脚本系贼寇之风兴起,买卖体系堪比勒索软件
Tags
| country: | Azerbaijan |
Common Information
| Type | Value |
|---|---|
| UUID | 147dcc4a-8ff8-4f68-8583-d00047b82139 |
| Fingerprint | 660a40f94154c682 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 13, 2018, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 1:57 a.m. |
| Headline | 脚本系贼寇之风兴起,买卖体系堪比勒索软件 |
| Title | 脚本系贼寇之风兴起,买卖体系堪比勒索软件 |
| Detected Hints/Tags/Attributes | 7/1/41 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/REXBtbnI2zXj4H3u6ofMMw |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 14 | documents.zip |
|
| Details | Domain | 3 | www.digitalpoint.com |
|
| Details | Domain | 110 | www.reddit.com |
|
| Details | Domain | 194 | drive.google.com |
|
| Details | Domain | 1 | yussuf.zip |
|
| Details | Domain | 2 | dellgenius.hopto.org |
|
| Details | File | 12 | documents.zip |
|
| Details | File | 2 | reportapi.js |
|
| Details | File | 1 | 之后向远程服务器register.php |
|
| Details | File | 1 | runss函数会执行工作目录下的python.exe |
|
| Details | File | 1 | 向view.php |
|
| Details | File | 1 | 分别访问send.php |
|
| Details | File | 1 | 和upload.php |
|
| Details | File | 1 | 上传filetoupload.txt |
|
| Details | File | 1 | 和878478ddd3.tmp |
|
| Details | File | 1 | takecookies函数会执行特定目录下的ccv.exe |
|
| Details | File | 1 | 收集完成后向cookies.php |
|
| Details | File | 1 | yussuf.zip |
|
| Details | File | 2 | ccv.exe |
|
| Details | File | 15 | x.js |
|
| Details | File | 1 | ccv_old.exe |
|
| Details | File | 7 | ncat.exe |
|
| Details | File | 1 | rat进行分析时曾经提到过ccv.exe |
|
| Details | File | 1 | 这个目录下下载的ccv.exe |
|
| Details | File | 1 | 且该目录下的x.js |
|
| Details | File | 1 | azerbaijan_special.doc |
|
| Details | File | 1 | mofa.docx |
|
| Details | md5 | 1 | 3fab9cd9a1da290bdf99256c1f51a4e9 |
|
| Details | md5 | 1 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
|
| Details | md5 | 1 | fc0f2042e63aebd9b3aeb639501dd827 |
|
| Details | md5 | 1 | 2f62db1a1f616deabcbe1dda5b17a00b |
|
| Details | md5 | 1 | b6e0db27c2b3e62db616b0918a5d8ed8 |
|
| Details | md5 | 1 | fcce335ad11f4e568e6fe23ae766b187 |
|
| Details | md5 | 1 | d76f443222551edfe07b357c3bb157da |
|
| Details | md5 | 1 | b034972a9540b3b00161310f5bf03fc9 |
|
| Details | md5 | 1 | ba1618a981f755eb752aa5dc90bd70a4 |
|
| Details | md5 | 1 | 3aadbf7e527fc1a050e1c97fea1cba4d |
|
| Details | md5 | 1 | 7c487d8462567a826da95c799591f5fb |
|
| Details | IPv4 | 2 | 139.28.37.63 |
|
| Details | IPv4 | 3 | 185.61.137.141 |
|
| Details | IPv4 | 3 | 185.62.190.89 |