DarkCracks, 一个利用被黑GLPI, WORDPRESS站点充当中转的高级恶意载荷&升级框架
Tags
| country: | Japan United States Of America |
| maec-delivery-vectors: | Watering Hole |
Common Information
| Type | Value |
|---|---|
| UUID | 5cc8c287-8059-4232-b1ca-2913ecd40db8 |
| Fingerprint | 78b78e3d8936a1cb |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 31, 2024, midnight |
| Added to db | Sept. 3, 2024, 6:06 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | DarkCracks, 一个利用被黑GLPI, WORDPRESS站点充当中转的高级恶意载荷&升级框架 |
| Title | DarkCracks, 一个利用被黑GLPI, WORDPRESS站点充当中转的高级恶意载荷&升级框架 |
| Detected Hints/Tags/Attributes | 23/2/150 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 420 | ✔ | 奇安信 X 实验室 | https://blog.xlab.qianxin.com/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS834 |
|
| Details | Autonomous System Number | 2 | AS34985 |
|
| Details | Domain | 291 | raw.githubusercontent.com |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 3 | uvdfugoagjl.com |
|
| Details | Domain | 3 | soussanart.com |
|
| Details | Domain | 3 | www.auntyaliceschool.site |
|
| Details | Domain | 3 | www.miracles.com.hk |
|
| Details | Domain | 3 | ktd7ygoagjl.com |
|
| Details | Domain | 3 | gtd7ygoagjl.com |
|
| Details | Domain | 3 | std7ygoagjl.com |
|
| Details | Domain | 3 | evd7ygoagjl.com |
|
| Details | Domain | 3 | avd7ygoagjl.com |
|
| Details | Domain | 3 | mvd7ygoagjl.com |
|
| Details | Domain | 3 | ivd7ygoagjl.com |
|
| Details | Domain | 3 | uvd7ygoagjl.com |
|
| Details | Domain | 3 | qvd7ygoagjl.com |
|
| Details | Domain | 3 | ytc7ygoagjl.com |
|
| Details | Domain | 3 | ktc7ygoagjl.com |
|
| Details | Domain | 3 | gtc7ygoagjl.com |
|
| Details | Domain | 3 | ktdfugoagjl.com |
|
| Details | Domain | 3 | gtdfugoagjl.com |
|
| Details | Domain | 3 | stdfugoagjl.com |
|
| Details | Domain | 3 | evdfugoagjl.com |
|
| Details | Domain | 3 | avdfugoagjl.com |
|
| Details | Domain | 3 | mvdfugoagjl.com |
|
| Details | Domain | 3 | ivdfugoagjl.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 40 | gchq.github.io |
|
| Details | File | 2 | qoakeifm-unknown.txt |
|
| Details | File | 7 | uc.reg |
|
| Details | File | 2 | eh.reg |
|
| Details | File | 30 | main.cpp |
|
| Details | File | 1 | 发现变化集中在main.cpp |
|
| Details | File | 12 | detail.php |
|
| Details | File | 2 | tem9fg5.tmp |
|
| Details | File | 1 | 配置文件tem9fg5.tmp |
|
| Details | File | 1 | 该项目只有一个名为bzupdater.zip |
|
| Details | File | 68 | config.ini |
|
| Details | File | 52 | updater.exe |
|
| Details | File | 89 | version.dll |
|
| Details | File | 1 | 我们确认version.dll |
|
| Details | File | 1 | 虽然version.dll |
|
| Details | File | 1 | 但config.ini |
|
| Details | File | 5 | resume.pdf |
|
| Details | File | 2 | 이력서.pdf |
|
| Details | File | 3 | poly25519.php |
|
| Details | File | 3 | curlsinglehandler.php |
|
| Details | File | 3 | dnsexception.php |
|
| Details | File | 3 | sus.php |
|
| Details | File | 17 | base64.url |
|
| Details | Github username | 2 | adrhpbrn29 |
|
| Details | md5 | 3 | 8b3d2b156424e5a0dc3f6d2b0dec96b2 |
|
| Details | md5 | 3 | f8a495a98c43b0805f53be14db09c409 |
|
| Details | md5 | 3 | 93a7cba1edbacb633021ebc38c10a79f |
|
| Details | md5 | 3 | 81eccc9c10368aa54cfed371f83da45a |
|
| Details | md5 | 3 | fe5f484f71bf0fd7afa56e60da7eec6f |
|
| Details | md5 | 2 | 8103a187a710378020dbdee8ff213b5b |
|
| Details | md5 | 2 | 69ef27f8e69dbba222c3c33a53906d79 |
|
| Details | md5 | 2 | FCFF50FB13B09C44F806CF4947381718 |
|
| Details | md5 | 2 | 2DD695D6845AA9F83F0071B709D78CBD |
|
| Details | md5 | 3 | 456d05566fc3391e195a5f9cb346c92c |
|
| Details | md5 | 3 | 91bcbf4de7ff8bddebdc49b62cad1ac1 |
|
| Details | md5 | 3 | c2d69f5e5fa2af8131f1cb3d9fdfbd4b |
|
| Details | md5 | 3 | 05481286a1aa1f0d7d9df7bbbb3aeb73 |
|
| Details | md5 | 3 | 9e94126e8a26efd10b2a5b179d64be90 |
|
| Details | md5 | 3 | ceb7f3d92096892410e041a3b318ab9b |
|
| Details | md5 | 3 | ca93591a9441a2ade70821f67292d982 |
|
| Details | md5 | 3 | 6176c8374cd656783c9b354944c8052e |
|
| Details | md5 | 3 | 71ebe71eec7e0f2420cd931534dd22c3 |
|
| Details | md5 | 3 | c30e9934299fd43527834086b6cfa26a |
|
| Details | md5 | 3 | 8c53e98685fc3ce8b86055991b905926 |
|
| Details | md5 | 3 | 257c9ec1241b3fa59565edec9689276b |
|
| Details | md5 | 3 | 281e4ede8ffc0f854ce671b5b3ae06f8 |
|
| Details | md5 | 3 | 21732589b41506e1e7de87d7066ea43e |
|
| Details | md5 | 3 | 036d6c73fe7a568160f3de8a98d0a58b |
|
| Details | md5 | 3 | 5340ee724893fd596852f22ecbc3e795 |
|
| Details | md5 | 3 | c6909b8b8bc55fac85c5fe650c7df42a |
|
| Details | md5 | 3 | 227d19736af70bef817da96668994af8 |
|
| Details | md5 | 3 | a18957196842c78cbce2247d766712ad |
|
| Details | md5 | 3 | 0dd9e350aafe0d1c9e619d27ebd2ccfd |
|
| Details | md5 | 3 | 8859d9b1c3f41b9dad3cee68adaddd92 |
|
| Details | md5 | 3 | e587cd53059f58526be7e2167cf7177b |
|
| Details | md5 | 3 | af93dc3d635ed3b46439e38fae8ecf6b |
|
| Details | md5 | 3 | b0f7df80d2adda176f8d58a55b773eed |
|
| Details | md5 | 3 | 7d6ea278b5ae9081c03e340d6f98a4a5 |
|
| Details | md5 | 3 | 635a7ae54cb7966d61e2e8f64391e870 |
|
| Details | md5 | 3 | c1d07c102e436284d3fbce0410658ae8 |
|
| Details | md5 | 3 | 11d4db491fe82e37ff0a5c3787cfa143 |
|
| Details | md5 | 3 | 4e64816a821ce2eb231a5be5395a2f20 |
|
| Details | md5 | 3 | 2e7d67a3be72c5d1718fc2689c0d5d08 |
|
| Details | md5 | 3 | 5e9bf8a980bcc4d004ff505778b843e6 |
|
| Details | md5 | 3 | 527cc24f043c58101c122c2a2f6c6d8e |
|
| Details | md5 | 3 | 5b39497af0d9874d38288476d3a9f5a4 |
|
| Details | md5 | 3 | dffee792a8e65d38d897bd3400aecd3d |
|
| Details | md5 | 3 | 7515282b084374d9d8b87e46b87e4af8 |
|
| Details | md5 | 3 | ee0d3c3c528034fa3ebdc37596014382 |
|
| Details | md5 | 3 | d41c379725973e97ef9cbafb1efdb2f3 |
|
| Details | md5 | 3 | 1d407ff91ce19afc82f7946c3ec24dea |
|
| Details | md5 | 3 | a1f3e574799c3f874a8d3563dbc55f4c |
|
| Details | md5 | 3 | ad831d9c00c90fead925f4575f4a6a9a |
|
| Details | md5 | 3 | 2b5df28714421d79ab3e63eac538d853 |
|
| Details | md5 | 3 | 2107625e9980d190e3214ef09a83608f |
|
| Details | md5 | 3 | 35f846e24d0cccb5a3ec736c07f6a0a2 |
|
| Details | md5 | 3 | 5fbe460fc8fa09dc6adc73e5e908cd0e |
|
| Details | md5 | 3 | 27f18a27942fbb71c4e84736db45b5cf |
|
| Details | md5 | 3 | e1674821a190f5250e6aba40916c9061 |
|
| Details | md5 | 3 | b1040f3193d4bec01b13bc73ecaa2587 |
|
| Details | md5 | 3 | 7c33c052c5d451ba4069639286dfc4b5 |
|
| Details | md5 | 3 | 08169e20daaad052075bd4026c8e287f |
|
| Details | md5 | 3 | 2caf09452e79390f09bebf27dad9acf4 |
|
| Details | md5 | 3 | 5421bc92f2dd8f37538c2023c1e2f8ee |
|
