Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals
Tags
| cmtmf-attack-pattern: | Code Injection Masquerading |
| country: | China Germany Singapore United States Of America |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Code Injection - T1540 Credentials - T1589.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Masquerading - T1036 Masquerading |
Common Information
| Type | Value |
|---|---|
| UUID | 0cd17121-430e-4362-b40f-a2c654c69431 |
| Fingerprint | b550981104f9c709 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 12, 2024, midnight |
| Added to db | Dec. 12, 2024, 3:37 p.m. |
| Last updated | Dec. 17, 2024, 8:41 a.m. |
| Headline | Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals |
| Title | Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals |
| Detected Hints/Tags/Attributes | 94/4/38 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 420 | ✔ | 奇安信 X 实验室 | https://blog.xlab.qianxin.com/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | thinkphp1.com |
|
| Details | Domain | 4 | cc.thinkphp1.com |
|
| Details | Domain | 4 | v6.thinkphp1.com |
|
| Details | Domain | 4 | v20.thinkphp1.com |
|
| Details | Domain | 12 | init.py |
|
| Details | Domain | 1 | public.py |
|
| Details | Domain | 1 | userlogin.py |
|
| Details | Domain | 3 | jklwang.com |
|
| Details | File | 3 | init_task.txt |
|
| Details | File | 15 | app.php |
|
| Details | File | 3 | cc_20241026_175636.tar |
|
| Details | File | 2 | init_task.gz |
|
| Details | File | 2 | modify_php_v11.gz |
|
| Details | File | 13 | init.py |
|
| Details | File | 2 | public.py |
|
| Details | File | 2 | userlogin.py |
|
| Details | File | 4 | request.php |
|
| Details | md5 | 4 | ac290ca4b5d9bab434594b08e0883fc5 |
|
| Details | md5 | 3 | 3f8273575d4c75053110a3d237fda32c |
|
| Details | md5 | 3 | c1f6b7282408d4dfdc46e22bbdb3050f |
|
| Details | md5 | 3 | 96fef42b234920f3eacfe718728b08a1 |
|
| Details | md5 | 3 | ad150541a0a3e83b42da4752eb7e269b |
|
| Details | md5 | 3 | ad0d88982c7b297bb91bb9b4759ce0ab |
|
| Details | md5 | 4 | 69ed3ec3262a0d9cc4fd60cebfef2a17 |
|
| Details | md5 | 4 | 17dfbdae01ce4f0615e9a6f4a12036c4 |
|
| Details | md5 | 4 | 8fe73efbf5fd0207f9f4357adf081e35 |
|
| Details | md5 | 4 | 8e734319f78c1fb5308b1e270c865df4 |
|
| Details | md5 | 4 | 31c1c0ea4f9b85a7cddc992613f42a43 |
|
| Details | md5 | 4 | 722a9acd6d101faf3e7168bec35b08f8 |
|
| Details | md5 | 4 | f8ca32cb0336aaa1b30b8637acd8328d |
|
| Details | md5 | 4 | 00c5488873e4b3e72d1ccc3da1d1f7e4 |
|
| Details | md5 | 4 | 4914b8e63f431fc65664c2a7beb7ecd5 |
|
| Details | md5 | 4 | 6b5a58d7b82a57cddcd4e43630bb6542 |
|
| Details | md5 | 4 | ba95fce092d48ba8c3ee8456ee4570e4 |
|
| Details | IPv4 | 6 | 172.247.127.210 |
|
| Details | IPv4 | 5 | 156.251.163.120 |
|
| Details | Url | 2 | http://v20.thinkphp1.com/v20/fetch |
|
| Details | Url | 4 | http://v6.thinkphp1.com/client/bt |