‘银狐’肆虐,奇安信情报沙箱助力识别 | CTF导航
Tags
Common Information
Type | Value |
---|---|
UUID | a07df0e4-1489-47cd-86ab-9112e2c024da |
Fingerprint | 4fdf9b6dc59062d0 |
Analysis status | DONE |
Considered CTI value | -2 |
Text language | |
Published | Dec. 4, 2024, midnight |
Added to db | Dec. 16, 2024, 2:58 p.m. |
Last updated | Dec. 23, 2024, 12:17 p.m. |
Headline | ‘银狐’肆虐,奇安信情报沙箱助力识别 |
Title | ‘银狐’肆虐,奇安信情报沙箱助力识别 | CTF导航 |
Detected Hints/Tags/Attributes | 7/0/134 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.ctfiot.com/220065.html |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 32 | sandbox.ti.qianxin.com |
|
Details | Domain | 19 | setup.zip |
|
Details | Domain | 2 | ggfy.yongchengs.top |
|
Details | Domain | 2 | 36o.sdoepfl.icu |
|
Details | Domain | 2 | s60.nnhywl.cn |
|
Details | Domain | 2 | liul3.odnxjw.cn |
|
Details | Domain | 2 | quakr.top |
|
Details | Domain | 2 | ggmi.momliao.com |
|
Details | Domain | 2 | kkw.ajoiel.cn |
|
Details | Domain | 2 | kkt.jefhbi.cn |
|
Details | Domain | 2 | xrrkk.zzdoo.cn |
|
Details | Domain | 2 | xr.xi856d.estate |
|
Details | Domain | 4 | weishi.zzdoo.cn |
|
Details | Domain | 2 | 3los.idwos2349.top |
|
Details | Domain | 2 | gangyun245r.top |
|
Details | Domain | 5 | s3.ap-southeast-1.amazonaws.com |
|
Details | Domain | 2 | ysjfhsy.aws |
|
Details | Domain | 2 | 36oliulanq-setups-guangwang.zip |
|
Details | Domain | 2 | yfshfsj2.aws |
|
Details | Domain | 2 | 30.zip |
|
Details | Domain | 2 | pub-8ed16f91310345e590de9dd62d2b6ac3.r2.dev |
|
Details | Domain | 2 | anzhuangs-1326698919.cos.ap-guangzhou.myqcloud.com |
|
Details | Domain | 2 | sunloginsupe.zip |
|
Details | Domain | 2 | pub-37eebc2746d84c518cd61f7ae2dc06eb.r2.dev |
|
Details | Domain | 4702 | github.com |
|
Details | File | 19 | setup.zip |
|
Details | File | 2 | 主机行为的进程信息显示压缩包中的chormegpt_install.exe |
|
Details | File | 1 | usersadminappdataroaminggdfinstall.exe |
|
Details | File | 2 | 点击chormegpt_install.exe |
|
Details | File | 2 | 向%appdata%目录中写入gdfinstall.exe |
|
Details | File | 3 | 和gameuxinstallhelper.dll |
|
Details | File | 2 | 34下载释放的gdfinstall.exe |
|
Details | File | 2 | 点击gdfinstall.exe |
|
Details | File | 2 | 可以看到加载了下载的gameuxinstallhelper.dll |
|
Details | File | 5 | gameuxinstallhelper.dll |
|
Details | File | 2 | 34下载gdfinstall.exe |
|
Details | File | 103 | download.php |
|
Details | File | 2 | 压缩包中仅含chormegpt_install.exe |
|
Details | File | 3 | 白加黑的gameuxinstallhelper.dll |
|
Details | File | 2 | 与chormegpt_install.exe |
|
Details | File | 2 | 执行的导出函数vfpower首先调用cmd.exe |
|
Details | File | 2 | 落地updated.ps1 |
|
Details | File | 2 | 和policymanagement.xml |
|
Details | File | 5 | 通过cmd.exe |
|
Details | File | 2 | 执行updated.ps1 |
|
Details | File | 2 | 并在成功添加后将updated.ps1 |
|
Details | File | 2 | 首先注入svchost.exe |
|
Details | File | 3 | 并使用schtasks.exe |
|
Details | File | 4 | gdfinstall.exe |
|
Details | File | 2 | 36oliulanq-setups-guangwang.zip |
|
Details | File | 2 | 30.zip |
|
Details | File | 2 | x64-kuake.msi |
|
Details | File | 2 | sunloginsupe.zip |
|
Details | File | 3 | 32.zip |
|
Details | File | 21 | 3.zip |
|
Details | Github username | 8 | monoxgas |
|
Details | Github username | 3 | killeven |
|
Details | Github username | 4 | idov31 |
|
Details | Github username | 2 | blacksnufkin |
|
Details | md5 | 2 | 29f5b882672831acdd59c1627fdffb5c |
|
Details | md5 | 2 | CF748E03790AD8666B4C831205EFAC5E |
|
Details | md5 | 2 | 056F3C9C5E49D25B4BCB1E2BFB7CC4F0 |
|
Details | md5 | 2 | B53E8F927CFFF5DF17823155AEBEAB32 |
|
Details | md5 | 2 | 5B28FFF10A95A4F52253235250C727A6 |
|
Details | md5 | 2 | BC617ACE915A3E56CFBD2D5523B6BBEB |
|
Details | md5 | 2 | 29F5B882672831ACDD59C1627FDFFB5C |
|
Details | md5 | 2 | B201F835FF30732D1E741E97D44BDE2C |
|
Details | md5 | 2 | B75334793AE74A2F860522AAB0BF25D4 |
|
Details | md5 | 2 | D9ED64C7852603F04805D3575BFF53C0 |
|
