奇安信威胁情报中心
Tags
| country: | China Pakistan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Software - T1592.002 Visual Basic - T1059.005 Vulnerabilities - T1588.006 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 1ccc997e-08c1-4b3a-9928-5f3a41f9f196 |
| Fingerprint | 90c91595e2754382 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 29, 2018, midnight |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | UNKNOWN |
| Title | 奇安信威胁情报中心 |
| Detected Hints/Tags/Attributes | 78/3/65 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 9 | cve-2017-12824 |
|
| Details | CVE | 58 | cve-2018-0798 |
|
| Details | Domain | 2 | khurram.com.pk |
|
| Details | Domain | 2 | nethosttalk.com |
|
| Details | Domain | 2 | wcnchost.ddns.net |
|
| Details | Domain | 4 | referfile.com |
|
| Details | Domain | 4 | errorfeedback.com |
|
| Details | Domain | 1 | jospubs.com |
|
| Details | Domain | 1 | pp5.zapto.org |
|
| Details | Domain | 1 | xiovo416.net |
|
| Details | Domain | 1 | newmysticvision.com |
|
| Details | Domain | 2 | traxbin.com |
|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | Domain | 1 | www.inpage.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 16 | www.anquanke.com |
|
| Details | Domain | 122 | www.kaspersky.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | File | 49 | nuxt.js |
|
| Details | File | 1 | c:\conf\ smss.exe |
|
| Details | File | 2 | sylog.log |
|
| Details | File | 1 | simple.jpg |
|
| Details | File | 1 | executed.dll |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 4 | rundll32.dll |
|
| Details | File | 2 | aflup64.dll |
|
| Details | File | 1 | c:\ programdata\ adobe64\ aflup64.dll |
|
| Details | File | 18 | go.php |
|
| Details | File | 1 | mobile-malware-campaign-uses-malicious-mdm.html |
|
| Details | File | 2 | mobile-malware-campaign-uses-malicious-mdm-part2.html |
|
| Details | File | 1 | appendix-confucius-update-new-tools-techniques-connections-patchwork-updated.pdf |
|
| Details | md5 | 2 | 863f2bfed6e8e1b8b4516e328c8ba41b |
|
| Details | md5 | 2 | c3f5add704f2c540f3dd345f853e2d84 |
|
| Details | md5 | 2 | 1c2a3aa370660b3ac2bf0f41c342373b |
|
| Details | md5 | 1 | ce2a6437a308dfe777dec42eec39d9ea |
|
| Details | md5 | 1 | 43920ec371fae4726d570fdef1009163 |
|
| Details | md5 | 1 | 694040b229562b8dca9534c5301f8d73 |
|
| Details | md5 | 1 | fec0ca2056d679a63ca18cb132223332 |
|
| Details | md5 | 1 | 74aeaeaca968ff69139b2e2c84dc6fa6 |
|
| Details | md5 | 1 | ec834fa821b2ddbe8b564b3870f13b1b |
|
| Details | md5 | 1 | 09d600e1cc9c6da648d9a367927e6bff |
|
| Details | md5 | 1 | 91e3aa8fa918caa9a8e70466a9515666 |
|
| Details | md5 | 1 | c9c1ec9ae1f142a8751ef470afa20f15 |
|
| Details | md5 | 1 | 61a107fee55e13e67a1f6cbc9183d0a4 |
|
| Details | md5 | 2 | f9aeac76f92f8b2ddc253b3f53248c1d |
|
| Details | md5 | 2 | 8dda6f85f06b5952beaabbfea9e28cdd |
|
| Details | md5 | 2 | 25689fc7581840e851c3140aa8c3ac8b |
|
| Details | md5 | 1 | 4f9ef6f18e4c641621f4581a5989284c |
|
| Details | md5 | 1 | afed882f6af66810d7637ebcd8287ddc |
|
| Details | sha256 | 1 | 9bf55fcf0a25a2f7f6d03e7ba6123d5a31c3e6c1196efae453a74d6fff9d43bb |
|
| Details | Url | 24 | https://ti.qianxin.com |
|
| Details | Url | 1 | http://www.inpage.com |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/inpage |
|
| Details | Url | 2 | https://ti.qianxin.com/blog/articles/analysis-of-apt-campaign-bitter |
|
| Details | Url | 1 | https://www.anquanke.com/post/id/84910 |
|
| Details | Url | 1 | https://www.kaspersky.com/blog/inpage-exploit/6292 |
|
| Details | Url | 1 | https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-malicious-inpage-document-and-outdated-vlc-media-player-to-give-attackers-backdoor-access-to-targets |
|
| Details | Url | 1 | https://blog.talosintelligence.com/2018/07/mobile-malware-campaign-uses-malicious-mdm.html |
|
| Details | Url | 2 | https://blog.talosintelligence.com/2018/07/mobile-malware-campaign-uses-malicious-mdm-part2.html |
|
| Details | Url | 2 | https://blog.trendmicro.com/trendlabs-security-intelligence/confucius-update-new-tools-and-techniques-further-connections-with-patchwork |
|
| Details | Url | 1 | https://documents.trendmicro.com/assets/appendix-confucius-update-new-tools-techniques-connections-patchwork-updated.pdf |
|
| Details | Url | 1 | https://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites |
|
| Details | Url | 2 | https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploits-lead-multiple-malware-families |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/9bf55fcf0a25a2f7f6d03e7ba6123d5a31c3e6c1196efae453a74d6fff9d43bb/submissions |
|
| Details | Windows Registry Key | 11 | HKCU\Environment |