PasivRobber: Chinese Spyware or Security Tool?
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 5b9ee4f1-0abb-4e5f-8e77-a9ac2881851e |
| Fingerprint | a6ac9d132037b3c8 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 14, 2025, 12:50 p.m. |
| Added to db | April 14, 2025, 4:33 p.m. |
| Last updated | April 17, 2025, 10:20 p.m. |
| Headline | PasivRobber: Chinese Spyware or Security Tool? |
| Title | PasivRobber: Chinese Spyware or Security Tool? |
| Detected Hints/Tags/Attributes | 78/2/62 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.kandji.io/pasivrobber |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 497 | ✔ | Kandji Blog | https://www.kandji.io/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 411 | com.apple |
|
| Details | Domain | 1 | bin.zip |
|
| Details | Domain | 6446 | github.com |
|
| Details | Domain | 2 | sanctionssearch.ofac.treas.gov |
|
| Details | Domain | 4 | ofac.treasury.gov |
|
| Details | Domain | 63 | home.treasury.gov |
|
| Details | File | 1 | apple.geo |
|
| Details | File | 1 | myam.pl |
|
| Details | File | 1 | qqhook.cpp |
|
| Details | File | 1 | wsus.ini |
|
| Details | File | 2 | bin.zip |
|
| Details | File | 1 | imkey.json |
|
| Details | File | 1 | kntqq.txt |
|
| Details | File | 1 | apwx.pl |
|
| Details | File | 1 | apqq.pl |
|
| Details | File | 59 | install.bat |
|
| Details | File | 1 | smartviewer.exe |
|
| Details | File | 4 | uninstall.bat |
|
| Details | File | 64 | details.aspx |
|
| Details | Github username | 1 | zhangkn |
|
| Details | sha256 | 1 | 0fd32b8f304531e121e19a50f64586a446bf74818caa645bad8d6b71673a350a |
|
| Details | sha256 | 1 | d82e7ae41f2ed92136343e1ee8cef780704447af476b59e2e3bdd8d1b84dbb23 |
|
| Details | sha256 | 1 | 203e82eb0085701598f21ef2478fad149e8e68335ce8602b118b23638be951e3 |
|
| Details | sha256 | 1 | 76eb3d942055e6b9bc5573cc30eef480f0cd04e4c6d5cfacda79431d5190707b |
|
| Details | sha256 | 1 | e493c30a427fbbafa0b37d8db8d2c42bfc91680402e6c174be34798fd8992b2b |
|
| Details | sha256 | 1 | f297651c58e530d8355222dccdf0bf28d341f20a8fee5038a3a49c0a4f19d0c0 |
|
| Details | sha256 | 1 | 76bf1e83e2c0788c98343a7b03995eaf822af7f33cd4b49e4952219dcfaa36e0 |
|
| Details | sha256 | 1 | 72424adde8d28293e2becf48366692e4cceeebf4c8f9fe260dc8b4622b82b625 |
|
| Details | sha256 | 1 | 84701e24401ab07e12b78bba6ead16957f28593a4c7e64f705a01c825f3b8639 |
|
| Details | sha256 | 1 | 43d11551b81e2e5b9ce0701a1b2ad9d8f04b8161c135599a921ec1fbdeb5ca33 |
|
| Details | sha256 | 1 | 78b090dccf966d5108147b08ccbc3e64ab264632b2eb42f73fe98a4a934e743d |
|
| Details | sha256 | 1 | 386759c38e672495beb2b56f53fd07b3392de59b09e818946172a321cf337e3d |
|
| Details | sha256 | 1 | 6f10fb391a397eabc307df1684488c72351aa7502d93dfe78d076402b42a65b1 |
|
| Details | sha256 | 1 | c9435d5f315a27e01145494010e82f7e8d04b9379546551073401ddc0a73b253 |
|
| Details | sha256 | 1 | d5b2cbf0187f10cc95a714e01a28e2ae26a3927fe09e7280e14e0a444cb69209 |
|
| Details | sha256 | 1 | 33bc2c5bfea02f02f7b19e68d5efe01beab80083b4d28977934677947c1a051d |
|
| Details | sha256 | 1 | 6b4bd6c8ad5a17fd821f7cc6045b5d58783ce05d9a1140104cb7cc7b1e15d1cc |
|
| Details | sha256 | 1 | 10a239886c93285c86debf9c2c87ecf63ea464b9b4c1dcf526c6ce666c230064 |
|
| Details | sha256 | 1 | 7992280a3eeda665f024d424c6b2be2fc1ffc9977fda51e6e688bdc0dcb1facb |
|
| Details | sha256 | 1 | 94420f4f9e52f1980e167a65c0a4f7c9fd3e0083e630a2a9294ac086879bfb8a |
|
| Details | sha256 | 1 | 5be865ba5613b819ea10319c60eaca664e673c4c8882b5c621ba70f436585e9d |
|
| Details | sha256 | 1 | 50a124e0c570e5d62e57f3d0789579aa726f77706537bbb2e80661b3489c0dc3 |
|
| Details | sha256 | 1 | 7d03db6386ebe43a449834d3e95749cc5359adbe079c08d7fe6caa5b69073361 |
|
| Details | sha256 | 1 | 10e1770c531d231841c7e7f11bc061439ec089325747fbbbcc5ece9bbeb35c4e |
|
| Details | sha256 | 1 | 696678aec46a0520f04232944ba6dd4585894c5b25c0ee28633e3716479e0470 |
|
| Details | sha256 | 1 | 6ed715f9dd60d9ee6f1418005115a265c3aacc22c6dda74bef06a3b83d9f051b |
|
| Details | sha256 | 1 | 41e845c20cbd1100ef77ccd087b6edb8758b46d7b71bdc96176291da186417ed |
|
| Details | sha256 | 1 | 9139cbec580f618045e113cd4cfd6f87b55f338bd6387cfd3fa362ced4556280 |
|
| Details | sha256 | 1 | 1376a81d8b7d04bca5de782867501e19cee579707a37eb9086ecb354631848a0 |
|
| Details | sha256 | 1 | 034d3cf595276d3ec5443ba84c1ffb2b7c3ae4b9986a1b4f99f3eb72a90eb465 |
|
| Details | sha256 | 1 | 02580be00387888e8d584d62744f6dbbdeb481367f2fad193212df8f08c1ee51 |
|
| Details | sha256 | 1 | cf5ccd3f9aad801b1ad0995e773d1ef623158d28a21aeb64d3fadc4fe5d71f64 |
|
| Details | sha256 | 1 | 4cc05a12cce16d2bb3232a5d4c680243cd7e972e50800ac30e3d4b2f3c416487 |
|
| Details | sha256 | 1 | e42d3ccc2d24e6d5903776ac1e4a0afc463a7655a15337400dd5dd8e94d51ab3 |
|
| Details | sha256 | 1 | 994af3a899ab607e869b5463809ce500bd7578075291a8be49d71239dc47b102 |
|
| Details | sha256 | 1 | d03d2a0f53e780be9797d252e45045ef5cd208bc093d5cdbc0c14f06f4b847a2 |
|
| Details | sha256 | 1 | f335b82b5263578543cb3bd03e26fd5de246cd7b3b94cccdc44b8ed5113cc6e6 |
|
| Details | IPv4 | 1 | 116.198.18.202 |
|
| Details | Url | 1 | https://github.com/zhangkn/insert_dylib-1. |
|
| Details | Url | 1 | https://sanctionssearch.ofac.treas.gov/details.aspx?id=33896 |
|
| Details | Url | 1 | https://ofac.treasury.gov/media/99111/download?inline |
|
| Details | Url | 1 | https://home.treasury.gov/news/press-releases/jy0538 |