笼罩在机顶盒上空的阴影:揭开隐蔽8年黑灰产团伙Bigpanzi的神秘面纱
Tags
| country: | Canada China Netherlands Japan Taiwan United States Of America |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Dns - T1071.004 Dns - T1590.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 7eb8e832-13b5-44b9-b03c-048951635d60 |
| Fingerprint | 5a38d80f8c023323 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 15, 2024, midnight |
| Added to db | Oct. 1, 2024, 3:40 p.m. |
| Last updated | Nov. 17, 2024, 11:36 p.m. |
| Headline | 笼罩在机顶盒上空的阴影:揭开隐蔽8年黑灰产团伙Bigpanzi的神秘面纱 |
| Title | 笼罩在机顶盒上空的阴影:揭开隐蔽8年黑灰产团伙Bigpanzi的神秘面纱 |
| Detected Hints/Tags/Attributes | 49/3/191 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 3 | AS30083 |
|
| Details | Autonomous System Number | 4 | AS174 |
|
| Details | Autonomous System Number | 1 | AS11831 |
|
| Details | Autonomous System Number | 1 | AS16625 |
|
| Details | Autonomous System Number | 25 | AS16509 |
|
| Details | Autonomous System Number | 1 | AS53850 |
|
| Details | Autonomous System Number | 1 | AS54600 |
|
| Details | Autonomous System Number | 3 | AS60781 |
|
| Details | Autonomous System Number | 1 | AS137443 |
|
| Details | Autonomous System Number | 4 | AS396982 |
|
| Details | Domain | 1 | ak.tknxg.cf |
|
| Details | Domain | 768 | www.youtube.com |
|
| Details | Domain | 1 | mf1ve.com |
|
| Details | Domain | 1 | ftsym1.com |
|
| Details | Domain | 1 | dyanoe.com |
|
| Details | Domain | 1 | pandoramain-1794008345.us-west-2.elb.amazonaws.com |
|
| Details | Domain | 1 | pandorabackup-1322908155.us-west-2.elb.amazonaws.com |
|
| Details | Domain | 1 | fadfatest.pneydn.com |
|
| Details | Domain | 1 | xtsj.sisenji.com |
|
| Details | Domain | 1 | 08.2023.zip |
|
| Details | Domain | 1 | ruetsm.mkuspt.com |
|
| Details | Domain | 1 | boxupsev.mkuspt.com |
|
| Details | Domain | 1 | fonestero.com |
|
| Details | Domain | 1 | ok3.mf1ve.com |
|
| Details | Domain | 1 | ok3.mflve.com |
|
| Details | Domain | 1 | abcr.ftsym1.com |
|
| Details | Domain | 1 | pcn.panddna.com |
|
| Details | Domain | 1 | ppn.pnddon.com |
|
| Details | Domain | 1 | apz.bsaldo.com |
|
| Details | Domain | 1 | apz.pdonno.com |
|
| Details | Domain | 1 | jgp.pdltdgie.com |
|
| Details | Domain | 1 | na.sh |
|
| Details | Domain | 1 | pcdnbus.ou2sv.com |
|
| Details | Domain | 1 | pcdnbus-bk.a2k3v.com |
|
| Details | Domain | 1 | srs.sh |
|
| Details | Domain | 1 | wrkv.jiexi.com |
|
| Details | Domain | 54 | godaddy.com |
|
| Details | Domain | 1 | zas8wie.snarutox.com |
|
| Details | Domain | 1 | in32hbccw.oneconcord.net |
|
| Details | Domain | 1 | pu9z3cca.trumpary.com |
|
| Details | Domain | 1 | kp519bpa.fireisi.com |
|
| Details | Domain | 1 | hgxx123p.ourhousei.com |
|
| Details | Domain | 1 | ryy8zc.dotxui.com |
|
| Details | Domain | 1 | plart2z.incenu.com |
|
| Details | Domain | 1 | nikcc32.honisu.com |
|
| Details | Domain | 1 | wwrc9.ngoox.com |
|
| Details | Domain | 1 | iptty3m.dotxui.com |
|
| Details | Domain | 1 | stpoto.sdfaf1230app.net |
|
| Details | Domain | 1 | dlewals.adfoiadf892.net |
|
| Details | Domain | 1 | redavss.noip.me |
|
| Details | Domain | 1 | alchaes.abdc11.com |
|
| Details | Domain | 1 | fadfa.dyanoe.com |
|
| Details | Domain | 1 | fadfa.gdalieyw.com |
|
