Confucius:隐藏在CloudFlare下的垂钓者
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Mshta - T1170 |
Common Information
| Type | Value |
|---|---|
| UUID | 813e2199-d07c-4520-9f50-52b7f3f4d82e |
| Fingerprint | c5d3948f6a2a4c3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 19, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Confucius:隐藏在CloudFlare下的垂钓者 |
| Title | Confucius:隐藏在CloudFlare下的垂钓者 |
| Detected Hints/Tags/Attributes | 28/2/151 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/n6XQAGtNEXfPZXp1mlwDTQ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | pmogov.info |
|
| Details | Domain | 1 | pmogov.online |
|
| Details | Domain | 1 | ndu-edu.digital |
|
| Details | Domain | 1 | psca-gop-pk.digital |
|
| Details | Domain | 1 | nadra.digital |
|
| Details | Domain | 1 | mofa-pk-server.live |
|
| Details | Domain | 1 | fbr-notice.com |
|
| Details | Domain | 1 | fbr-tax.info |
|
| Details | Domain | 1 | notice-fbr.tax |
|
| Details | Domain | 1 | fbr-mail.online |
|
| Details | Domain | 1 | csd-pk.online |
|
| Details | Domain | 1 | wordupdate.net |
|
| Details | Domain | 3 | wordupdate.com |
|
| Details | Domain | 1 | webinstaller.online |
|
| Details | Domain | 3 | the-moondelight.96.lt |
|
| Details | Domain | 1 | release.wordupdate.net |
|
| Details | Domain | 4 | recent.wordupdate.com |
|
| Details | Domain | 1 | t7g5c.app.link |
|
| Details | Domain | 41 | ddns.net |
|
| Details | Domain | 1 | ngs.ml |
|
| Details | Domain | 1 | oni.digital |
|
| Details | Domain | 1 | tifu.live |
|
| Details | Domain | 1 | igns.site |
|
| Details | Domain | 1 | oud.store |
|
| Details | Domain | 1 | date.net |
|
| Details | Domain | 1 | aiya.xyz |
|
| Details | Domain | 1 | taller.online |
|
| Details | Domain | 6 | ce.com |
|
| Details | Domain | 2 | app.link |
|
| Details | Domain | 1 | download1.fbr.gov.pk |
|
| Details | Domain | 3 | baike.baidu.com |
|
| Details | File | 1 | pmogov.inf |
|
| Details | File | 1 | fbr-tax.inf |
|
| Details | File | 1 | jobs_in_ghq_rawalpindi_2022.docm |
|
| Details | File | 1 | dept_ncoc-3-31.xlsm |
|
| Details | File | 1 | digitalassestsaudit.xlsm |
|
| Details | File | 1 | sriu-appform.docm |
|
| Details | File | 1 | microsoft.docm |
|
| Details | File | 1 | sdjkfhkjsdh.txt |
|
| Details | File | 1 | fbr5323-notice.xlsm |
|
| Details | File | 1 | microsoft.xlsm |
|
| Details | File | 1 | poryaenfuaqzye.dll |
|
| Details | File | 1 | sowpntdb.dll |
|
| Details | File | 1 | rioucxkjdiejkhd.dll |
|
| Details | File | 1 | rwlksdnasjd.dll |
|
| Details | File | 1 | print.dll |
|
| Details | File | 1 | jdsuifyiusdyf.txt |
|
| Details | File | 1 | whatsapp.jpeg |
|
| Details | File | 1 | luckydrawaugust2021.pdf |
|
| Details | File | 1 | c:\windows\system32\hsmta.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 1 | hsmta.exe |
|
| Details | File | 2 | luckydraw.cs |
|
| Details | File | 1 | z.vbs |
|
| Details | File | 1 | class_central.zip |
|
