ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Group-3390 Targets Organizations for Cyberespionage

Tags

country:	China Hong Kong
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Confluence - T1213.001 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Timestomp - T1070.006 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Graphical User Interface - T1061 Remote Access Tools - T1219 Scheduled Task - T1053 Timestomp - T1099 Web Shell - T1100 Graphical User Interface

Show in Graph

Common Information

Type	Value
UUID	1b72e6d4-57ac-417b-a6cb-a8e18189ab63
Fingerprint	79b155d96217ee25
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 5, 2015, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:50 p.m.
Headline	Threat Group 3390 Cyberespionage
Title	Threat Group-3390 Targets Organizations for Cyberespionage
Detected Hints/Tags/Attributes	142/3/228

Source URLs

	Redirection	Url
Details	Source	https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage

URL Provider

Details	Provider	Source level domain
Details	secureworks.com	www.secureworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	30	cve-2011-3544
Details	CVE	14	cve-2010-0738
Details	Domain	2	google.co.jp
Details	Domain	1	american.blackcmd.com
Details	Domain	1	api.apigmail.com
Details	Domain	1	apigmail.com
Details	Domain	1	backup.darkhero.org
Details	Domain	1	bel.updatawindows.com
Details	Domain	1	binary.update-onlines.org
Details	Domain	2	blackcmd.com
Details	Domain	1	castle.blackcmd.com
Details	Domain	1	ctcb.blackcmd.com
Details	Domain	2	darkhero.org
Details	Domain	1	dav.local-test.com
Details	Domain	1	test.local-test.com
Details	Domain	1	dev.local-test.com
Details	Domain	1	ocean.local-test.com
Details	Domain	1	ga.blackcmd.com
Details	Domain	1	helpdesk.blackcmd.com
Details	Domain	1	helpdesk.csc-na.com
Details	Domain	1	helpdesk.hotmail-onlines.com
Details	Domain	2	helpdesk.lnip.org
Details	Domain	2	hotmail-onlines.com
Details	Domain	1	jobs.hotmail-onlines.com
Details	Domain	1	justufogame.com
Details	Domain	2	lnip.org
Details	Domain	1	local-test.com
Details	Domain	1	login.hansoftupdate.com
Details	Domain	1	long.update-onlines.org
Details	Domain	1	longlong.update-onlines.org
Details	Domain	1	longshadow.dyndns.org
Details	Domain	1	longshadow.update-onlines.org
Details	Domain	1	longykcai.update-onlines.org
Details	Domain	1	lostself.update-onlines.org
Details	Domain	1	mac.navydocument.com
Details	Domain	1	mail.csc-na.com
Details	Domain	1	mantech.updatawindows.com
Details	Domain	1	micr0soft.org
Details	Domain	1	microsoft-outlook.org
Details	Domain	1	mtc.navydocument.com
Details	Domain	1	navydocument.com
Details	Domain	1	mtc.update-onlines.org
Details	Domain	1	news.hotmail-onlines.com
Details	Domain	1	oac.3322.org
Details	Domain	1	ocean.apigmail.com
Details	Domain	1	pchomeserver.com
Details	Domain	1	registre.organiccrap.com
Details	Domain	1	security.pomsys.org
Details	Domain	2	services.darkhero.org
Details	Domain	1	sgl.updatawindows.com
Details	Domain	1	shadow.update-onlines.org
Details	Domain	1	sonoco.blackcmd.com
Details	Domain	1	test.logmastre.com
Details	Domain	1	up.gtalklite.com
Details	Domain	1	updatawindows.com
Details	Domain	2	update-onlines.org
Details	Domain	1	update.deepsoftupdate.com
Details	Domain	2	update.hancominc.com
Details	Domain	1	update.micr0soft.org
Details	Domain	1	update.pchomeserver.com
Details	Domain	1	urs.blackcmd.com
Details	Domain	1	wang.darkhero.org
