APT-C-08(蔓灵花)组织WebDAV行动分析 | CTF导航
Tags
attack-pattern: Rundll32 - T1218.011 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 64fc2e47-64ef-41f0-8ad4-33acafbc4917
Fingerprint 47f3da5df59aba11
Analysis status DONE
Considered CTI value -2
Text language
Published Oct. 9, 2024, midnight
Added to db Oct. 21, 2024, 3:13 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline APT-C-08(蔓灵花)组织WebDAV行动分析
Title APT-C-08(蔓灵花)组织WebDAV行动分析 | CTF导航
Detected Hints/Tags/Attributes 4/1/27
Source URLs
Redirection Url
Details Source https://www.ctfiot.com/211062.html
URL Provider
Details Provider Source level domain
Details ctfiot.com www.ctfiot.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 426 CTF导航 https://www.ctfiot.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
fizzillacottages.com
Details Domain 2 
ottawadesignlab.com
Details Domain 2 
pdcunaco.com
Details File 1018 
rundll32.exe
Details File 1 
windowssystem32davclnt.dll
Details File 2 
nft.php
Details File 1 
userspublicdocumentser.log
Details File 2 
同一特性的还有.url
Details File 2 
bv.php
Details md5 2 
7d719c86b16f5d38d3ee2fa620dee222
Details md5 2 
1004f29ebe78873045c33320fa951fb5
Details md5 2 
da8901bae3609684ddb9f5b881822234
Details md5 2 
be10635bc9294580033ac94964179a53
Details md5 2 
0ba559947a8ac9f1acf2e855c1a343e3
Details md5 2 
386c603710c4fbab465ad54a91a575d1
Details md5 2 
76871728d19535235a43557669f06a79
Details IPv4 2 
94.156.175.95
Details IPv4 2 
47.245.111.83
Details Threat Actor Identifier - APT-C 22 
APT-C-08
Details Url 2 
http://94.156.175.95/res/sys32
Details Url 1 
http://94.156.175.95/res/sys32/document.lnk
Details Url 2 
http://47.245.111.83/docx
Details Url 2 
http://fizzillacottages.com/nft.php
Details Url 2 
http://ottawadesignlab.com/res/0
Details Url 2 
http://ottawadesignlab.com/res/note
Details Url 2 
http://pdcunaco.com/zz/bv.php
Details Url 2 
https://pdcunaco.com/zz/bv.php