“灵猫”组织针对中东地区的攻击活动分析报告
Tags
| country: | Algeria Egypt Argentina Bahrain Kuwait Jordan Iraq Israel Morocco Saudi Arabia Lebanon Libya Oman Qatar Tunisia Yemen Syria |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Python - T1059.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 135a8668-8ef6-4c10-b283-bb9b9102b9ec |
| Fingerprint | dd2bdc85d53a8292 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 18, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:45 p.m. |
| Headline | 研究报告 |
| Title | “灵猫”组织针对中东地区的攻击活动分析报告 |
| Detected Hints/Tags/Attributes | 47/3/94 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.antiy.cn/research/notice&report/research_report/20201228.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | pm.nov.23.20.mom |
|
| Details | Domain | 1 | state.nov.23.20.mom |
|
| Details | Domain | 57 | www.clearskysec.com |
|
| Details | Domain | 2 | artlifelondon.com |
|
| Details | Domain | 67 | www.dropbox.com |
|
| Details | Domain | 2 | mom.zip |
|
| Details | Domain | 194 | drive.google.com |
|
| Details | Domain | 2 | www.artlifelondon.com |
|
| Details | Domain | 1 | www.forextradingtipsblog.com |
|
| Details | Domain | 2 | forextradingtipsblog.com |
|
| Details | Domain | 3 | simp.ly |
|
| Details | Domain | 1 | app.simplenote.com |
|
| Details | Domain | 335 | www.facebook.com |
|
| Details | Domain | 2 | brooksprofessional.com |
|
| Details | Domain | 1 | lynsub.com |
|
| Details | Domain | 14 | www.antiy.com |
|
| Details | Domain | 7 | www.antiy.net |
|
| Details | Domain | 20 | www.antiy.cn |
|
| Details | Domain | 1 | www.avlsec.com |
|
| Details | File | 3 | mbs-israel.pdf |
|
| Details | File | 7 | 2021.exe |
|
| Details | File | 3 | mom.exe |
|
| Details | File | 8 | meeting.exe |
|
| Details | File | 1 | openofficeonline.exe |
|
| Details | File | 18 | microsoft.exe |
|
| Details | File | 1 | desktops.exe |
|
| Details | File | 1 | %userprofile%\info.txt |
|
| Details | File | 1 | 同时该后门木马会将info.txt |
|
| Details | File | 2 | soundplyer.exe |
|
| Details | File | 1 | 将变量onlinefilenmae赋值为soundplyer.exe |
|
| Details | File | 1 | 即下一个要下载的文件为soundplyer.exe |
|
| Details | File | 2 | kd.exe |
|
| Details | File | 1 | 将变量onlinefilenmae赋值为kd.exe |
|
| Details | File | 1 | 即下一个要下载的文件为kd.exe |
|
| Details | File | 3 | pview.exe |
|
| Details | File | 1 | 将变量onlinefilenmae赋值为pview.exe |
|
| Details | File | 1 | 即下一个要下载的文件为pview.exe |
|
| Details | File | 2 | %userprofile%\pview.exe |
|
| Details | File | 1 | 为pview.exe |
|
| Details | File | 1 | proshear.rar |
|
| Details | File | 2 | hamas_internal_elections.rar |
|
| Details | File | 2 | mom.zip |
|
| Details | File | 1 | mediasg.php |
|
| Details | File | 1 | medias2.php |
|
| Details | File | 1 | medias.php |
|
| Details | md5 | 1 | 5F70D52D2BE4D0389EEB1C7E27D5E9BD |
|
| Details | md5 | 1 | A559547C0815D1A4C025D6DE25108A70 |
|
