“苦象”组织上半年针对我国的攻击活动分析
Tags
| attack-pattern: | Data Msiexec - T1218.007 |
Common Information
| Type | Value |
|---|---|
| UUID | 17612ecc-7bb9-43e0-91d4-369a584051fe |
| Fingerprint | c3c7c83e784fc99 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 13, 2090, 5:08 a.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Oct. 15, 2024, 4:28 p.m. |
| Headline | “苦象”组织上半年针对我国的攻击活动分析 |
| Title | “苦象”组织上半年针对我国的攻击活动分析 |
| Detected Hints/Tags/Attributes | 12/1/50 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/dHiYZyJXoy2LLXtElcYeog |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 14 | www.antiy.com |
|
| Details | File | 1 | script.chm |
|
| Details | File | 1 | 会议议程.chm |
|
| Details | File | 1 | crt.php |
|
| Details | File | 1 | 攻击者疑似会针对目标选择性下发cert.msi |
|
| Details | File | 2 | cert.msi |
|
| Details | File | 1 | 负责向以下目录释放下载器模块winupd.exe |
|
| Details | File | 1 | 会议议程.zip |
|
| Details | File | 2 | winupd.exe |
|
| Details | File | 1 | mtmpenq.exe |
|
| Details | File | 1 | mtadvanced4.exe |
|
| Details | File | 3 | sysmgr.exe |
|
| Details | File | 1 | mvrs_crsh.exe |
|
| Details | File | 17 | scvhost.exe |
|
| Details | File | 2 | 45ugty845nv7rt.php |
|
| Details | File | 1 | en-gb-4-0.txt |
|
| Details | File | 1 | neat文件中的数据最终会被攻击者下发的文件窃取类插件如sysmgr.exe |
|
| Details | File | 1 | asms.exe |
|
| Details | File | 18 | microsoft.exe |
|
| Details | File | 1 | errore.log |
|
| Details | File | 1 | error1log.txt |
|
| Details | File | 1 | 而errore.log |
|
| Details | File | 1 | 创建errore.log |
|
| Details | File | 1 | 创建error1log.txt |
|
| Details | File | 1 | 的形式写入error1log.txt |
|
| Details | File | 1 | 将收集的信息写入error1log.txt |
|
| Details | File | 1 | 木马会在当前目录下创建cachex86.tmp |
|
| Details | File | 1 | cachex86.tmp |
|
| Details | File | 1 | 将标识符写入cachex86.tmp |
|
| Details | File | 1 | cachex64.tmp |
|
| Details | File | 1 | 木马会将存储文件信息的error1log.txt |
|
| Details | File | 1 | 回传error1log.txt |
|
| Details | File | 2 | sthost.exe |
|
| Details | File | 1 | 20200917.html |
|
| Details | md5 | 1 | D91B888205AC1CA80C40426B9F5A6105 |
|
| Details | md5 | 1 | 4e1cc7a2e7ba7858b2bdbcbe344410e4 |
|
| Details | md5 | 1 | d91b888205ac1ca80c40426b9f5a6105 |
|
| Details | md5 | 1 | 6452e2c243db03ecbcacd0419ff8bebf |
|
| Details | md5 | 1 | ef099d5fe4075132bf3812c9d5ffa8f9 |
|
| Details | md5 | 1 | bd054c4f43808ef37352f36129bf0c3d |
|
| Details | md5 | 2 | ade9a4ee3acbb0e6b42fb57f118dbd6b |
|
| Details | md5 | 1 | 7abcca95bc9c69d93be133f6597717c0 |
|
| Details | md5 | 1 | 578918166854037cdcf1bb3a06a7a4f3 |
|
| Details | md5 | 1 | EF099D5FE4075132BF3812C9D5FFA8F9 |
|
| Details | md5 | 1 | BD054C4F43808EF37352F36129BF0C3D |
|
| Details | md5 | 1 | 7ABCCA95BC9C69D93BE133F6597717C0 |
|
| Details | md5 | 1 | 578918166854037CDCF1BB3A06A7A4F3 |
|
| Details | md5 | 1 | B63E9710CB67F4A649A83929ED9F0322 |
|
| Details | md5 | 1 | 0159DF64E95A4BC0FC1AAFE4AA7FD3B6 |
|
| Details | Url | 1 | https://www.antiy.com/response/20200917.html |