ioc[.]one - OSINT Cyber Threat Intelligence Database

黑白通吃：Glutton木马潜伏主流PHP框架，隐秘侵袭长达1年

Tags

country:	China Singapore United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	0697bf3c-f616-40ed-b2c3-96dbbadf539c
Fingerprint	5b78994844a0701b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 10, 2024, midnight
Added to db	Dec. 10, 2024, 4:34 a.m.
Last updated	Dec. 17, 2024, 8:41 a.m.
Headline	黑白通吃：Glutton木马潜伏主流PHP框架，隐秘侵袭长达1年
Title	黑白通吃：Glutton木马潜伏主流PHP框架，隐秘侵袭长达1年
Detected Hints/Tags/Attributes	28/3/40

Source URLs

	Redirection	Url
Details	Source	https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks/

URL Provider

Details	Provider	Source level domain
Details	qianxin.com	blog.xlab.qianxin.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	420	✔	奇安信 X 实验室	https://blog.xlab.qianxin.com/rss/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	cc.thinkphp1.com
Details	Domain	4	v6.thinkphp1.com
Details	Domain	4	v20.thinkphp1.com
Details	Domain	4	thinkphp1.com
Details	Domain	3	jklwang.com
Details	File	2	0检测的恶意php文件init_task.txt
Details	File	3	init_task.txt
Details	File	2	恶意代码l0ader_shell位于thinkphp框架中的app.php
Details	File	3	cc_20241026_175636.tar
Details	File	2	init_task.gz
Details	File	2	modify_php_v11.gz
Details	File	1	do_modify对宝塔框架中的init.py
Details	File	2	public.py
Details	File	1	ssh_terminal.py
Details	File	6	files.py
Details	File	23	config.py
Details	File	1	panelssl.py
Details	File	2	userlogin.py
Details	File	1	glutton通过do_tp5_request函数清理旧版本对request.php
Details	md5	4	ac290ca4b5d9bab434594b08e0883fc5
Details	md5	3	3f8273575d4c75053110a3d237fda32c
Details	md5	3	c1f6b7282408d4dfdc46e22bbdb3050f
Details	md5	3	96fef42b234920f3eacfe718728b08a1
Details	md5	3	ad150541a0a3e83b42da4752eb7e269b
Details	md5	3	ad0d88982c7b297bb91bb9b4759ce0ab
Details	md5	4	17dfbdae01ce4f0615e9a6f4a12036c4
Details	md5	4	8fe73efbf5fd0207f9f4357adf081e35
Details	md5	4	8e734319f78c1fb5308b1e270c865df4
Details	md5	4	31c1c0ea4f9b85a7cddc992613f42a43
Details	md5	4	722a9acd6d101faf3e7168bec35b08f8
Details	md5	4	69ed3ec3262a0d9cc4fd60cebfef2a17
Details	md5	4	f8ca32cb0336aaa1b30b8637acd8328d
Details	md5	4	00c5488873e4b3e72d1ccc3da1d1f7e4
Details	md5	4	4914b8e63f431fc65664c2a7beb7ecd5
Details	md5	4	6b5a58d7b82a57cddcd4e43630bb6542
Details	md5	4	ba95fce092d48ba8c3ee8456ee4570e4
Details	IPv4	6	172.247.127.210
Details	IPv4	5	156.251.163.120
Details	Url	2	http://v20.thinkphp1.com/v20/fetch
Details	Url	4	http://v6.thinkphp1.com/client/bt