| Details | md5 | 1 | B0779C7794A52CE0F1AAE33539DE6F01 |
|
| Details | md5 | 1 | 5FA06E949FBF66F7E93B1E5F6268C0E5 |
|
| Details | md5 | 1 | 79C25E297870CE68907F2C25564A161F |
|
| Details | md5 | 1 | 1B1EC8AE327A5543423978E7E58FC44C |
|
| Details | md5 | 1 | 3893C6D9AC3BA63C051394FA7F58F24F |
|
| Details | md5 | 1 | 3158E619788D56669175490817863FB1 |
|
| Details | md5 | 1 | AE3D8576594867CFD55BAC9FE12D6A54 |
|
| Details | md5 | 1 | 7E7EAA8AEBC4026BE3B56B965B0D8947 |
|
| Details | md5 | 1 | 48B9A42191DFF6371AEB3D7DCB3A8480 |
|
| Details | md5 | 1 | 4c61985a5c8c11eb516e592397343f27 |
|
| Details | md5 | 1 | 48b9a42191dff6371aeb3d7dcb3a8480 |
|
| Details | md5 | 1 | f88cf309b2b90198ada36e0686ee7305 |
|
| Details | md5 | 1 | b0f7e462dde681004f5b2b1eca1f38e0 |
|
| Details | md5 | 1 | 1b1ec8ae327a5543423978e7e58fc44c |
|
| Details | md5 | 1 | 5f70d52d2be4d0389eeb1c7e27d5e9bd |
|
| Details | md5 | 1 | 79c25e297870ce68907f2c25564a161f |
|
| Details | md5 | 1 | a559547c0815d1a4c025d6de25108a70 |
|
| Details | md5 | 1 | b0779c7794a52ce0f1aae33539de6f01 |
|
| Details | md5 | 1 | 5fa06e949fbf66f7e93b1e5f6268c0e5 |
|
| Details | md5 | 1 | 42eff3bb0b277214b8faadf1c85e822d |
|
| Details | md5 | 1 | 3158e619788d56669175490817863fb1 |
|
| Details | md5 | 1 | eea1c70128060e6246bc959a873be7da |
|
| Details | md5 | 1 | 60e9b1c155263385f51b80345c292269 |
|
| Details | md5 | 1 | ae3d8576594867cfd55bac9fe12d6a54 |
|
| Details | md5 | 1 | bb44c8b85109d65e7f2a630f5f4c6fe7 |
|
| Details | md5 | 1 | 8f201c59e28bb3fb6c09f5c424972988 |
|
| Details | md5 | 1 | 2ca3f1b013c26f9147547c6d67d02a8c |
|
| Details | md5 | 1 | af44e1c376503429bef73e668e56ab7a |
|
| Details | IPv4 | 1 | 168.119.82.89 |
|
| Details | IPv6 | 2 | e::30 |
|
| Details | Url | 1 | https://www.clearskysec.com/dustysky |
|
| Details | Url | 2 | http://artlifelondon.com/hamas_internal_elections.rar |
|
| Details | Url | 1 | https://www.dropbox.com/s/r81t6y7yr8w2ymc/mom.zip?dl=1 |
|
| Details | Url | 1 | https://drive.google.com/uc?export=download&id=1nnmlupwkxk4_wajwrqxqbafdkcpdxyeh |
|
| Details | Url | 1 | https://forextradingtipsblog.com/beta/mediasg.php?namepc= |
|
| Details | Url | 1 | https://artlifelondon.com/beta/medias2.php?namepc= |
|
| Details | Url | 1 | https://artlifelondon.com/beta/medias.php |
|
| Details | Url | 1 | http://simp.ly/p/04t5bp |
|
| Details | Url | 1 | http://simp.ly/p/vyxxky |
|
| Details | Url | 1 | https://app.simplenote.com/p/vyxxky |
|
| Details | Url | 1 | https://app.simplenote.com/p/04t5bp |
|
| Details | Url | 1 | https://www.facebook.com/yora.stev.5/posts/109333500993022 |
|
| Details | Url | 1 | https://www.facebook.com/yora.stev.5/posts/109332877659751 |
|
| Details | Url | 1 | http://www.antiy.com |
|
| Details | Url | 1 | http://www.antiy.net |
|
| Details | Url | 1 | http://www.antiy.cn |
|
| Details | Url | 1 | http://www.avlsec.com |