APT-C-08(蔓灵花)组织新型攻击组件分析报告 | CTF导航
Tags
Show in Graph
Common Information
Type Value
UUID 32825e1f-c958-4ca2-b5b8-0823c92b251f
Fingerprint e7246cfccdfed4dc
Analysis status DONE
Considered CTI value -2
Text language
Published Dec. 10, 2024, midnight
Added to db Dec. 9, 2024, 12:54 p.m.
Last updated Dec. 16, 2024, 5:16 a.m.
Headline APT-C-08(蔓灵花)组织新型攻击组件分析报告
Title APT-C-08(蔓灵花)组织新型攻击组件分析报告 | CTF导航
Detected Hints/Tags/Attributes 6/0/20
Source URLs
Redirection Url
Details Source https://www.ctfiot.com/219079.html
URL Provider
Details Provider Source level domain
Details ctfiot.com www.ctfiot.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 426 CTF导航 https://www.ctfiot.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1 
该脚本将通过curl从远端服务器上下载dune64.bin
Details File 1 
和shl.tar
Details File 1 
利用系统程序tar将shl.tar
Details File 1 
且执行时传入命令行参数为dune64.bin
Details File 1 
恶意样本shl.exe
Details File 1 
即加载远端下载的dune64.bin
Details File 1 
programdatakiwizig.exe
Details File 1 
programdatadate.txt
Details File 1 
programdatawinlist.log
Details File 1 
uplh4ppy.php
Details File 1 
programdatauprise.log
Details File 1 
programdataerr.txt
Details File 1 
programdatashl.exe
Details md5 2 
fd5f2cf4b8df27f27dc2e6bddc1a7b2e
Details md5 2 
88c9cfcf76a94c34b85eb1f07b197ffe
Details md5 2 
ac808a0f7eaea2b267e68b56ec868d60
Details Pdb 1 
0kiwix64releasekiwi.pdb
Details Pdb 1 
usersdomskugelblitzvsreposdevshellcode_loaderx64releaseshellcode_loader.pdb
Details Threat Actor Identifier - APT-C 26 
APT-C-08
Details Url 1 
http://ebeninstallsvc.com/uplh4ppy.php?mn=机器名_用户名