Details	Domain	1	webs.local-test.com
Details	Domain	1	word.apigmail.com
Details	Domain	1	wordpress.blackcmd.com
Details	Domain	1	working.blackcmd.com
Details	Domain	1	working.darkhero.org
Details	Domain	1	working.hotmail-onlines.com
Details	Domain	2	www.trendmicro-update.org
Details	Domain	1	www.update-onlines.org
Details	Domain	1	ykcai.update-onlines.org
Details	Domain	1	ykcailostself.dyndns-free.com
Details	Domain	1	ykcainobody.dyndns.org
Details	Domain	1	zj.blackcmd.com
Details	Domain	1	laxness-lab.com
Details	Domain	1	google-ana1ytics.com
Details	Domain	1	www.google-ana1ytics.com
Details	Domain	1	ftp.google-ana1ytics.com
Details	Domain	1	hotmailcontact.net
Details	Domain	85	163.com
Details	Domain	1	yinsibaohu.aliyun.com
Details	Email	1	yuming@yinsibaohu.aliyun.com
Details	File	85	log.txt
Details	File	4	login.cfm
Details	File	128	w3wp.exe
Details	File	30	at.exe
Details	File	1	ipcan.exe
Details	File	1	helpdesk.cs
Details	File	2	mail.cs
Details	File	5	test.log
Details	File	4	owaauth.dll
Details	File	6	c:\log.txt
Details	md5	1	1cb4b74e9d030afbb18accf6ee2bfca1
Details	md5	1	b333b5d541a0488f4e710ae97c46d9c2
Details	md5	1	86a05dcffe87caf7099dda44d9ec6b48
Details	md5	1	93e40da0bd78bebe5e1b98c6324e9b5b
Details	md5	1	f43d9c3e17e8480a36a62ef869212419
Details	md5	1	57e85fc30502a925ffed16082718ec6c
Details	md5	1	4251aaf38a485b08d5562c6066370f09
Details	md5	1	bbfd1e703f55ce779b536b5646a0cdc1
Details	md5	1	12a522cb96700c82dc964197adb57ddf
Details	md5	1	728e5700a401498d91fb83159beec834
Details	md5	1	2bec1860499aae1dbcc92f48b276f998
Details	md5	1	014122d7851fa8bf4070a8fc2acd5dc5
Details	md5	1	0ae996b31a2c3ed3f0bc14c7a96bea38
Details	md5	1	1a76681986f99b216d5c0f17ccff2a12
Details	md5	1	380c02b1fd93eb22028862117a2f19e3
Details	md5	1	40a9a22da928cbb70df48d5a3106d887
Details	md5	1	46cf2f9b4a4c35b62a32f28ac847c575
Details	md5	1	5436c3469cb1d87ea404e8989b28758d
Details	md5	1	692cecc94ac440ec673dc69f37bc0409
Details	md5	1	6a39a4e9933407aef31fdc3dfa2a2a95
Details	md5	1	8b4ed3b392ee5da139c16b8bca38ea5e
Details	md5	1	8ea5d8bb6b28191e4436456c35477e39
Details	md5	1	9271bcfbba056c8f80c7f04d72efd62d
Details	md5	1	996843b55a7c5c7a36e8c6956e599610
Details	md5	1	a554efc889714c70e9362bdc81fadd6a
Details	md5	1	c9c93c2d62a084031872aab96202ee3e
Details	md5	1	ddbdf0efdf26e0c267ef6155edb0e6b8
Details	md5	1	e7df18a17d8e7c2ed541a57020444068
Details	md5	1	ea4dcafc224f604c096032dde33a1d6d
Details	md5	1	f658bb17d69912404f34532901edad0e
Details	md5	1	f869a1b40f6438dfdd89e73480103211
Details	md5	1	81ed752590752016cb1c12f3e9ab3454
Details	md5	1	5ef719f8aeb9bf97beb24a5c2ed19173
Details	md5	1	7ec91768376324be2bad4fd30b1c2051
Details	md5	1	20c446ad2d7d1586138b493ecddfbbc7
Details	md5	1	44cf0793e05ba843dd53bbc7020e0f1c
Details	md5	1	02826bb6636337963cc5162e6f87745e
Details	md5	1	1606ab7a54735af654ee6deb7427f652
Details	md5	1	1539b3a5921203f0e2b6c05d692ffa27
Details	md5	1	c66e09429ad6669321e5c69b1d78c082
Details	md5	1	225e10e362eeee15ec64246ac021f4d6
Details	md5	1	a631fc7c45cbdf80992b9d730df0ff51
Details	md5	1	af785b4df71da0786bcae233e55cf6c1
Details	md5	1	e3e0f3ad4ff3b981b513cc66b37583e8
Details	md5	1	5cd0e97a1f09001af5213462aa3f7eb1
Details	md5	1	15fd9c04d6099273a9acf8feab81acfe
Details	md5	1	ea8b9e0bf95fc0c71694310cb685cd3b
Details	md5	1	5c3ab475be110ec59257617ee1388e01
Details	md5	1	6aac7417ea1eb60a869597af9049b8fa
Details	md5	1	372f5370085a63f5b660fab635ce6cd7
Details	md5	1	fac4885324cb67bd421d6250fdc9533c
