China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets | Mandiant
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 55498496-21c3-425f-a13c-c78dfec77748 |
| Fingerprint | 24341fd127bf8dd1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 1, 2015, midnight |
| Added to db | Nov. 9, 2023, 12:28 a.m. |
| Last updated | Nov. 10, 2024, 10:46 a.m. |
| Headline | China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets |
| Title | China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets | Mandiant |
| Detected Hints/Tags/Attributes | 76/2/36 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.mandiant.com/resources/blog/china-based-threat |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 176 | cve-2012-0158 |
|
| Details | Domain | 2 | accounts.serveftp.com |
|
| Details | Domain | 24 | www2.fireeye.com |
|
| Details | Domain | 151 | www.bbc.com |
|
| Details | Domain | 1 | sinosphere.blogs.nytimes.com |
|
| Details | Domain | 1 | www.ejinsight.com |
|
| Details | File | 1 | 我們的異象.doc |
|
| Details | File | 1 | 新聞稿及公佈.doc |
|
| Details | File | 1 | 港大校友關注組遞信行動.doc |
|
| Details | File | 4 | time.exe |
|
| Details | File | 1 | wmiapcom.bat |
|
| Details | File | 1 | _upload.bat |
|
| Details | File | 16 | audiodg.exe |
|
| Details | File | 1 | %temp%\audiodg.exe |
|
| Details | File | 1 | upload.bat |
|
| Details | File | 1 | upload.rar |
|
| Details | File | 1 | period.txt |
|
| Details | File | 10 | download.txt |
|
| Details | File | 1 | silent.txt |
|
| Details | File | 96 | rar.exe |
|
| Details | File | 1 | download.rar |
|
| Details | File | 1 | apt17_report.pdf |
|
| Details | File | 1 | spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html |
|
| Details | md5 | 1 | b9208a5b0504cb2283b1144fc455eaaa |
|
| Details | md5 | 1 | ec19ed7cddf92984906325da59f75351 |
|
| Details | md5 | 1 | 6495b384748188188d09e9d5a0c401a4 |
|
| Details | md5 | 1 | d76261ba3b624933a6ebb5dd73758db4 |
|
| Details | md5 | 1 | 79b68cdd0044edd4fbf8067b22878644 |
|
| Details | md5 | 1 | 0beb957923df2c885d29a9c1743dd94b |
|
| Details | IPv4 | 2 | 59.188.0.197 |
|
| Details | Url | 1 | https://www2.fireeye.com/rs/fireye/images/apt17_report.pdf |
|
| Details | Url | 1 | https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html |
|
| Details | Url | 1 | http://www.bbc.com/news/world-asia-china-34070695. |
|
| Details | Url | 1 | http://www.scmp.com/news/hong-kong/education-community/article/1862423/surprise-move-chair-university-hong-kong. |
|
| Details | Url | 1 | http://sinosphere.blogs.nytimes.com/2014/06/18/pro-democracy-media-companys-websites-attacked/. |
|
| Details | Url | 1 | http://www.ejinsight.com/20150831-hku-concern-group-raises-proxy-fears-in-key-vote/. |