UNKNOWN
Tags
country: | Bhutan Nepal Myanmar |
attack-pattern: | Dns - T1071.004 Dns - T1590.002 |
Common Information
Type | Value |
---|---|
UUID | 80296729-37fd-4ed8-b1fd-8dffba849911 |
Fingerprint | e7820d248698157d |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | None |
Added to db | Dec. 19, 2024, 1:42 p.m. |
Last updated | Dec. 25, 2024, 10:29 a.m. |
Headline | UNKNOWN |
Title | UNKNOWN |
Detected Hints/Tags/Attributes | 23/2/74 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/60498 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | svchost.zip |
|
Details | Domain | 2 | dns-mofgovbt.ddns.net |
|
Details | Domain | 2 | mail-mofgovbt.hopto.org |
|
Details | Domain | 2 | microsoftupdte.redirectme.net |
|
Details | Domain | 2 | updatemanager.ddns.net |
|
Details | Domain | 2 | mx2.nepal.gavnp.org |
|
Details | Domain | 2 | cloud.nitc.gavnp.org |
|
Details | Domain | 2 | dns.nepal.gavnp.org |
|
Details | Domain | 2 | mx1.nepal.gavnp.org |
|
Details | Domain | 2 | asean-ajp.myftp.org |
|
Details | Domain | 2 | dof-govmm.sytes.net |
|
Details | Domain | 2 | mail-mohs.servehttp.com |
|
Details | Domain | 2 | drsasa.hopto.org |
|
Details | Domain | 2 | pdf-shanstate.serveftp.com |
|
Details | Domain | 2 | myanmar-apn.serveftp.com |
|
Details | Domain | 2 | mytel-mm.servehttp.com |
|
Details | Domain | 2 | pdf-shanstate.redirectme.net |
|
Details | Domain | 18 | www.antiy.com |
|
Details | Domain | 107 | www.group-ib.com |
|
Details | Domain | 1492 | twitter.com |
|
Details | Domain | 26 | www.antiy.cn |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 1 | globalleadershipprogram1.docm |
|
Details | File | 1 | seniority_list.docm |
|
Details | File | 1200 | svchost.exe |
|
Details | File | 3 | sihosts.exe |
|
Details | File | 149 | conhost.exe |
|
Details | File | 1 | 目录下释放ocu3hbg7gyi9auab.vbs |
|
Details | File | 2 | skriven.vbs |
|
Details | File | 1 | %localappdata%\\microsoft\\svchost.zip |
|
Details | File | 3 | 8lgghf8kipiuu3cm.bat |
|
Details | File | 3 | ocu3hbg7gyi9auab.vbs |
|
Details | File | 2 | unzfile.vbs |
|
Details | File | 2 | unz.vbs |
|
Details | File | 2 | 2l7uuzqbojbhterk.bat |
|
Details | File | 2 | 2byretpbd4isqkys.bat |
|
Details | File | 1 | 解压svchost.zip |
|
Details | File | 7 | d.bat |
|
Details | File | 1 | 为svchost.zip |
|
Details | File | 1 | 解压出的svchost.exe |
|
Details | File | 3 | e.bat |
|
Details | File | 1 | 删除8lgghf8kipiuu3cm.bat |
|
Details | File | 1 | 宏文档释放的svchost.zip |
|
Details | File | 1 | 压缩包中包含nim编写的后门svchost.exe |
|
Details | File | 1 | 通过上述脚本d.bat |
|
Details | File | 1 | 20211119.html |
|
Details | File | 2 | 20200115.html |
|
Details | md5 | 2 | 7bea8ea83d5b4fe5985172dbb4fa1468 |
|
Details | md5 | 2 | 04e9ce276b3cd75fc2b20b9b33080f7e |
|
Details | md5 | 2 | 92612dc223e8f0656512cd882d66f78b |
|
Details | md5 | 2 | c2184d8fd3dd3df9fd6cf7ff8e32a3a4 |
|
Details | md5 | 2 | b2ab01d392d7d20a9261870e709b18d7 |
|
Details | md5 | 2 | 30ddd9ebe00f34f131efcd8124462fe3 |
|
Details | sha256 | 1 | 1409f9d855c06f66fb7d7c7bf9f821b5d1631da926b07dcdb260606e09763ad3 |
|
Details | Url | 94 | https://sandbox.ti.qianxin.com/sandbox/page |
|
Details | Url | 2 | http://dns-mofgovbt.ddns.net/update |
|
Details | Url | 2 | http://mail-mofgovbt.hopto.org/update |
|
Details | Url | 2 | http://microsoftupdte.redirectme.net/update |
|
Details | Url | 2 | http://updatemanager.ddns.net/update |
|
Details | Url | 2 | http://mx2.nepal.gavnp.org/mail/afa |
|
Details | Url | 2 | http://cloud.nitc.gavnp.org/mail/afa |
|
Details | Url | 2 | http://dns.nepal.gavnp.org/mail/afa |
|
Details | Url | 2 | http://mx1.nepal.gavnp.org/mail/afa |
|
Details | Url | 2 | http://asean-ajp.myftp.org/mofa |
|
Details | Url | 2 | http://dof-govmm.sytes.net/mofa |
|
Details | Url | 2 | http://mail-mohs.servehttp.com/mofa |
|
Details | Url | 2 | http://drsasa.hopto.org/mofa |
|
Details | Url | 2 | http://pdf-shanstate.serveftp.com/mofa |
|
Details | Url | 1 | https://www.antiy.com/response/20211119.html |
|
Details | Url | 3 | https://www.group-ib.com/media-center/press-releases/sidewinder-apt-report |
|
Details | Url | 1 | https://www.group-ib.com/resources/research-hub/sidewinder-apt |
|
Details | Url | 1 | https://twitter.com/groupib_ti/status/1625762101758140416 |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/1409f9d855c06f66fb7d7c7bf9f821b5d1631da926b07dcdb260606e09763ad3/community |
|
Details | Url | 2 | https://www.antiy.cn/research/notice&report/research_report/20200115.html |