Blitzanalysis: Embassy of Greece Beijing - Compromise
Tags
| country: | Greece |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 9a4144c5-9e79-46fe-83a6-02a4c7d7b6c9 |
| Fingerprint | a9021e4989329cbd |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 20, 2014, midnight |
| Added to db | Jan. 19, 2023, 12:05 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Malware Reversing |
| Title | Blitzanalysis: Embassy of Greece Beijing - Compromise |
| Detected Hints/Tags/Attributes | 31/2/27 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | www.grpressbeijing.com |
|
| Details | Domain | 1 | defense.miraclecz.com |
|
| Details | Domain | 2 | www.motobit.com |
|
| Details | Domain | 1 | buy.miraclecz.com |
|
| Details | Domain | 67 | www.dropbox.com |
|
| Details | Domain | 1 | beijing.zip |
|
| Details | File | 16 | 1.jar |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 35 | index.asp |
|
| Details | File | 1 | base64-decoder-encoder.asp |
|
| Details | File | 131 | spoolsv.exe |
|
| Details | File | 1 | %s%d.txt |
|
| Details | File | 1 | %s%s.ini |
|
| Details | File | 1 | beijing.zip |
|
| Details | sha256 | 1 | b832e4b5a4829c8df6de7b42c5cb32ef25b5ab59072b4c2a7838404cd0dd5e5f |
|
| Details | sha256 | 1 | a4863f44f48d1c4c050dd7baad767a86b348dd4d33924acf4e0a3cd40c6ae29f |
|
| Details | IPv4 | 1 | 208.115.124.83 |
|
| Details | IPv4 | 1 | 74.121.191.33 |
|
| Details | Url | 1 | https://twitter.com/physicaldrive0/status/479921770838102017 |
|
| Details | Url | 1 | http://www.grpressbeijing.com/1.jar |
|
| Details | Url | 1 | http://www.motobit.com/util/base64-decoder-encoder.asp |
|
| Details | Url | 1 | http://buy.miraclecz.com |
|
| Details | Url | 1 | https://www.dropbox.com/s/ckr7p5kka62cc7s/embassy |
|
| Details | Windows Registry Key | 31 | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet |
|
| Details | Windows Registry Key | 22 | HKCU\Software\Microsoft\Internet |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |