BrazenBamboo APT利用 FortiClient 漏洞通过 DEEPDATA 窃取 VPN 凭证 | CTF导航
Tags
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Javascript - T1059.007 Software - T1592.002 Ssh - T1021.004
Show in Graph
Common Information
Type Value
UUID 3b81eb00-e2e4-48ba-9e0b-8d9f17b43b11
Fingerprint acc02f5f07de0f
Analysis status DONE
Considered CTI value -2
Text language
Published Nov. 10, 2024, midnight
Added to db Nov. 17, 2024, 9:54 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline BrazenBamboo APT利用 FortiClient 漏洞通过 DEEPDATA 窃取 VPN 凭证
Title BrazenBamboo APT利用 FortiClient 漏洞通过 DEEPDATA 窃取 VPN 凭证 | CTF导航
Detected Hints/Tags/Attributes 26/1/35
Source URLs
Redirection Url
Details Source https://www.ctfiot.com/215727.html
URL Provider
Details Provider Source level domain
Details ctfiot.com www.ctfiot.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 426 CTF导航 https://www.ctfiot.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1 
的分析始于发现一个名为deepdata.zip
Details File 13 
data.dll
Details File 3 
mod.dat
Details File 367 
readme.txt
Details File 1 
该readme.txt
Details File 4 
frame.dll
Details File 62 
ffmpeg.dll
Details File 3 
vertdll.dll
Details File 3 
iumdll.dll
Details File 3 
ucrtbase_enclave.dll
Details File 50 
d3dcompiler_47.dll
Details File 1 
只能frame.dll
Details File 153 
config.json
Details File 86 
manifest.json
Details File 3 
manifest1.json
Details File 3 
date.ini
Details File 1 
该manifest.json
Details File 1 
的库包含的msenvico.dll
Details File 4 
localupload.exe
Details File 3 
pic32.png
Details File 1 
和pic64.png
Details File 4 
account.bin
Details File 8 
audio.dll
Details File 4 
mail.db
Details File 3 
sqlaliases23.xml
Details File 3 
dbvis.xml
Details File 3 
credentials-config.json
Details md5 3 
533297a7084039bf6bda702b752e6b82
Details sha1 3 
20214e2e93b1bb37108aa1b8666f6406fabca8a0
Details sha256 4 
666a4c569d435d0e6bf9fa4d337d1bf014952b42cc6d20e797db6c9df92dd724
Details sha256 3 
f4e72145e761bcc8226353bb121eb8e549dc0000c6535bfa627795351037dc8e
Details IPv4 8 
103.27.109.217
Details IPv4 4 
103.27.108.207
Details IPv4 7 
121.201.109.98
Details Threat Actor Identifier - APT 522 
APT41