ioc[.]one - OSINT Cyber Threat Intelligence Database

奇安信威胁情报中心

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	379faca3-bbc6-4592-962a-7cda61b121dd
Fingerprint	e37f16d56eebce32
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 28, 2019, midnight
Added to db	Jan. 18, 2023, 10:40 p.m.
Last updated	Nov. 6, 2024, 4:32 p.m.
Headline	UNKNOWN
Title	奇安信威胁情报中心
Detected Hints/Tags/Attributes	7/1/87

Source URLs

	Redirection	Url
Details	Source	https://ti.qianxin.com/blog/articles/newly-disclosed-golden-eye-dog-black-gang/

URL Provider

Details	Provider	Source level domain
Details	qianxin.com	ti.qianxin.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	test.hhlywsc.cn
Details	Domain	1	putj2l6mp.bkt.clouddn.com
Details	Domain	1	pta7l9xuf.bkt.clouddn.com
Details	Domain	1	ptfv5y9m3.bkt.clouddn.com
Details	Domain	1	psk4iauap.bkt.clouddn.com
Details	Domain	1	globaltopgarlic.com
Details	Domain	1	dpcq999.com
Details	Domain	1	sudaqiang123.com
Details	Domain	1	test.microsft-update.com
Details	Domain	1	3175882.com
Details	Domain	1	chenyon1314.xyz
Details	Domain	1	xunqing888.xyz
Details	Domain	1	q0drurhbs.bkt.clouddn.com
Details	Domain	1	www.bestriven123.com
Details	Domain	1	www.xunqing888.xyz
Details	Domain	1	xunqing8888.xyz
Details	File	49	nuxt.js
Details	File	1	从远程服务器下载new.jpg
Details	File	1	从远程服务器下载junction.exe
Details	File	1	从远程服务器下载basicnetutils.dll
Details	File	1	在junction.exe
Details	File	1	会解密从远程服务器下载的q.crt
Details	File	1	在本地被改名为activeds.crt
Details	File	1	activeds.crt
Details	File	1	sct脚本最后执行junction.exe
Details	File	4	new.jpg
Details	File	4	junction.exe
Details	File	2	basicnetutils.dll
Details	File	1	会被junction.exe
Details	File	1	用于解密从远程服务器下载的activeds.crt
Details	File	1	mem.bin
Details	File	1	imecommondownload.exe
Details	File	1	queryinstalllsp.exe
Details	File	1	tgp_minibrowser.exe
Details	File	1	qqmusic.exe
Details	File	1	qtcapture.exe
Details	File	1	putj2l6mp.bk
Details	File	156	1.exe
Details	File	1	pta7l9xuf.bk
Details	File	1	ptfv5y9m3.bk
Details	File	1	psk4iauap.bk
Details	File	1	逼逼特写.exe
Details	File	1	听听律师怎么说.exe
Details	File	1	无需安装任何播放器.exe
Details	File	1	名为链接.exe
Details	File	1	fxgame.exe
Details	File	1	其中从远程服务器下载的1.txt
Details	File	1	q0drurhbs.bk
Details	File	3	z.rar
Details	File	14	temp.exe
Details	md5	1	477bdf867c8000c0e7762f9483e03130
Details	md5	1	5b4b236f8b3260c504ff863be7a7fc8d
Details	md5	1	4aaf2f314e330d2b95b002b71e93f525
Details	md5	1	c4717e466bcd97c19869e2627b80db89
Details	md5	1	4a0f24c1f68b18bfa19a695cb0699cc8
Details	md5	1	87dba009e13df54f023dcb77c6d0de91
Details	md5	1	53dfd943b8c7ed5d5f93a1333fb975b0
Details	md5	1	b65b16cb38101fe83edc4afc50cdf100
Details	md5	1	79a4f8c5fe33b162187e2341e3fac004
Details	md5	1	6ae80424599498af8bcb128f0a24f9d1
Details	md5	1	03d8614a18a2d4bf1d6478fd216da2e2
Details	md5	1	7762605dcb35118fb69546affd096ac8
Details	md5	1	7b3ba2f713f05906b6241144f3979628
Details	md5	1	f3b32e9b5632230769de0abf150288a2
Details	md5	1	0d0e93676954f41af2b7885f6b788d1e
Details	md5	1	30ec1d1dabe0cd4e757f84a3052f3465
Details	md5	1	2f4329446849a13600aab4f03a7427a2
Details	md5	1	2de1a991b799bc11a67e9b5112947182
Details	IPv4	1	103.233.8.24
Details	IPv4	1	223.199.1.113
Details	IPv4	1	103.233.10.85
Details	IPv4	1	112.67.34.32
Details	IPv4	1	223.199.14.229
Details	IPv4	1	202.181.24.16
Details	IPv4	1	103.76.87.126
Details	Mandiant Temporary Group Assumption	22	TEMP.EXE
Details	Pdb	1	d:\myproject\ratloader\exe\mfcload\mfcinfload\release\t2.pdb
Details	Pdb	1	d:\myproject\ratloader\dll\workdll\release\workdll.pdb
Details	Pdb	1	e:\myproject\new\历史版本\20170919_1314\inst\release\inst.pdb
Details	Pdb	1	fack.pdb
Details	Pdb	1	mfcproject.pdb
Details	Pdb	1	calculator.pdb
Details	Url	1	http://putj2l6mp.bkt.clouddn.com/1.exe
Details	Url	1	http://pta7l9xuf.bkt.clouddn.com/1.exe
Details	Url	1	http://ptfv5y9m3.bkt.clouddn.com/1.exe
Details	Url	1	http://psk4iauap.bkt.clouddn.com/1.exe
Details	Url	1	http://globaltopgarlic.com/junction.exe