来自Mustang Panda的攻击? 我兔又背锅了! - 嘶吼 RoarTalk – 回归最本质的信息安全,互联网安全新媒体,4hou.com
Tags
| country: | China Mongolia |
| attack-pattern: | Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 14c8ee32-a34f-4b9a-8c98-d49b26dc4c65 |
| Fingerprint | 535cdaad2ba54cc |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 5, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | 来自Mustang Panda的攻击? 我兔又背锅了! |
| Title | 来自Mustang Panda的攻击? 我兔又背锅了! - 嘶吼 RoarTalk – 回归最本质的信息安全,互联网安全新媒体,4hou.com |
| Detected Hints/Tags/Attributes | 16/2/43 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.4hou.com/posts/VoPM |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 30 | pdf.zip |
|
| Details | Domain | 1 | actvn.edu |
|
| Details | Domain | 1 | actvn.edu.vn |
|
| Details | Domain | 3 | net.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 2 | blog.viettelcybersecurity.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | lichlamviecsld.nuian.vn |
|
| Details | Domain | 2 | www.vncert.gov.vn |
|
| Details | 1 | 名称为abc的官员使用的电子邮件是vanphong@quangngai.gov.vn |
||
| Details | 1 | 地址是nttra@actvn.edu. |
||
| Details | 1 | 包含nttra@actvn.edu.vn |
||
| Details | File | 1 | 824_bhxhv0002.pdf |
|
| Details | File | 2 | 3.ps1 |
|
| Details | File | 1 | 释放的zbcga.exe |
|
| Details | File | 1 | 这个文件原始名是ehttpsrv.exe |
|
| Details | File | 1 | 它运行后会加载http_dll.dll |
|
| Details | File | 1 | 还会释放3.exe |
|
| Details | File | 6 | http_dll.dll |
|
| Details | File | 7 | http_dll.dat |
|
| Details | File | 5 | test2.exe |
|
| Details | File | 4 | mongolia.exe |
|
| Details | File | 5 | sind.exe |
|
| Details | File | 1 | 1_1341.pdf |
|
| Details | File | 2 | baiviet.php |
|
| Details | md5 | 1 | d8fa9b6e4ffd02fd3006e505f7368ea7 |
|
| Details | md5 | 1 | e343f1d68549f8558b2bb512e082ff2f |
|
| Details | md5 | 2 | 5f094cb3b92524fced2731c57d305e78 |
|
| Details | md5 | 1 | 9ff1d3af1f39a37c0dc4ceeb18cc37dc |
|
| Details | md5 | 1 | 80bcda9fde78c70566c6f693f1c7938f |
|
| Details | md5 | 1 | 5781a2b62de1f3301e38394607b03d79 |
|
| Details | IPv4 | 1 | 103.68.251.31 |
|
| Details | IPv4 | 1 | 103.68.251.102 |
|
| Details | IPv4 | 2 | 144.202.54.86 |
|
| Details | Microsoft Patch Numbers | 1 | KB00769670 |
|
| Details | Pdb | 1 | c:\users\pham kim cuong\documents\visual studio 2008\projects\test2\release\test2.pdb |
|
| Details | Url | 3 | https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda |
|
| Details | Url | 1 | https://www.virusbulletin.com/blog/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary |
|
| Details | Url | 1 | https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations |
|
| Details | Url | 1 | https://blog.viettelcybersecurity.com/mustang-panda-mot-case-do-khoc-do-cuoi |
|
| Details | Url | 1 | https://twitter.com/cyber__sloth/status/1298719815964618753?lang=en |
|
| Details | Url | 1 | http://lichlamviecsld.nuian.vn/items/files/1_1341.pdf |
|
| Details | Url | 1 | http://www.vncert.gov.vn/baiviet.php?id=127 |