| Details | Domain | 1 | bas.sw1ez.com |
|
| Details | Domain | 1 | bps.tr2eq.com |
|
| Details | Domain | 1 | caq.xv8ta.com |
|
| Details | Domain | 1 | tano.jdsefbe.com |
|
| Details | Domain | 1 | tano.syhs8u.com |
|
| Details | Domain | 1 | tigx.xjs7zu.com |
|
| Details | Domain | 1 | tigx.xsefbe.com |
|
| Details | Domain | 1 | tyu.sdhenbe.com |
|
| Details | Domain | 1 | vpr.pprv1.com |
|
| Details | Domain | 1 | xihb.bhowljw1.com |
|
| Details | Domain | 1 | xihb.lgewer1f.com |
|
| Details | Domain | 1 | xtsj.ofdad3.com |
|
| Details | Domain | 1 | xtsj.syshebe.com |
|
| Details | Domain | 1 | xtsj.terwea.com |
|
| Details | Domain | 1 | yuo.tyt3s.com |
|
| Details | Domain | 1 | tyu.fart1.com |
|
| Details | Domain | 1 | eumk.wak2p.com |
|
| Details | Domain | 1 | www.qicicloud.xyz |
|
| Details | Domain | 1 | www.tenlsi1.club |
|
| Details | Domain | 1 | api.qicicloud.xyz |
|
| Details | Domain | 1 | api.tenlsi1.club |
|
| Details | Domain | 1 | ageniustv1.cc |
|
| Details | Domain | 295 | amazon.com |
|
| Details | Domain | 1 | lof.sty1x.com |
|
| Details | Domain | 1 | mak.wak2p.com |
|
| Details | Domain | 1 | ageniusapp.cc |
|
| Details | Domain | 1 | sevenmiddleware.cf |
|
| Details | Domain | 1 | isam.homelinux.com |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 1 | channels2.homelinux.com |
|
| Details | Domain | 1 | vup.k2glu.com |
|
| Details | Domain | 1 | qhwh.waks2.com |
|
| Details | Domain | 1 | gt3.kt2wt.com |
|
| Details | Domain | 1 | pukpa.slkd4.com |
|
| Details | Domain | 1 | ji1.mxq1b.com |
|
| Details | Domain | 1 | pf3a.res4f.com |
|
| Details | Domain | 1 | pcdnfuc.ou2sv.com |
|
| Details | Domain | 1 | plslb.ou2sv.com |
|
| Details | Domain | 1 | btyu.pifsq.com |
|
| Details | Domain | 1 | cdab.p2mqt.com |
|
| Details | Domain | 1 | b1.str2c.com |
|
| Details | Domain | 1 | img.p2mqt.com |
|
| Details | Domain | 1 | ageniusvod.cc |
|
| Details | Domain | 1 | dmdz.res4f.com |
|
| Details | Domain | 1 | p5x.ty3w2.com |
|
| Details | Domain | 1 | jdak.jdsaf.com |
|
| Details | Domain | 1 | jdl.oygaf.com |
|
| Details | Domain | 1 | hts.nfdaf.com |
|
| Details | Domain | 1 | hsh.kfdaf.com |
|
| Details | Domain | 1 | jdz.lgdaf.com |
|
| Details | Domain | 1 | zms.mgfdaf.com |
|
| Details | Domain | 1 | snh.oygaf.com |
|
| Details | Domain | 1 | snh.kfdaf.com |
|
| Details | Domain | 1 | brasilhtv-epg1.cc |
|
| Details | Domain | 1 | vfz.str2c.com |
|
| Details | Domain | 1 | dcs.reakf.com |
|
| Details | Domain | 1 | dcs.tefds.com |
|
| Details | Domain | 1 | gsb.reakf.com |
|
| Details | Domain | 1 | gsb.tefds.com |
|
| Details | Domain | 1 | jdl.pugexiz.com |
|
| Details | Domain | 1 | jdl.hgdsd.com |
|
| Details | Domain | 5 | blowfish.new |
|
| Details | File | 1 | package_list.xml |
|
| Details | File | 1 | 它的package_list.xml |
|
| Details | File | 1 | a3-ota-update-202007271610.zip |
|
| Details | File | 9 | 2023.zip |
|
| Details | File | 13 | '.dat |
|
| Details | File | 1 | 19091下载相应的pcdn.tar |
|
| Details | File | 1 | play.gz |
|
| Details | File | 1 | ktptun.gz |
|
| Details | File | 1 | 实际上play.gz |
|
| Details | File | 1 | kcptun.gz |
|
| Details | File | 1 | 解压出的文件是pcdn.tar |
|
| Details | File | 1 | pcdn.tar |
|
