攻击武器再升级:Donot组织利用伪造签名样本的攻击活动分析
Tags
Common Information
Type Value
UUID 8cd93a21-64b6-4bbf-bb51-692b0e6161a2
Fingerprint db8309340ec167fe
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published Oct. 29, 2020, midnight
Added to db Dec. 20, 2024, 7:18 p.m.
Last updated Dec. 21, 2024, 3:06 a.m.
Headline 攻击武器再升级:Donot组织利用伪造签名样本的攻击活动分析
Title 攻击武器再升级:Donot组织利用伪造签名样本的攻击活动分析
Detected Hints/Tags/Attributes 7/0/36
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 32
sandbox.ti.qianxin.com
Details Domain 4
soundvista.club
Details Domain 1
equest.resolverequest.live
Details Domain 7
firm.tplinkupdates.space
Details Domain 6752
163.com
Details File 4
notification.xls
Details File 2
winuser获取恶意代码保存为adsl.dll
Details File 2
并利用rundll32.exe
Details File 2
启动adsl.dll
Details File 2
adsl.dll
Details File 2
下载执行的adsl.dll
Details File 2
将硬编码的命令写入%appdata%test.bat
Details File 19
test.bat
Details File 2
将下载保存的njjujkyu命名为apic.dll
Details File 3
通过rundll32.exe
Details File 2
同时创建了名为syst-start的计划任务用以运行prodot.exe
Details File 4
apic.dll
Details File 2
%userprofile%\inf\boost\ooo\prodot.exe
Details File 4
prodot.exe
Details File 2
携带着与downloader模块adsl.dll
Details File 8
wuaupdt.exe
Details md5 3
add9de02b97d815ae8ae6ce5228d2ff0
Details md5 2
f915e60a23fc64a79ff2f2d802c31660
Details md5 2
6915d07bc56223086267b98e5fb85951
Details md5 2
3c06c07415668cac4a67dfe54aa4ee29
Details md5 2
06A62E4F4A870F9DA01039716673EB9D
Details md5 2
407a684a0e3a1c804213c7faa9b686dd
Details md5 1
38db0a9fb072f8aff34d77229cf498af
Details md5 1
ba6a046e809b9a5ec79ab2fbfdc83d73
Details md5 1
15499add5ce8f373854df643062ea91a
Details md5 1
68cc4603260646b8d6163a32ce9d81eb
Details sha1 2
85af455d48459b2f941a7282b058c4e819ad7d30
Details Url 9
https://sandbox.ti.qianxin.com
Details Url 2
http://soundvista.club/winuser获取恶意代码保存为adsl.dll,并利用rundll32.exe启动adsl.dll调用其导出函数ajn54ty
Details Url 2
http://soundvista.club/sessionrequest
Details Url 3
https://ti.qianxin.com/blog/articles/donot-apt-group-recent-attacks-on-neighboring-countries-and-regions