| Details | File | 1 | kewiuryjd.txt |
|
| Details | File | 1 | zerotolerancemonth.jpg |
|
| Details | File | 2 | hprodxprnvlm1.php |
|
| Details | File | 3 | vuewsxpogcjwq1.php |
|
| Details | File | 1 | hsfuynm.txt |
|
| Details | File | 28 | goopdate.dll |
|
| Details | File | 2 | update.dot |
|
| Details | File | 1 | bdsfunklo.php |
|
| Details | File | 1 | vksufnduw.php |
|
| Details | File | 1 | sumkdsfui.php |
|
| Details | File | 1 | v6.exe |
|
| Details | File | 27 | file.php |
|
| Details | File | 1 | 202242912443472advisoryno13-2022.pdf |
|
| Details | File | 1 | 20226271462135426advisoryno21-2022.pdf |
|
| Details | File | 2 | linking_south_asian_cyber_espionnage_groups-to-publish.pdf |
|
| Details | md5 | 1 | 41CDCEC8311F735E1ED8D3BAB9192173 |
|
| Details | md5 | 1 | 06B5A67BF37FED5B92C2211F342D7F0A |
|
| Details | md5 | 1 | C676EB09E74308A879658FDA6FCB74FC |
|
| Details | md5 | 1 | 31A5973AFABF2FEBE9690F20AC045973 |
|
| Details | md5 | 1 | FD7555A617420B42BA946FCC5248D07F |
|
| Details | md5 | 1 | 53C5FCDD09A53BAE6C21E0CADD85AEC2 |
|
| Details | md5 | 1 | 46417AD0FC33783C298B7441ACED2C1A |
|
| Details | md5 | 1 | 157C6E86D68D98F777D37C3753322F69 |
|
| Details | md5 | 1 | E05AF60FBB3EC9110ACBF38CD1071F52 |
|
| Details | md5 | 1 | 931A598836097496F21443AE864D160B |
|
| Details | md5 | 1 | 5ACF14897F3EFFF3D60AEE7A76C4753D |
|
| Details | md5 | 1 | 34A84FA5EF9E5F388D7FEA9D91140FC5 |
|
| Details | md5 | 1 | 62FE722B2BF323B318BA1D9C24FDEC51 |
|
| Details | md5 | 1 | CC53E7AEF38AC57499AEB0B1ED3909C9 |
|
| Details | md5 | 1 | 4D12C03CE1F90E329F28CA194ABAB826 |
|
| Details | md5 | 1 | DCFC26743D5E2897112626F67612067D |
|
| Details | md5 | 1 | 021C535B8E70E9EFA74512DB647EF011 |
|
| Details | md5 | 1 | 04F9B8DDD038E3D3DA3AB54AEBE73687 |
|
| Details | md5 | 1 | 08B9C6AEFF78A30BE44694BB650EC198 |
|
| Details | md5 | 1 | 0A1C6D9CD67172995D22FA54946662F0 |
|
| Details | md5 | 1 | 15AE0E6E5B449797F4080E1E9A1ECC3F |
|
| Details | md5 | 1 | 17CB582F64A32C584DF68AEEF23E25F6 |
|
| Details | md5 | 1 | 3DA30534B377B01CCAA3BF25F93AF1BA |
|
| Details | md5 | 1 | 3E3EC6645D75ED83C0C57E3151917B96 |
|
| Details | md5 | 1 | 3FCFE20A4D3C5CD07944328DF25C81C2 |
|
| Details | md5 | 1 | 457101EA5C30C53F9381D7E9AA6432A4 |
|
| Details | md5 | 1 | 78EA0072E01F9BEC53D414C2CAD7C497 |
|
| Details | md5 | 1 | 84D68E7B3AACF245D0C60F94A8D0AC4A |
|
| Details | md5 | 1 | 8736492918F8836D13DEFC6525540610 |
|
| Details | md5 | 1 | 9120216CAE280E802FA22AB29A346119 |
|
| Details | md5 | 1 | 92A0947B1A2CB8CFD645ED585E2001D1 |
|
| Details | md5 | 1 | A52E4EEB2BF7F1BFDAC3E3C0673ECE5F |
|
| Details | md5 | 1 | A8169881B8552852F0D117FDD743F5E0 |
|
| Details | md5 | 1 | B426CE9179226681043CE8ED3ABCA862 |
|
| Details | md5 | 1 | BDF4DEF26EFBF676BB020B4BE49F9011 |
|
| Details | md5 | 1 | BEC908D62554CD16BD857A692BEF6FC6 |
|
| Details | md5 | 1 | C004DC680A8B74B3C99137A73AFE46D7 |
|
| Details | md5 | 1 | C7E1B92397E1C563E9FAA222CBF39BE7 |
|
