奇安信威胁情报中心
Common Information
Type Value
UUID 3371a68c-8832-4fde-8e8f-764f7e023ff0
Fingerprint f11c4d3ce1b07ff8
Analysis status DONE
Considered CTI value 2
Text language
Published April 15, 2020, midnight
Added to db Dec. 18, 2024, 9:01 p.m.
Last updated Dec. 24, 2024, 10:54 a.m.
Headline UNKNOWN
Title 奇安信威胁情报中心
Detected Hints/Tags/Attributes 8/1/32
Attributes
Details Type #Events CTI Value
Details Domain 3
teslacontrols.ir
Details Domain 4
www.sofa.rs
Details Domain 3
www.kingsvc.cc
Details Domain 3
www.afuocolento.it
Details Domain 2
www.mbrainingevents.com
Details File 125
nuxt.js
Details File 3
并通过hwp组件gbb.exe
Details File 1
脚本将根据系统位数的差别从远程下载对应文件到%temp%skype.jpg
Details File 1
并利用regsvr32加载skype.jpg
Details File 88
skype.exe
Details File 3
detail31.jpg
Details File 1199
svchost.exe
Details File 2
h1.jpg
Details File 1
%appdata%\mircosoft\windows\winx\config.txt
Details File 1
则初始化c2并加密存入config.txt
Details File 3
detail32.jpg
Details File 1313
index.php
Details File 3
server_test.php
Details md5 1
bc13fc599bb594bc19ac9e6fde0c28c6
Details md5 1
e3ef607182564bb158287cafb7b11be7
Details md5 2
8451be72b75a38516e7ba7972729909e
Details md5 2
fe2d05365f059d48fd972c79afeee682
Details md5 1
4662dfa19bd590b1088befa28426a161
Details md5 1
b5a31d89f5b83d37c921d159364c968c
Details md5 1
e6521be3b323865cf05f27d7c43aeff2
Details Url 3
http://teslacontrols.ir/wp-includes/images/detail31.jpg
Details Url 2
http://www.sofa.rs/wp-content/themes/twentynineteen/sass/layout/h1.jpg
Details Url 3
http://teslacontrols.ir/wp-includes/images/detail32.jpg
Details Url 2
http://www.kingsvc.cc/index.php
Details Url 2
http://www.sofa.rs/wp-admin/network/server_test.php
Details Url 1
http://www.afuocolento.it/wp-admin/network/server_test.php
Details Url 1
http://www.mbrainingevents.com/wp-admin/network/server_test.php