Details	md5	1	e7e555615a07040bb5dbe9ce59ac5d11
Details	md5	1	ff34cb1d90d76a656546293e879afe22
Details	md5	1	2abf7421c34c60d48e09325a206e720e
Details	md5	1	396b4317db07cc8a2480786160b33044
Details	md5	1	e404873d3fcd0268db10657b53bdab64
Details	md5	1	6e4189b20adb253b3c1ad7f8fdc95009
Details	md5	1	bff424289c38d389a8cafb16b47dfe39
Details	md5	1	7294c7f3860315d51f74152e8ad353df
Details	md5	1	40092f76fea082b05e9631d91975a401
Details	md5	1	e42fce74bbd637c35320cf4e95f5e055
Details	md5	1	d0dafc3716a0d0ce393cde30b2b14a07
Details	md5	1	ae66bad0c7de88ab0ab1050c4bec9095
Details	md5	1	c7c2be1cd3780b2ba4638cef9a5422c7
Details	md5	1	405949955b1cb65673c16bf7c8da2f4d
Details	md5	1	ff4f052dbe73a81403df5e98313000fb
Details	md5	1	b30fcd362c7b8ac75b7dddfe6cb448c7
Details	md5	1	1d24f4d20b80562de46a8ac95d0ff8c2
Details	md5	1	9538bbdb3a73201b40296e9d4dc80ade
Details	md5	1	46bb2caeda30c09a6337fd46ec98c32c
Details	md5	1	0c8842e48e80643d91dd290d0f786147
Details	md5	1	0fc975c3c4e6c546b4f2b5aaed50dd78
Details	md5	1	41be449f687828466ed7d87f0f30a278
Details	md5	1	2b95caf3307ebd36cf405b1133b30aa8
Details	md5	1	ccc715a4d9d0157b9776deacdb26bf78
Details	md5	1	37933acfa8d8e78c54413d88ca705e17
Details	md5	1	2813c5a1c87f7e3d33174fed8b0988a1
Details	md5	1	8f22834efe52ccefb17e768569eb36b9
Details	md5	1	6f01628a0b5de757a8dbe99020499d10
Details	md5	1	7f8d9f12f41156512b60ab17f8d85fe9
Details	md5	1	debe5ef2868b212f4251c58be1687660
Details	md5	1	e136d4ebab357fd19df8afe221460571
Details	md5	1	a86a906cfafaf1d7e3725bb0161b0cfe
Details	md5	1	03e1eac3512a726da30fff41dbc26039
Details	md5	1	baac5e5dd3ce7dae56cab6d3dac14e15
Details	md5	1	0f7dde31fbeb5ddbb6230c401ed41561
Details	md5	1	36d957f6058f954541450f5a85b28d4b
Details	md5	1	42d874f91145bd2ddf818735346022d8
Details	md5	1	3468034fc3ac65c60a1f1231e3c45107
Details	md5	1	4e3b51a6a18bdb770fc38650a70b1883
Details	md5	1	3647068230839f9cadf0fd4bd82ade84
Details	md5	1	550922107d18aa4caad0267997709ee5
Details	md5	1	d8f0a6450f9df637daade521dc90d29d
Details	md5	1	bf2e2283b19b0febc4bd1f47aa82a94c
Details	md5	1	d0eec2294a70ceff84ca8d0ed7939fb5
Details	md5	1	e91d2464c8767552036dd0294fc7e6fb
Details	md5	1	f627bc2db3cab34d97c8949931cb432d
Details	md5	1	b313bbe17bd5ee9c00acff3bfccdb48a
Details	md5	1	f7a842eb1364d1269b40a344510068e8
Details	md5	1	8dacca7dd24844935fcd34e6c9609416
Details	md5	1	7cffd679599fb8579abae8f32ce49026
Details	md5	1	462fd01302bc40624a44b7960d2894cd
Details	IPv4	1441	127.0.0.1
Details	IPv4	295	8.8.8.8
Details	IPv4	1	208.115.242.36
Details	IPv4	1	208.115.242.37
Details	IPv4	1	208.115.242.38
Details	IPv4	1	66.63.178.142
Details	IPv4	1	72.11.148.220
Details	IPv4	1	72.11.141.133
Details	IPv4	1	74.63.195.236
Details	IPv4	1	74.63.195.237
Details	IPv4	1	74.63.195.238
Details	IPv4	1	103.24.0.142
Details	IPv4	2	103.24.1.54
Details	IPv4	1	106.187.45.162
Details	IPv4	1	192.151.236.138
Details	IPv4	1	192.161.61.19
Details	IPv4	1	192.161.61.20
Details	IPv4	1	192.161.61.22
Details	IPv4	1	67.215.232.179
Details	IPv4	1	96.44.177.195
Details	IPv4	1	49.143.192.221
Details	IPv4	1	67.215.232.181
Details	IPv4	1	67.215.232.182
Details	IPv4	1	96.44.182.243
Details	IPv4	1	96.44.182.245
Details	IPv4	1	96.44.182.246
Details	IPv4	1	49.143.205.30
Details	IPv4	81	192.168.1.100
Details	IPv4	1	210.116.106.66
Details	IPv4	1	122.10.10.196
Details	IPv4	1	198.100.107.107
Details	IPv4	3	127.0.0.3
Details	Pdb	1	j:\tokencontrolv3\serverdll\release\serverdll.pdb
Details	Threat Actor Identifier by SecureWorks	25	TG-3390