Confucius组织利用ADS隐藏技术的攻击活动分析 | CTF导航
Tags
attack-pattern: Data
Show in Graph
Common Information
Type Value
UUID 18c392d9-5ba6-4cb0-b321-8d8c5cd26413
Fingerprint 3e5469d891fb8af9
Analysis status DONE
Considered CTI value -2
Text language
Published Oct. 3, 2024, midnight
Added to db Oct. 30, 2024, 1:11 p.m.
Last updated Nov. 1, 2024, 1:18 p.m.
Headline Confucius组织利用ADS隐藏技术的攻击活动分析
Title Confucius组织利用ADS隐藏技术的攻击活动分析 | CTF导航
Detected Hints/Tags/Attributes 9/1/27
Source URLs
Redirection Url
Details Source https://www.ctfiot.com/212595.html
URL Provider
Details Provider Source level domain
Details ctfiot.com www.ctfiot.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 426 CTF导航 https://www.ctfiot.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
whitemissycorp.info
Details Domain 2 
coldchikenshop29.info
Details Domain 2 
greenearthtreeh.info
Details File 2 
hajj_advisory.rar
Details File 1 
hajj_advisory.pdf
Details File 8 
mapistub.dll
Details File 12 
file.pdf
Details File 3 
blueapple.exe
Details File 1 
windowssystem32fixmapi.exe
Details File 2 
coldchikenshop29.inf
Details File 2 
greenearthtreeh.inf
Details File 3 
classlibrary1.dll
Details File 1 
是mapistub.dll
Details File 1 
并且都使用了fixmapi.exe
Details File 2 
whitemissycorp.inf
Details File 3 
vuewsxpogcjwq1.php
Details File 2 
hprodxprnvlm1.php
Details md5 1 
fbcac2eb16586813275d2e25ec57142e
Details md5 1 
fc81c75276fb21ccebb3ab6a4aac2239
Details md5 1 
0474c1ff499c5d6a25f4f1893cfbc5a5
Details md5 1 
e0802b79ad53e9b8251034255d759b90
Details Url 1 
https://coldchikenshop29.info/nrowsnck83.tut或者https://greenearthtreeh.info/ucobea.tut处远程下载并内存加载下一阶段载荷
Details Url 1 
http://whitemissycorp.info/vuewsxpogcjwq1.php
Details Url 1 
http://whitemissycorp.info/hprodxprnvlm1.php
Details Url 1 
https://coldchikenshop29.info/nrowsnck83.tut
Details Url 1 
https://greenearthtreeh.info/ucobea.tut
Details Windows Registry Key 3 
HKCUSOFTWAREMicrosoftWindows