| Details | md5 | 1 | DEF6F71E3A21F99F9494A4CB1D8D4279 |
|
| Details | md5 | 1 | F6DE9D853EF1B802FC1EF34BD0787ABA |
|
| Details | md5 | 1 | FFCEF12B4AB6DE46454D9AFA1E55379E |
|
| Details | Url | 1 | http://wordupdate.net/micro/upload |
|
| Details | Url | 1 | http://wordupdate.com/refresh/content |
|
| Details | Url | 1 | http://webinstaller.online/office/updates |
|
| Details | Url | 2 | http://wordupdate.com/recent/update |
|
| Details | Url | 1 | https://webinstaller.online/temp/kb4783 |
|
| Details | Url | 1 | http://the-moondelight.96.lt/followup/update/kb756324 |
|
| Details | Url | 1 | http://release.wordupdate.net/object/encode |
|
| Details | Url | 1 | http://recent.wordupdate.com/cloud/sync/upgrade |
|
| Details | Url | 1 | https://t7g5c.app.link/qweqweqw |
|
| Details | Url | 2 | https://luckydraw.csd-pk.co/137/1/39/2/0/0/1812896830/tfucucdhcs3bjtzxyegiy7jy0qsxlmwpuetiphsv/files-0909d81c/hta |
|
| Details | Url | 1 | http://185.203.*.42/uphta/z.vbs |
|
| Details | Url | 1 | http://classcentral-*.ddns.net/tnc/class_central.zip |
|
| Details | Url | 1 | http://dump*ngs.ml/jdsuifyiusdyf.txt |
|
| Details | Url | 1 | http://dump*ngs.ml/kewiuryjd.txt |
|
| Details | Url | 1 | http://dump*ngs.ml/zerotolerancemonth.jpg |
|
| Details | Url | 1 | http://fil*oni.digital/hprodxprnvlm1.php |
|
| Details | Url | 1 | http://fil*oni.digital/vuewsxpogcjwq1.php |
|
| Details | Url | 1 | http://fu*tifu.live/ksjdsudh/hsfuynm.txt |
|
| Details | Url | 1 | http://msd*igns.site/google/goopdate.dll |
|
| Details | Url | 1 | http://office*oud.store/update.dotm |
|
| Details | Url | 1 | http://pirna*m.xyz/bdsfunklo.php |
|
| Details | Url | 1 | http://pirna*m.xyz/vksufnduw.php |
|
| Details | Url | 1 | http://pirna*m.xyz/yblsnyirp |
|
| Details | Url | 1 | http://release.word*date.net/object/encode |
|
| Details | Url | 1 | http://thak*aiya.xyz/bdsfunklo.php |
|
| Details | Url | 1 | http://thak*aiya.xyz/sumkdsfui.php |
|
| Details | Url | 1 | http://thak*aiya.xyz/vksufnduw.php |
|
| Details | Url | 1 | http://webi*taller.online/v6.exe |
|
| Details | Url | 1 | http://webi*taller.online/office/updates |
|
| Details | Url | 1 | http://word*date.net/micro/upload |
|
| Details | Url | 1 | http://word*date.net/wordpress |
|
| Details | Url | 1 | https://www.fbr-no*ce.com/iris/file.php?file=fbr |
|
| Details | Url | 1 | https://t7g*c.app.link/kit8v9gsiqb |
|
| Details | Url | 1 | https://t7g*c.app.link/rkqx1ptsjqb |
|
| Details | Url | 1 | https://t7g*c.app.link/qweqweqw |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites |
|
| Details | Url | 1 | https://download1.fbr.gov.pk/docs/202242912443472advisoryno13-2022.pdf |
|
| Details | Url | 1 | https://download1.fbr.gov.pk/docs/20226271462135426advisoryno21-2022.pdf |
|
| Details | Url | 1 | https://baike.baidu.com/item/深层链接/8441834?fr=aladdin |
|
| Details | Url | 2 | https://www.first.org/resources/papers/tallinn2019/linking_south_asian_cyber_espionnage_groups-to-publish.pdf |