.com/a/8bz8k3pxdx |
|
| Details | Url | 2 | https://bbs.kafan.cn/thread-2157062-1-1.html |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER_Software |