ioc[.]one - OSINT Cyber Threat Intelligence Database

奇安信威胁情报中心

Tags

country:	Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	a2eda9a0-0731-4c48-9e50-702f12ebd3f9
Fingerprint	83bd757f806db6fa
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 10, 2020, midnight
Added to db	Sept. 11, 2022, 12:30 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	UNKNOWN
Title	奇安信威胁情报中心
Detected Hints/Tags/Attributes	16/3/84

Source URLs

	Redirection	Url
Details	Source	https://ti.qianxin.com/blog/articles/Hackers-in-Eastern-Europe-Use-Harpoon-Mail-to-Target-Activities-in-Ukraine/

URL Provider

Details	Provider	Source level domain
Details	qianxin.com	ti.qianxin.com

Attributes

Details	Type	#Events	Value
Details	Domain	6	danwin1210.me
Details	Domain	1	mail-info.space
Details	Domain	2	kyiv-mail.site
Details	Domain	2	email-online.site
Details	Domain	14	ssu.gov.ua
Details	Domain	1	rnbo.gov.ua
Details	Domain	1	dp.gov.ua
Details	Domain	1	dpsu.gov.ua
Details	Domain	49	ukr.net
Details	Domain	1	proserpinus.online
Details	Domain	1	lwrotct.dot
Details	Domain	1	kasidvk.3utilities.com
Details	Domain	1	wdewdif.dot
Details	Domain	1	jikods.hopto.org
Details	Domain	1	eaurvhk.dot
Details	Domain	2	vincula.online
Details	Domain	2	decursio.online
Details	Domain	2	darvini.xyz
Details	Domain	1	inform.3utilities.com
Details	Domain	2	cultiventris.online
Details	Domain	2	rainbowt.site
Details	Domain	2	coriandrum.xyz
Details	Domain	1	caruman.xyz
Details	Domain	1	sangorits.hopto.org
Details	Domain	1	forkasimov.hopto.org
Details	Domain	1	sort.freedynamicdns.org
Details	Domain	1	hiodus.bounceme.net
Details	Domain	1	geros.freedynamicdns.org
Details	Domain	1	strigigena.ru
Details	Domain	1	testudos.ru
Details	Email	1	i.dadinskiy@i.ua
Details	Email	1	secretar-apu@i.ua
Details	Email	1	svchernytsia@adps.dpsu
Details	Email	1	k.savchuk@mail-info.space
Details	Email	1	atc@kyiv-mail.site
Details	Email	1	klimov@email-online.site
Details	Email	1	o.belokurdi@email-online.site
Details	Email	1	usbu_vol@ssu.gov.ua
Details	Email	1	ab75zak@ssu.gov.ua
Details	Email	1	usbu_ivf@ssu.gov.ua
Details	Email	1	iac2@rnbo.gov.ua
Details	Email	1	cyber_cherg@adps.dpsu
Details	Email	1	e-contact@dp.gov.ua
Details	Email	1	dpsu@dpsu.gov.ua
Details	Email	1	shava_a@ukr.net
Details	File	49	nuxt.js
Details	File	1	shalimov.docx
Details	File	1	lwrotct.dot
Details	File	2	2020.docx
Details	File	1	wdewdif.dot
Details	File	1	eaurvhk.dot
Details	File	1	同时在该目录下释放名为googledisk.vbs
Details	File	1	googledisk.vbs
Details	File	3	item.php
Details	File	816	index.html
Details	File	1	会先在下载目录下释放一个名为printhood.vbs
Details	File	1	接着在同目录生成一个名为document.rtf
Details	File	1	分别为printhood.vbs
Details	File	1	和将要下载来的printhood.exe
Details	File	1	修改注册表对printhood.vbs
Details	File	1	最后打开document.rtf
Details	File	1	文档并运行printhood.vbs
Details	File	1	printhood.vbs
Details	File	1	income.php
Details	File	1	interrupt.php
Details	File	1	inspector.php
Details	File	1	intimate.php
Details	File	1	updates.html
Details	File	2	key.html
Details	File	4	history.html
Details	File	1	otm中的宏代码会实现将模板注入样本contact.docx
Details	File	2	cookie.php
Details	File	1	hasty.html
Details	md5	1	11550f9b4e5891951152c2060bc94f95
Details	md5	1	6abde64d0e51ba00cccab05365570cea
Details	md5	1	b841990b6f15fa26bbbb11e217229bf7
Details	md5	1	4423f7fb0367292571150f4a16cdec9a
Details	md5	1	88b6af1f1583e80dbd3e5930f042cf95
Details	md5	1	02aae0f838095a9d70004dae8d600aa1
Details	md5	1	aa7c27927cdc2752fb19ed5ebef77c2e
Details	md5	1	c307be292d9b688827c22de2464abb32
Details	md5	1	6667410352cbba61e7c49389d55921a1
Details	IPv4	1	78.40.219.213
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\GoogleDisk