| Details | md5 | 3 | 7168f47f067d260c34543e32a7a55cbd |
|
| Details | md5 | 3 | 4e52426a96baf84431775adf2d6f0ae2 |
|
| Details | md5 | 3 | 4a642a86a8d8e71e5f163fa54eda9241 |
|
| Details | sha256 | 3 | 2d8c7fee42d3db4a8e55fbff65351e1bb8addba8fcbd0f85ee1ca5033d0df342 |
|
| Details | IPv4 | 3 | 45.169.87.67 |
|
| Details | IPv4 | 3 | 179.191.68.85 |
|
| Details | IPv4 | 3 | 213.139.233.163 |
|
| Details | IPv4 | 3 | 187.190.1.137 |
|
| Details | IPv4 | 3 | 204.199.192.44 |
|
| Details | IPv4 | 3 | 148.102.51.6 |
|
| Details | IPv4 | 3 | 158.177.2.191 |
|
| Details | IPv4 | 3 | 64.227.0.146 |
|
| Details | IPv4 | 3 | 216.238.103.62 |
|
| Details | IPv4 | 3 | 52.0.85.62 |
|
| Details | IPv4 | 3 | 152.67.11.54 |
|
| Details | IPv4 | 2 | 216.74.123.97 |
|
| Details | Url | 3 | http://179.191.68.85:82/vendor/sebastian/diff/src/exception/pq1im9hd-x64-musl |
|
| Details | Url | 3 | http://179.191.68.85:82/vendor/sebastian/diff/src/exception/j8ugl3v |
|
| Details | Url | 2 | https://raw.githubusercontent.com/adrhpbrn29/sudoku1/main/main.cpp |
|
| Details | Url | 3 | https://pastebin.com/raw/gyebvymr |
|
| Details | Url | 2 | https://www.auntyaliceschool.site/wp-admin/maint |
|
| Details | Url | 2 | http://179.191.68.85:82/vendor/sebastian/diff/src/exception |
|
| Details | Url | 2 | http://45.169.87.67/vendor/sabre/event/lib/promise |
|
| Details | Url | 3 | http://187.190.1.137/vendor/guzzlehttp/guzzle/src/exception/detail.php |
|
| Details | Url | 3 | http://204.199.192.44/vendor/paragonie/sodium_compat/src/core32/poly25519.php |
|
| Details | Url | 3 | http://148.102.51.6/vendor/guzzlehttp/guzzle/src/handler/curlsinglehandler.php |
|
| Details | Url | 3 | http://158.177.2.191/vendor/guzzlehttp/guzzle/src/handler/curlsinglehandler.php |
|
| Details | Url | 3 | http://64.227.0.146/vendor/guzzlehttp/guzzle/src/handler/curlsinglehandler.php |
|
| Details | Url | 3 | http://216.238.103.62:8013/vendor/guzzlehttp/guzzle/src/exception/dnsexception.php |
|
| Details | Url | 3 | http://52.0.85.62/vendor/guzzlehttp/guzzle/src/exception/detail.php |
|
| Details | Url | 3 | https://www.miracles.com.hk/wp-content/plugins/foxiplugin/detail.php |
|
| Details | Url | 3 | http://152.67.11.54/wordpress//wp-admin/includes/sus.php |
|
| Details | Url | 2 | https://github.com/adrhpbrn29/sudoku1 |
|
| Details | Url | 2 | http://148.102.51.6/vendor/guzzlehttp/guzzle/src/handler/curlsinglehandler.php","authheader":"ljhrqwe","clienturl":"http://45.169.87.67/vendor/sabre/event/lib/promise/se3hf6jwc","runnerurl":"http://45.169.87.67/vendor/sabre/event/lib/promise/wk8dnj2k |
|
| Details | Url | 2 | http://148.102.51.6/vendor/guzzlehttp/guzzle/src/handler/curlsinglehandler.php","authheader":"ljhrqwe","clienturl":"https://www.auntyaliceschool.site/wp-admin/maint/se3hf6jwc","runnerurl":"https://www.auntyaliceschool.site/wp-admin/maint/wk8dnj2k |
|
| Details | Url | 2 | https://pastebin.com/gyebvymr |
|
| Details | Url | 2 | http://52.0.85.62/vendor/guzzlehttp/guzzle/src/exception/detail.php","authheader":"ggsedphp","clienturl":"http://179.191.68.85:82/vendor/sebastian/diff/src/exception/my5bjk7e","runnerurl":"http://179.191.68.85:82/vendor/sebastian/diff/src/exception/pq1im9hd |
|
| Details | Url | 2 | https://gchq.github.io/cyberchef/#recipe=aes_decrypt |