天穹 | 银狐攻击新动向:伪装为GPT安装器的隐秘木马 | CTF导航
Common Information
Type Value
UUID 6a25f2d3-7526-439b-9aff-c7f4906eb3d7
Fingerprint a3423eb27a548073
Analysis status DONE
Considered CTI value -2
Text language
Published Nov. 10, 2006, midnight
Added to db Dec. 16, 2024, 4:08 a.m.
Last updated Dec. 21, 2024, 4:22 a.m.
Headline 天穹 | 银狐攻击新动向:伪装为GPT安装器的隐秘木马
Title 天穹 | 银狐攻击新动向:伪装为GPT安装器的隐秘木马 | CTF导航
Detected Hints/Tags/Attributes 20/1/45
Source URLs
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 426 CTF导航 https://www.ctfiot.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 80
schemas.microsoft.com
Details Domain 2
sandbox.qianxin-inc.cn
Details Domain 4
sandbox.qianxin.com
Details Domain 4
research.qianxin.com
Details File 1
该样本将自身伪装为chormegpt_install.exe
Details File 1
chormegpt_install.exe
Details File 4
gdfinstall.exe
Details File 5
gameuxinstallhelper.dll
Details File 2
updated.ps1
Details File 1
policymanagement.xml
Details File 1
userswin10userappdatalocalpolicymanagement.xml
Details File 1
userswin10userappdataroaminggdfinstall.exe
Details File 4
fondue.exe
Details File 229
setup.exe
Details File 1
下载gdfinstall.exe
Details File 1
下载gameuxinstallhelper.dll
Details Github username 8
monoxgas
Details md5 1
80a3c4cb8b9920a3bee949e8f56161f3
Details md5 1
f0d199a0c0f5d5299d9156a2e6d455d9
Details md5 1
040c396b021fdd31c89038a6ef49b5b4
Details sha1 1
fbfb6f953acb8924bfacf3d6c84a4991310a9761
Details sha1 1
5db463403df51ec6ee325d5239e608e8d5c3e4ee
Details sha1 1
c9ac07068c9b1f01fbcf5cfa575c4c2b0cf30733
Details sha1 1
033b61ab5c51e4e3282d956ffa20cc2c50c48ce2
Details sha1 1
9e7967855f3627d999cf9f1d4e424f360092cece
Details sha1 1
1f5822fa97e11b8bef57b69f0981589bc5fdfee6
Details sha1 1
b12d8396c6c8debad1e029d3631b14784f512ed7
Details IPv4 3
154.82.68.34
Details IPv4 3
134.122.134.93
Details Pdb 1
independenti386ispsetup.pdb
Details Url 1
https://sandbox.qianxin.com/tq/report/toviewreport.do?rid=80a3c4cb8b9920a3bee949e8f56161f3&sk=33208038
Details Url 2
https://github.com/monoxgas/srdi
Details Url 20
http://schemas.microsoft.com/windows/2004/02/mit/task
Details Url 1
http://154.82.68.34:16651/gdfinstall.exe
Details Url 1
http://154.82.68.34:16652/gdfinstall.exe
Details Url 1
http://154.82.68.34:16653/gdfinstall.exe
Details Url 1
http://154.82.68.34:16654/gdfinstall.exe
Details Url 1
http://154.82.68.34:16655/gdfinstall.exe
Details Url 1
http://154.82.68.34:16656/gdfinstall.exe
Details Url 1
http://154.82.68.34:16653/gameuxinstallhelper.dll
Details Url 1
https://sandbox.qianxin.com/tq/report/toviewreport.do?rid=f0d199a0c0f5d5299d9156a2e6d455d9&sk=05409144
Details Url 1
https://sandbox.qianxin.com/tq/report/toviewreport.do?rid=040c396b021fdd31c89038a6ef49b5b4&sk=18791018
Details Url 2
https://sandbox.qianxin-inc.cn
Details Url 3
https://sandbox.qianxin.com
Details Url 4
https://research.qianxin.com/recruitment