Details | md5 | 2 | EF41A99D88F14DF92FB0169FDCD1F42C |
|
Details | md5 | 2 | 3073E91A288C9E8FF9F131416660D62F |
|
Details | md5 | 2 | 8531437DB60D02A9ACA6AAC370F87545 |
|
Details | md5 | 2 | 93F51ADAEF9D7FE2448FEDD3F0BA2339 |
|
Details | md5 | 2 | 888B78F699EC1803203691ADB70C2F7B |
|
Details | md5 | 2 | AF348B109CB5B4960FABF8AF0C821EC1 |
|
Details | md5 | 2 | 3607956AC07FC8C2D17E8D5B8061DC9D |
|
Details | md5 | 2 | 97371DE008823A1B2982C8A04C150C21 |
|
Details | md5 | 2 | 07AA96FF21E8236309A0C022897A4FEF |
|
Details | md5 | 2 | 0FFF1F5201918D894926B1EC5216F41B |
|
Details | md5 | 2 | 2C1EA161308DBCABFA9FC4579CB0AB97 |
|
Details | md5 | 2 | 341B88AFCE61D20B5F05D331736F2D29 |
|
Details | md5 | 2 | 2D486EDD40E390C3FEE362D2BA971848 |
|
Details | md5 | 2 | 73C0EBD56B58ECD16EC87712B1C99290 |
|
Details | md5 | 7 | D41D8CD98F00B204E9800998ECF8427E |
|
Details | md5 | 2 | 039322D393C9932DF206F25D7E22F57D |
|
Details | md5 | 2 | 5E938B56D424974500E1D54A4F145890 |
|
Details | md5 | 2 | 0FAD52CA924581631C281F1785EAFAB5 |
|
Details | md5 | 2 | CF2B939DFD00491A3264E72785E3E9E3 |
|
Details | md5 | 2 | B6010A7EC99886E81CF291ACBD593435 |
|
Details | md5 | 2 | FC48B4E8CDF5F08BB0FD45FEEA9C9A34 |
|
Details | md5 | 2 | 8ed16f91310345e590de9dd62d2b6ac3 |
|
Details | md5 | 2 | 37eebc2746d84c518cd61f7ae2dc06eb |
|
Details | IPv4 | 3 | 134.122.134.93 |
|
Details | IPv4 | 3 | 154.82.68.34 |
|
Details | IPv4 | 2 | 64.12.10.32 |
|
Details | IPv4 | 2 | 118.107.44.219 |
|
Details | IPv4 | 2 | 45.204.84.3 |
|
Details | IPv4 | 3 | 38.60.94.134 |
|
Details | IPv4 | 2 | 195.130.202.232 |
|
Details | IPv4 | 2 | 154.19.163.84 |
|
Details | IPv4 | 2 | 45.195.148.20 |
|
Details | Url | 94 | https://sandbox.ti.qianxin.com/sandbox/page |
|
Details | Url | 2 | https://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=azoql_ifonzsmf3 |
|
Details | Url | 2 | https[://ggfy.yongchengs.top/download.php |
|
Details | Url | 2 | https[://ggfy.yongchengs.top/uploads/202412/installshield |
|
Details | Url | 2 | https://36o.sdoepfl.icu |
|
Details | Url | 2 | https://s60.nnhywl.cn |
|
Details | Url | 2 | https://liul3.odnxjw.cn |
|
Details | Url | 2 | https://quakr.top |
|
Details | Url | 2 | https://ggmi.momliao.com |
|
Details | Url | 2 | https://kkw.ajoiel.cn/kugou |
|
Details | Url | 2 | https://kkt.jefhbi.cn/kugou |
|
Details | Url | 2 | https://kkt.jefhbi.cn/shurufa |
|
Details | Url | 2 | https://xrrkk.zzdoo.cn |
|
Details | Url | 2 | https://xr.xi856d.estate |
|
Details | Url | 4 | https://weishi.zzdoo.cn |
|
Details | Url | 2 | https://3los.idwos2349.top |
|
Details | Url | 2 | https://gangyun245r.top |
|
Details | Url | 2 | https://ggfy.yongchengs.top |
|
Details | Url | 2 | http[://154.82.68.34:16653/gdfinstall.exe |
|
Details | Url | 2 | http[://154.82.68.34:16653/gameuxinstallhelper.dll |
|
Details | Url | 2 | https[://s60.nnhywl.cn/download.php |
|
Details | Url | 2 | https[://s3.ap-southeast-1.amazonaws.com/ysjfhsy.aws/36oliulanq-setups-guangwang.zip |
|
Details | Url | 2 | https[://s3.ap-southeast-1.amazonaws.com/yfshfsj2.aws/36opvcer-wieaomztinrso1.1.30.zip |
|
Details | Url | 2 | https[://pub-8ed16f91310345e590de9dd62d2b6ac3.r2.dev/x64-kuake.msi |
|
Details | Url | 2 | https[://anzhuangs-1326698919.cos.ap-guangzhou.myqcloud.com/sunloginsupe.zip |
|
Details | Url | 2 | https[://jbleawe56545w.oss-ap-northeast-2.aliyuncs.com/dhwiafiw1210/360-setups_vvindow_64.12.10.32.zip |
|
Details | Url | 2 | https[://pub-37eebc2746d84c518cd61f7ae2dc06eb.r2.dev/beta360weishi-11.3.zip |
|
Details | Url | 2 | https://github.com/monoxgas/srdi/tree/master |
|
Details | Url | 2 | https://github.com/killeven/dlltoshellcode |
|
Details | Url | 3 | https://github.com/idov31/nidhogg |
|
Details | Url | 2 | https://github.com/blacksnufkin/byovd |
|
Details | Windows Registry Key | 2 | HKEY_CURRENT_USERConsole |
|
Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINESOFTWAREIpDates_info |