UNKNOWN
Common Information
Type Value
UUID 80296729-37fd-4ed8-b1fd-8dffba849911
Fingerprint e7820d248698157d
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published None
Added to db Dec. 19, 2024, 1:42 p.m.
Last updated Dec. 25, 2024, 10:29 a.m.
Headline UNKNOWN
Title UNKNOWN
Detected Hints/Tags/Attributes 23/2/74
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 3
svchost.zip
Details Domain 2
dns-mofgovbt.ddns.net
Details Domain 2
mail-mofgovbt.hopto.org
Details Domain 2
microsoftupdte.redirectme.net
Details Domain 2
updatemanager.ddns.net
Details Domain 2
mx2.nepal.gavnp.org
Details Domain 2
cloud.nitc.gavnp.org
Details Domain 2
dns.nepal.gavnp.org
Details Domain 2
mx1.nepal.gavnp.org
Details Domain 2
asean-ajp.myftp.org
Details Domain 2
dof-govmm.sytes.net
Details Domain 2
mail-mohs.servehttp.com
Details Domain 2
drsasa.hopto.org
Details Domain 2
pdf-shanstate.serveftp.com
Details Domain 2
myanmar-apn.serveftp.com
Details Domain 2
mytel-mm.servehttp.com
Details Domain 2
pdf-shanstate.redirectme.net
Details Domain 18
www.antiy.com
Details Domain 107
www.group-ib.com
Details Domain 1492
twitter.com
Details Domain 26
www.antiy.cn
Details Domain 6752
163.com
Details File 1
globalleadershipprogram1.docm
Details File 1
seniority_list.docm
Details File 1200
svchost.exe
Details File 3
sihosts.exe
Details File 149
conhost.exe
Details File 1
目录下释放ocu3hbg7gyi9auab.vbs
Details File 2
skriven.vbs
Details File 1
%localappdata%\\microsoft\\svchost.zip
Details File 3
8lgghf8kipiuu3cm.bat
Details File 3
ocu3hbg7gyi9auab.vbs
Details File 2
unzfile.vbs
Details File 2
unz.vbs
Details File 2
2l7uuzqbojbhterk.bat
Details File 2
2byretpbd4isqkys.bat
Details File 1
解压svchost.zip
Details File 7
d.bat
Details File 1
为svchost.zip
Details File 1
解压出的svchost.exe
Details File 3
e.bat
Details File 1
删除8lgghf8kipiuu3cm.bat
Details File 1
宏文档释放的svchost.zip
Details File 1
压缩包中包含nim编写的后门svchost.exe
Details File 1
通过上述脚本d.bat
Details File 1
20211119.html
Details File 2
20200115.html
Details md5 2
7bea8ea83d5b4fe5985172dbb4fa1468
Details md5 2
04e9ce276b3cd75fc2b20b9b33080f7e
Details md5 2
92612dc223e8f0656512cd882d66f78b
Details md5 2
c2184d8fd3dd3df9fd6cf7ff8e32a3a4
Details md5 2
b2ab01d392d7d20a9261870e709b18d7
Details md5 2
30ddd9ebe00f34f131efcd8124462fe3
Details sha256 1
1409f9d855c06f66fb7d7c7bf9f821b5d1631da926b07dcdb260606e09763ad3
Details Url 94
https://sandbox.ti.qianxin.com/sandbox/page
Details Url 2
http://dns-mofgovbt.ddns.net/update
Details Url 2
http://mail-mofgovbt.hopto.org/update
Details Url 2
http://microsoftupdte.redirectme.net/update
Details Url 2
http://updatemanager.ddns.net/update
Details Url 2
http://mx2.nepal.gavnp.org/mail/afa
Details Url 2
http://cloud.nitc.gavnp.org/mail/afa
Details Url 2
http://dns.nepal.gavnp.org/mail/afa
Details Url 2
http://mx1.nepal.gavnp.org/mail/afa
Details Url 2
http://asean-ajp.myftp.org/mofa
Details Url 2
http://dof-govmm.sytes.net/mofa
Details Url 2
http://mail-mohs.servehttp.com/mofa
Details Url 2
http://drsasa.hopto.org/mofa
Details Url 2
http://pdf-shanstate.serveftp.com/mofa
Details Url 1
https://www.antiy.com/response/20211119.html
Details Url 3
https://www.group-ib.com/media-center/press-releases/sidewinder-apt-report
Details Url 1
https://www.group-ib.com/resources/research-hub/sidewinder-apt
Details Url 1
https://twitter.com/groupib_ti/status/1625762101758140416
Details Url 1
https://www.virustotal.com/gui/file/1409f9d855c06f66fb7d7c7bf9f821b5d1631da926b07dcdb260606e09763ad3/community
Details Url 2
https://www.antiy.cn/research/notice&report/research_report/20200115.html