奇安信威胁情报中心
Tags
country: China India Pakistan Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Screen Capture - T1113 Screen Capture
Show in Graph
Common Information
Type Value
UUID 1c8c3761-9af4-40e7-9521-da0e71b70fae
Fingerprint b68454c3c8a58384
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 13, 2019, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline UNKNOWN
Title 奇安信威胁情报中心
Detected Hints/Tags/Attributes 57/3/78
Source URLs
Redirection Url
Details Source https://ti.qianxin.com/blog/articles/apt-c-09-reappeared-as-conflict-intensified-between-india-and-pakistan/
URL Provider
Details Provider Source level domain
Details qianxin.com ti.qianxin.com
Attributes
Details Type #Events CTI Value
Details CVE 375 
cve-2017-11882
Details Domain 622 
en.wikipedia.org
Details Domain 1 
node2.feed43.com
Details Domain 291 
raw.githubusercontent.com
Details Domain 3 
feeds.rapidfeeds.com
Details Domain 403 
securelist.com
Details File 49 
nuxt.js
Details File 149 
msbuild.exe
Details File 1 
world.xlsm
Details File 1 
%appdata%\msbuild.exe
Details File 1 
0056234178515131.xml
Details File 4 
xml.xml
Details File 2 
abdyot0nxyg.php
Details File 2 
uyefgepxaoe.php
Details File 2 
9pt568.dat
Details File 3 
tpx498.dat
Details File 2 
tpx499.dat
Details File 2 
adbfle.tmp
Details File 2 
edg499.dat
Details File 1 
u5a3ewfasdk9.php
Details File 2 
ghsnls.php
Details File 1 
dqvabs.php
Details File 1 
j8fiandfuesmg.php
Details File 1 
sadk9f043ejf.php
Details File 1 
f3af3fasf32.php
Details File 1 
dfae43rsfdgq4e.php
Details File 1 
byuehf8af.php
Details File 1 
sg4gasdnjf984.php
Details Github username 1 
petersonmike
Details md5 1 
0D38ADC0B048BAB3BD91861D42CD39DF
Details md5 1 
0f4f6913c3aa57b1fc5c807e0bc060fc
Details md5 2 
e3e7e71a0b28b5e96cc492e636722f73
Details md5 2 
DD1876848203D9E10ABCEEC07282FF37
Details IPv4 2 
139.28.38.236
Details IPv4 1 
149.56.80.64
Details IPv4 1 
43.249.37.165
Details IPv4 1 
123.57.158.115
Details IPv4 1 
185.82.217.200
Details IPv4 1 
81.17.30.28
Details IPv4 1 
46.183.216.222
Details IPv4 1 
91.229.79.183
Details IPv4 1 
176.107.182.24
Details IPv4 1 
146.185.234.71
Details IPv4 1 
185.203.116.58
Details IPv4 1 
185.156.173.73
Details IPv4 2 
188.165.124.30
Details IPv4 3 
94.156.35.204
Details IPv4 3 
185.203.118.115
Details IPv4 4 
185.29.11.59
Details IPv4 2 
185.206.144.67
Details IPv4 1 
185.36.188.14
Details IPv4 1 
199.168.138.119
Details IPv4 1 
85.217.171.138
Details IPv4 1 
193.37.213.101
Details IPv4 2 
178.33.94.35
Details IPv4 2 
164.132.75.22
Details IPv4 2 
193.22.98.17
Details IPv4 2 
91.92.136.239
Details IPv4 2 
185.116.210.8
Details IPv4 2 
185.161.210.8
Details IPv4 2 
139.28.38.231
Details Threat Actor Identifier - APT-C 16 
APT-C-09
Details Url 12 
https://en.wikipedia.org
Details Url 1 
https://node2.feed43.com/0056234178515131.xml
Details Url 1 
https://raw.githubusercontent.com/petersonmike/test/master/xml.xml
Details Url 1 
http://149.56.80.64/u5b62ed973d963913bb/u5a3ewfasdk9.php
Details Url 1 
http://43.249.37.165/kungfu/ghsnls.php
Details Url 1 
http://123.57.158.115/shujing/ghsnls.php
Details Url 1 
http://185.82.217.200/d3m0n/dqvabs.php
Details Url 1 
http://81.17.30.28/th0mas/dqvabs.php
Details Url 1 
http://46.183.216.222/0racl3/dqvabs.php
Details Url 1 
http://91.229.79.183/b15d0e30a7738037/j8fiandfuesmg.php
Details Url 1 
http://176.107.182.24/f0357a3f154bc2ff/sadk9f043ejf.php
Details Url 1 
http://146.185.234.71/ms3f3g45thgy5/f3af3fasf32.php
Details Url 1 
http://185.203.116.58/d394d142687ff5a0/dfae43rsfdgq4e.php
Details Url 2 
http://188.165.124.30/c6afebaa8acd80e7/byuehf8af.php
Details Url 1 
http://94.156.35.204/22af645d1859cb5c/sg4gasdnjf984.php
Details Url 3 
https://securelist.com/the-dropping-elephant-actor/75328