filesyncshell.dll劫持?APT-C-24响尾蛇最新攻击活动简报
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 831f997f-9c28-41a0-a434-f969318cc0f4 |
| Fingerprint | bda03f77ebec96ef |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 18, 2022, midnight |
| Added to db | Oct. 24, 2023, 1:46 p.m. |
| Last updated | Oct. 16, 2024, 2:49 a.m. |
| Headline | filesyncshell.dll劫持?APT-C-24响尾蛇最新攻击活动简报 |
| Title | filesyncshell.dll劫持?APT-C-24响尾蛇最新攻击活动简报 |
| Detected Hints/Tags/Attributes | 3/0/42 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | filesyncshell.cu |
|
| Details | Domain | 2 | mailcantonfair.cssc.info |
|
| Details | File | 2 | filesyncshell.dll |
|
| Details | File | 1 | 响尾蛇组织在本次攻击活动围绕filesyncshell.dll |
|
| Details | File | 1 | 使用恶意程序替换filesyncshell.dll |
|
| Details | File | 1 | 以dll侧加载的方式通过explorer.exe |
|
| Details | File | 1 | 来启动filesyncshell.dll |
|
| Details | File | 3 | image003.png |
|
| Details | File | 4 | image001.png |
|
| Details | File | 1 | %userprofile%\appdata\roaming\microsoft\templates\rec2.doc |
|
| Details | File | 2 | rec2.doc |
|
| Details | File | 17 | filesyncshell64.dll |
|
| Details | File | 1 | image002.png |
|
| Details | File | 1 | %userprofile%\appdata\roaming\microsoft\templates\introduction to canton fair global cooperative partnership program.doc |
|
| Details | File | 4 | program.doc |
|
| Details | File | 1 | 在开机启动时会被explorer.exe |
|
| Details | File | 1 | 此处我们就选filesyncshell.dll |
|
| Details | File | 1 | 在filesyncshell.dll |
|
| Details | File | 37 | 1.dll |
|
| Details | File | 1 | cu.dll |
|
| Details | File | 1 | 在modulemd.dll |
|
| Details | File | 1 | 在classic.dll |
|
| Details | File | 1 | 本次攻击活动中classic.dll |
|
| Details | File | 1 | 历史攻击活动中duser.dll |
|
| Details | File | 1 | classsic.dll |
|
| Details | File | 2 | mailcantonfair.css |
|
| Details | File | 2 | c.inf |
|
| Details | md5 | 1 | 0cc6f7eddb1cd93d05ce9941a1d66dc6 |
|
| Details | md5 | 1 | 013513303527ab53d4b95be0ef084a9a |
|
| Details | md5 | 1 | 648fc56e5fcdd5d1a85404698fcfb3f9 |
|
| Details | md5 | 1 | 3c15c13e8840d8bb87efd8c2b1d8ab9a |
|
| Details | md5 | 1 | 0f3e84d70550be0ccb65b720d076dc76 |
|
| Details | md5 | 1 | cccf525795dd3c08ce06d24a679d7041 |
|
| Details | md5 | 1 | 21683a24ee5ffe675e0a0854de3e8224 |
|
| Details | md5 | 1 | 94a2cc90732548f387920c024055a9e9 |
|
| Details | Url | 1 | https://mailcantonfair.cssc.info/chinaforeigntradecentre-6e7d38eb |
|
| Details | Url | 1 | https://mailcantonfair.cssc.info/3117/1/25399/2/1/0/0/a7ursgszlkeu4pxbess7rzxwwwor1rvypwsg8vna/files-0333f997/0 |
|
| Details | Url | 1 | https://mailcantonfair.cssc.info/3117/1/25399/3/3/0/1865608801/a7ursgszlkeu4pxbess7rzxwwwor1rvypwsg8vna/files-152e08e6/1/cuuimd?t=0&d= |
|
| Details | Url | 1 | https://mailcantonfair.cssc.info/3117/1/25399/3/3/0/1865608801/a7ursgszlkeu4pxbess7rzxwwwor1rvypwsg8vna/files-152e08e6/1/cuuimd |
|
| Details | Url | 1 | https://mailcantonfair.cssc.info/3117/1/25399/3/3/0/1865608801/a7ursgszlkeu4pxbess7rzxwwwor1rvypwsg8vna/files-c221fc39/1/cuuifss |
|
| Details | Url | 1 | https://mailcantonfair.cssc.info/3117/1/25399/2/3/0/1865591248/a7ursgszlkeu4pxbess7rzxwwwor1rvypwsg8vna/files-f776076f/log1 |
|
| Details | Url | 1 | https://mailcantonfair.cssc.info/3117/1/25399/2/3/0/1865591252/a7ursgszlkeu4pxbess7rzxwwwor1rvypwsg8vna/files-c981dc38/log1 |