奇安信威胁情报中心
Tags
attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 |
Common Information
Type | Value |
---|---|
UUID | 38f19596-da6e-4ef1-bf5b-3b25b1f4e18f |
Fingerprint | 7c7f97e12486fdc1 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | March 15, 2022, midnight |
Added to db | Dec. 18, 2024, 11:34 p.m. |
Last updated | Dec. 21, 2024, 2:20 a.m. |
Headline | UNKNOWN |
Title | 奇安信威胁情报中心 |
Detected Hints/Tags/Attributes | 11/1/20 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 101 | ti.qianxin.com |
|
Details | File | 125 | nuxt.js |
|
Details | File | 1 | ftr.xlam |
|
Details | File | 1 | uebslplyr.exe |
|
Details | File | 1 | ravgdvirbs.exe |
|
Details | File | 1 | 并在其中释放vmeperform.zip |
|
Details | File | 1 | 解压出vmeperform.exe |
|
Details | File | 1 | 感兴趣的文件扩名包括.pdf |
|
Details | File | 1 | 释放的vmeperform.exe |
|
Details | md5 | 1 | 4EB0D5DC174A8D3643D60AD2047A20A7 |
|
Details | md5 | 1 | 22A8FF8EB7AA7E68C634BD7937E3B915 |
|
Details | md5 | 1 | EDA714CB2DD474BB4607710A6E9BAC61 |
|
Details | md5 | 1 | 7A195036865FDBFD31C555FD78EE60C9 |
|
Details | md5 | 1 | EF94D698E4995FED1873F60D3C986BA9 |
|
Details | IPv4 | 1 | 104.129.42.102 |
|
Details | IPv4 | 1 | 66.63.162.16 |
|
Details | Threat Actor Identifier - APT | 132 | APT36 |
|
Details | Url | 94 | https://sandbox.ti.qianxin.com/sandbox/page |
|
Details | Url | 3 | https://ti.qianxin.com/blog/articles/disclosure-of-recent-mobile-activities-by-transparenttribe |
|
Details | Url | 2 | https://ti.qianxin.com/blog/articles/confuser-packed-weapon-of-transparenttribe |