| Details | File | 1 | 8388俩个端口就出现在server-multi-port.json |
|
| Details | File | 1 | ryy8zc.dotx |
|
| Details | File | 1 | plart2z.inc |
|
| Details | File | 1 | iptty3m.dotx |
|
| Details | File | 1 | xtsj.sys |
|
| Details | File | 1 | pukpa.slk |
|
| Details | md5 | 1 | 9a1a6d484297a4e5d6249253f216ed69 |
|
| Details | md5 | 1 | 49F65662C089C5E009FB76AF1971F9DA |
|
| Details | md5 | 1 | 7ccdaa9aa63114ab42d49f3fe81519d9 |
|
| Details | md5 | 1 | ce690167abeee4326d5369cceffadaaf |
|
| Details | md5 | 1 | d6285261d6b2d0a26d186e1b831664db |
|
| Details | md5 | 1 | 16047c1cbc51a1e625465a60092499aa |
|
| Details | md5 | 1 | 4079859aae0c6a46c6ba3516bdb500d0 |
|
| Details | md5 | 1 | 59956383454c03084cfc568780a1ac1b |
|
| Details | md5 | 1 | c8b83db92478fc2a1b1e10885ae85d92 |
|
| Details | md5 | 1 | ed69a2228a1280d1bce51b11bc7857d4 |
|
| Details | md5 | 1 | 044122d46b874892227239ef9a1e7b3c |
|
| Details | md5 | 1 | 1bcc313bf3429bcf484f3fafe68726b0 |
|
| Details | md5 | 1 | a4f1808d4430fc2bbf5dc6749388727e |
|
| Details | md5 | 1 | adb3efa194ca5aa377aa53a262744ca1 |
|
| Details | md5 | 1 | 95357a1d45deebd8bdc4ac01a4ad8c08 |
|
| Details | md5 | 1 | 5b2727ba2924fd4d204bf39e601bb77c |
|
| Details | md5 | 1 | 4338e9bd02b42eb458f8515caa3bab8e |
|
| Details | md5 | 1 | 634c0e7fcc9529005a63c2918ad9dcc5 |
|
| Details | IPv4 | 1 | 71.19.252.13 |
|
| Details | IPv4 | 1 | 45.14.106.78 |
|
| Details | IPv4 | 1 | 50.7.118.114 |
|
| Details | IPv4 | 1 | 162.209.126.216 |
|
| Details | IPv4 | 1 | 209.239.115.231 |
|
| Details | IPv4 | 1 | 23.12.198.13 |
|
| Details | IPv4 | 1 | 54.149.89.70 |
|
| Details | IPv4 | 1 | 71.19.250.242 |
|
| Details | IPv4 | 1 | 207.38.87.205 |
|
| Details | IPv4 | 1 | 23.12.198.15 |
|
| Details | IPv4 | 1 | 209.239.115.206 |
|
| Details | IPv4 | 1 | 199.189.87.86 |
|
| Details | IPv4 | 1 | 192.200.112.10 |
|
| Details | IPv4 | 1 | 50.30.37.108 |
|
| Details | IPv4 | 1 | 209.126.116.211 |
|
| Details | IPv4 | 1 | 142.0.141.169 |
|
| Details | IPv4 | 1 | 94.75.218.122 |
|
| Details | IPv4 | 1 | 81.171.0.77 |
|
| Details | IPv4 | 1 | 23.12.198.18 |
|
| Details | IPv4 | 1 | 18.182.215.73 |
|
| Details | IPv4 | 1 | 71.19.250.244 |
|
| Details | IPv4 | 1 | 52.8.212.100 |
|
| Details | IPv4 | 1 | 54.183.19.241 |
|
| Details | IPv4 | 1 | 23.12.198.16 |
|
| Details | IPv4 | 1 | 118.184.69.3 |
|
| Details | IPv4 | 1 | 198.255.88.146 |
|
| Details | IPv4 | 1 | 198.16.66.162 |
|
| Details | IPv4 | 1 | 23.237.10.90 |
|
| Details | IPv4 | 1 | 34.98.72.97 |
|
| Details | IPv4 | 1 | 34.36.1.200 |
|
| Details | IPv6 | 1 | 0::2 |
|
| Details | IPv6 | 2 | 1::2 |
|
| Details | Url | 103 | https://www.youtube.com |
|
| Details | Url | 1 | http://fadfatest.pneydn.com:8080/stb-download/tool |
|
| Details | Url | 1 | http://pandoramain-1794008345.us-west-2.elb.amazonaws.com:8080/marketdatas/dns/hosts |
|
| Details | Url | 1 | http://fadfatest.pneydn.com:8080/stb-download/tool/a.sh |
|
| Details | Url | 1 | http://fadfatest.pneydn.com:8080/stb-download/tool/na.sh |
|
| Details | Url | 1 | http://pandorabackup-1322908155.us-west-2.elb.amazonaws.com:8080/marketdatas/dns/hosts |
|
| Details | Url | 1 | http://pcn.panddna.com:8080/marketdatas/dns/hosts |
|
| Details | Url | 1 | http://eumk.wak2p.com:8080/marketdatas/dns/hosts |