UNKNOWN
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 3006717c-e5ec-434a-a322-4fdaa478abef |
| Fingerprint | 9d6489057cd16228 |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | None |
| Added to db | Dec. 19, 2024, 4:48 p.m. |
| Last updated | Dec. 22, 2024, 10:29 p.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 4/0/41 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secrss.com/articles/53523 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | linhunq.com |
|
| Details | Domain | 2 | navicat.amdc6766.net |
|
| Details | Domain | 2 | navicat02.amdc6766.net |
|
| Details | Domain | 2 | amdc6766.net |
|
| Details | Domain | 4692 | github.com |
|
| Details | Domain | 29 | co.ltd |
|
| Details | Domain | 1 | www.navicatcn.net |
|
| Details | Domain | 1 | www.biosoft.cc |
|
| Details | Domain | 1 | cnxshell.com |
|
| Details | Domain | 1 | www.bixwinner.cc |
|
| Details | Domain | 1 | xiandazm.com |
|
| Details | Domain | 1 | cnlnmp.com |
|
| Details | Domain | 1 | highthost.cc |
|
| Details | Domain | 1 | cqdtwxx.com |
|
| Details | Domain | 1 | lightsoft.cc |
|
| Details | Domain | 1 | lukesoft.cc |
|
| Details | Domain | 1 | navicatcn.net |
|
| Details | Domain | 101 | ti.qianxin.com |
|
| Details | Domain | 6752 | 163.com |
|
| Details | File | 2 | 奇安信威胁情报中心及奇安信网络安全部通过日常监测发现navicat.exe |
|
| Details | File | 1 | 16.exe |
|
| Details | File | 6 | 3.log |
|
| Details | File | 1 | 通过线程劫持的方法将shellcode注入系统程序wabmig.exe |
|
| Details | File | 1 | 根据奇安信产品设备日志获取的线索该样本会注入到系统进程wabmig.exe |
|
| Details | File | 1 | 将之前申请的内存地址作为参数将一阶段shellcode写入新创建wabmig.exe |
|
| Details | File | 1 | 根据动态调试的内存地址内容与上述下载的3.log |
|
| Details | File | 1 | navicat-premium.html |
|
| Details | File | 916 | index.html |
|
| Details | File | 1 | navicat.exe |
|
| Details | Github username | 8 | monoxgas |
|
| Details | md5 | 1 | 8829174fcbf689f0f7a189e937ab4022 |
|
| Details | md5 | 1 | 17a96924c1ddacfc164e9fe7c79e5f8d |
|
| Details | IPv4 | 1 | 8.210.158.101 |
|
| Details | IPv4 | 1 | 47.242.55.129 |
|
| Details | Url | 1 | https://linhunq.com/zh/navicat |
|
| Details | Url | 2 | https://github.com/monoxgas/srdi |
|
| Details | Url | 94 | https://sandbox.ti.qianxin.com/sandbox/page |
|
| Details | Url | 1 | https://lukesoft.cc |
|
| Details | Url | 1 | https://www.navicatcn.net/download/navicat-premium.html |
|
| Details | Url | 1 | https://navicatcn.net/zh/navicat/index.html |
|
| Details | Url | 33 | https://ti.qianxin.com |