ioc[.]one - OSINT Cyber Threat Intelligence Database

蔓灵花APT组织利用恶意CHM文档针对国内研究机构的攻击活动分析

Tags

Show in Graph

Common Information

Type	Value
UUID	5f1111f2-de88-47d2-bc0a-318a982833de
Fingerprint	e10f85ef0dedbfd2
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 21, 2022, midnight
Added to db	Jan. 16, 2023, 4:56 p.m.
Last updated	Nov. 5, 2024, 5:39 p.m.
Headline	蔓灵花APT组织利用恶意CHM文档针对国内研究机构的攻击活动分析
Title	蔓灵花APT组织利用恶意CHM文档针对国内研究机构的攻击活动分析
Detected Hints/Tags/Attributes	5/0/28

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s/9O4nZV-LNHuBy2ihg2XeIw

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	webmailcgwip.com
Details	Domain	2	pichostfrm.net
Details	Domain	58	ti.qianxin.com
Details	Domain	41	www.freebuf.com
Details	File	1	主要指标情况说明.chm
Details	File	1	msixxxx.tmp
Details	File	1	为msiexec.exe
Details	File	1	再通过msiexec.exe
Details	File	1	rtf.txt
Details	File	64	logins.json
Details	File	36	key3.db
Details	File	2	随后将其重命名为.exe
Details	File	1	192726.html
Details	md5	1	34ae127d269b718933a248c990faba03
Details	md5	3	660a678cd7202475cf0d2c48b4b52bab
Details	md5	2	f4daf0eccf9972bdefb79fbf9f7fb6ee
Details	md5	2	a39aa2ecbbb50c97727503e23ce7b8c6
Details	md5	1	29ed7d64ce8003c0139cccb04d9af7f0
Details	IPv4	2	72.11.134.216
Details	IPv4	1	17.2.0.0
Details	IPv4	2	162.0.229.203
Details	Pdb	1	g:\visualstudioprojects_cn\remotetool\remotetool\obj\release\microsoftservices.pdb
Details	Url	1	http://webmailcgwip.com/xingsu/msass
Details	Url	1	http://webmailcgwip.com/xingsu/dlhost
Details	Url	1	http://webmailcgwip.com/目标进行分析
Details	Url	1	http://pichostfrm.net
Details	Url	2	https://ti.qianxin.com/blog/articles/analysis-of-apt-campaign-bitter
Details	Url	1	https://www.freebuf.com/articles/database/192726.html