奇安信威胁情报中心
Tags
country: | North Korea South Korea |
Common Information
Type | Value |
---|---|
UUID | 95e15162-799b-4b90-94d5-e84d31f40269 |
Fingerprint | 6e41e3112527bb4b |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | July 21, 2020, midnight |
Added to db | Dec. 18, 2024, 11:37 p.m. |
Last updated | Dec. 20, 2024, 9:21 p.m. |
Headline | UNKNOWN |
Title | 奇安信威胁情报中心 |
Detected Hints/Tags/Attributes | 12/1/47 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 2 | authadobe.medianewsonline.com |
|
Details | Domain | 5 | resulview.com |
|
Details | Domain | 2 | take-me.scienceontheweb.net |
|
Details | Domain | 2 | footballs.sportsontheweb.net |
|
Details | Domain | 2 | kutacity.com |
|
Details | File | 125 | nuxt.js |
|
Details | File | 2 | 2020_v4_eng.doc |
|
Details | File | 4 | relations.doc |
|
Details | File | 3 | кндр.doc |
|
Details | File | 4 | zx.exe |
|
Details | File | 2 | 并以加密的url为参数执行zx.exe |
|
Details | File | 2 | 执行其中的zx.bat |
|
Details | md5 | 2 | 16b19998f8bdbaecf07b2556fcbd8d68 |
|
Details | md5 | 2 | 478D643AFC47ABEA4ACB6BEA422F14F1 |
|
Details | md5 | 2 | 2F43138AA75FB12AC482B486CBC98569 |
|
Details | md5 | 2 | A5A2C0AD843A66ACA636CE17066CC417 |
|
Details | md5 | 2 | a49b2a238ec3da5a89c0faba16d55988 |
|
Details | md5 | 2 | da6e5db29ec181d66bdb39dac3f7b7d9 |
|
Details | md5 | 2 | f88720ed70cc3f8482814ff3e3187427 |
|
Details | IPv4 | 4 | 27.255.77.110 |
|
Details | Url | 2 | http://resulview.com/5hado/vbs.txt获取后续解密执行 |
|
Details | Url | 2 | http://27.255.77.110/xwow |
|
Details | Url | 4 | http://resulview.com/5hado/vbs.txt |
|
Details | Url | 3 | https://ti.qianxin.com/blog/articles/analysis-of-konni-apt-organization-attack-activities-disguised-as-korean-android-chat-application |
|
Details | File | 2 | 其中xclientelv.dll |
|
Details | File | 5 | xclientsvc.dll |
|
Details | File | 55 | install.bat |
|
Details | File | 4 | zx.bat |
|
Details | File | 2 | 之后以相应的数值以及install.bat |
|
Details | File | 2 | 为参数执行xclientelv.dll |
|
Details | File | 3 | xclientelv.dll |
|
Details | File | 2 | 则直接启动install.bat |
|
Details | File | 2 | 则绕过uac后再执行install.bat |
|
Details | File | 2 | 功能为将xclientsvc.dll |
|
Details | File | 2 | 以及c2配置信息文件xclientsvc.ini |
|
Details | File | 2 | 之后读取同目录下的xclientsvc.ini |
|
Details | File | 20 | up.php |
|
Details | File | 10 | dn.php |
|
Details | File | 3 | 并通过hwp组件gbb.exe |
|
Details | File | 10 | vbs.txt |
|
Details | File | 10 | no1.txt |
|
Details | md5 | 2 | d41b09aa32633d77a8856dae33b3d7b9 |
|
Details | md5 | 2 | 37e713cf3dfe846aa9cbcc5cd09b92bd |
|
Details | md5 | 2 | 6973fa7aed812980f0539302d64e618f |
|
Details | md5 | 2 | cfa6d0d59624b961edadc04f5dae5777 |
|
Details | md5 | 2 | e9812302ce7e9ca5d42cfd4406a34494 |
|
Details | md5 | 2 | f05495a825e932c841f4d7f4e438ce0b |