ioc[.]one - OSINT Cyber Threat Intelligence Database

Insider Information: An intrusion campaign targeting Chinese language news sites - The Citizen Lab

Tags

country:	Bolivia China France Hong Kong Thailand Laos United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Audio Capture - T1429 Chat Messages - T1552.008 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Vulnerabilities - T1588.006 Whois - T1596.002 Audio Capture - T1123 New Service - T1050 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	15802c75-a34a-4214-af76-25c5a814c950
Fingerprint	7e908d9300938781
Analysis status	DONE
Considered CTI value	1
Text language
Published	July 5, 2017, midnight
Added to db	Jan. 18, 2023, 9:15 p.m.
Last updated	Nov. 13, 2024, 12:45 a.m.
Headline	Insider Information An intrusion campaign targeting Chinese language news sites
Title	Insider Information: An intrusion campaign targeting Chinese language news sites - The Citizen Lab
Detected Hints/Tags/Attributes	127/3/41

Source URLs

	Redirection	Url
Details	Source	https://citizenlab.ca/2017/07/insider-information-an-intrusion-campaign-targeting-chinese-language-news-sites/
Details	Source	https://citizenlab.org/2017/07/insider-information-an-intrusion-campaign-targeting-chinese-language-news-sites/

URL Provider

Details	Provider	Source level domain
Details	citizenlab.ca	citizenlab.ca
Details	citizenlab.org	citizenlab.org

Attributes

Details	Type	#Events	Value
Details	CVE	16	cve-2013-1347
Details	Domain	2	chinadigitaltimes.net
Details	Domain	1	chinadagitaltimes.net
Details	Domain	1	secuerserver.com
Details	Domain	1	secureserver.com
Details	Domain	1	bowenpres.com
Details	Domain	1	bowenpress.com
Details	Domain	1	bowenpress.net
Details	Domain	1	bowenpress.org
Details	Domain	1	bowenpross.com
Details	Domain	1	datalink.one
Details	Domain	1	epochatimes.com
Details	Domain	3	theepochtimes.com
Details	Domain	3	epochtimes.com
Details	Domain	1	subscribe.epochtimes.com
Details	Domain	1	get.adobe.com.bowenpress.org
Details	Domain	1	hk.secuerserver.com
Details	Domain	1	pop.secuerserver.com
Details	Domain	1	smtpout.secuerserver.com
Details	Domain	1	www.bowenpress.org
Details	Domain	1	www.mail.secuerserver.com
Details	Domain	1	www.secuerserver.com
Details	Domain	1	www.vnews.hk
Details	Domain	1	tibetonline.info
Details	Domain	1	rooter.tk
Details	Domain	1	vancouversun.us
Details	Domain	1	yomiuri.us
Details	Domain	1	voanews.hk
Details	Domain	1	nhknews.hk
Details	File	85	log.txt
Details	File	1	subscribe.ep
Details	File	1	adobeupdate20160703.exe
Details	File	1	adobeupdate20160812.exe
Details	File	1	adobeupdate20161201.exe
Details	File	1	adobeupdate20170312.exe
Details	IPv4	1	43.240.14.37
Details	IPv4	1	45.124.24.39
Details	IPv4	1	125.86.123.47
Details	IPv4	1	103.200.31.164
Details	IPv4	1	23.239.106.119
Details	IPv4	2	103.226.127.47