天穹 | 银狐攻击新动向:伪装为GPT安装器的隐秘木马 | CTF导航
Tags
attack-pattern: | Data Server - T1583.004 Server - T1584.004 |
Common Information
Type | Value |
---|---|
UUID | 6a25f2d3-7526-439b-9aff-c7f4906eb3d7 |
Fingerprint | a3423eb27a548073 |
Analysis status | DONE |
Considered CTI value | -2 |
Text language | |
Published | Nov. 10, 2006, midnight |
Added to db | Dec. 16, 2024, 4:08 a.m. |
Last updated | Dec. 21, 2024, 4:22 a.m. |
Headline | 天穹 | 银狐攻击新动向:伪装为GPT安装器的隐秘木马 |
Title | 天穹 | 银狐攻击新动向:伪装为GPT安装器的隐秘木马 | CTF导航 |
Detected Hints/Tags/Attributes | 20/1/45 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.ctfiot.com/219890.html |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 80 | schemas.microsoft.com |
|
Details | Domain | 2 | sandbox.qianxin-inc.cn |
|
Details | Domain | 4 | sandbox.qianxin.com |
|
Details | Domain | 4 | research.qianxin.com |
|
Details | File | 1 | 该样本将自身伪装为chormegpt_install.exe |
|
Details | File | 1 | chormegpt_install.exe |
|
Details | File | 4 | gdfinstall.exe |
|
Details | File | 5 | gameuxinstallhelper.dll |
|
Details | File | 2 | updated.ps1 |
|
Details | File | 1 | policymanagement.xml |
|
Details | File | 1 | userswin10userappdatalocalpolicymanagement.xml |
|
Details | File | 1 | userswin10userappdataroaminggdfinstall.exe |
|
Details | File | 4 | fondue.exe |
|
Details | File | 229 | setup.exe |
|
Details | File | 1 | 下载gdfinstall.exe |
|
Details | File | 1 | 下载gameuxinstallhelper.dll |
|
Details | Github username | 8 | monoxgas |
|
Details | md5 | 1 | 80a3c4cb8b9920a3bee949e8f56161f3 |
|
Details | md5 | 1 | f0d199a0c0f5d5299d9156a2e6d455d9 |
|
Details | md5 | 1 | 040c396b021fdd31c89038a6ef49b5b4 |
|
Details | sha1 | 1 | fbfb6f953acb8924bfacf3d6c84a4991310a9761 |
|
Details | sha1 | 1 | 5db463403df51ec6ee325d5239e608e8d5c3e4ee |
|
Details | sha1 | 1 | c9ac07068c9b1f01fbcf5cfa575c4c2b0cf30733 |
|
Details | sha1 | 1 | 033b61ab5c51e4e3282d956ffa20cc2c50c48ce2 |
|
Details | sha1 | 1 | 9e7967855f3627d999cf9f1d4e424f360092cece |
|
Details | sha1 | 1 | 1f5822fa97e11b8bef57b69f0981589bc5fdfee6 |
|
Details | sha1 | 1 | b12d8396c6c8debad1e029d3631b14784f512ed7 |
|
Details | IPv4 | 3 | 154.82.68.34 |
|
Details | IPv4 | 3 | 134.122.134.93 |
|
Details | Pdb | 1 | independenti386ispsetup.pdb |
|
Details | Url | 1 | https://sandbox.qianxin.com/tq/report/toviewreport.do?rid=80a3c4cb8b9920a3bee949e8f56161f3&sk=33208038 |
|
Details | Url | 2 | https://github.com/monoxgas/srdi |
|
Details | Url | 20 | http://schemas.microsoft.com/windows/2004/02/mit/task |
|
Details | Url | 1 | http://154.82.68.34:16651/gdfinstall.exe |
|
Details | Url | 1 | http://154.82.68.34:16652/gdfinstall.exe |
|
Details | Url | 1 | http://154.82.68.34:16653/gdfinstall.exe |
|
Details | Url | 1 | http://154.82.68.34:16654/gdfinstall.exe |
|
Details | Url | 1 | http://154.82.68.34:16655/gdfinstall.exe |
|
Details | Url | 1 | http://154.82.68.34:16656/gdfinstall.exe |
|
Details | Url | 1 | http://154.82.68.34:16653/gameuxinstallhelper.dll |
|
Details | Url | 1 | https://sandbox.qianxin.com/tq/report/toviewreport.do?rid=f0d199a0c0f5d5299d9156a2e6d455d9&sk=05409144 |
|
Details | Url | 1 | https://sandbox.qianxin.com/tq/report/toviewreport.do?rid=040c396b021fdd31c89038a6ef49b5b4&sk=18791018 |
|
Details | Url | 2 | https://sandbox.qianxin-inc.cn |
|
Details | Url | 3 | https://sandbox.qianxin.com |
|
Details | Url | 4 | https://research.qianxin.com/recruitment |