ioc[.]one - OSINT Cyber Threat Intelligence Database

APT | 海莲花组织利用GrimResource技术进行钓鱼攻击活动分析 | CTF导航

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Mmc - T1218.014

Show in Graph

Common Information

Type	Value
UUID	a4eade84-3465-486c-bfb0-069bf604321a
Fingerprint	65bf598d669048fa
Analysis status	DONE
Considered CTI value	-2
Text language
Published	Oct. 10, 2024, midnight
Added to db	Oct. 16, 2024, 9:23 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	APT \| 海莲花组织利用GrimResource技术进行钓鱼攻击活动分析
Title	APT \| 海莲花组织利用GrimResource技术进行钓鱼攻击活动分析 \| CTF导航
Detected Hints/Tags/Attributes	11/2/24

Source URLs

	Redirection	Url
Details	Source	https://www.ctfiot.com/208200.html

URL Provider

Details	Provider	Source level domain
Details	ctfiot.com	www.ctfiot.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	476	✔	APT – CTF导航	https://www.ctfiot.com/apt/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	101	www.elastic.co
Details	Domain	4127	github.com
Details	Domain	1	sz-everstar.com
Details	Domain	1	everstart.com
Details	Domain	1	xpmediaweb.net
Details	File	1	grimresource技术的关键是利用apds.dll
Details	File	54	mmc.exe
Details	File	1	warp.exe
Details	File	1	filescloudflare目录下释放warp.exe
Details	File	1	和7z.dll
Details	File	1	加载7z.dll
Details	File	1	后续利用dll劫持执行恶意7z.dll
Details	File	20	7z.dll
Details	File	1	slxn9sb9.dmp
Details	Github username	1	zerodetection
Details	md5	1	7445a07afe6d8f21f93308d73cdd7939
Details	md5	1	27c294fce8688de31baa6f0b10ea6cec
Details	md5	1	7a79ab30b38601d2797a04be6194fdc4
Details	md5	1	597fd2daf8db08e4be40caff97223e26
Details	md5	1	80b5bddf4c7e027832fa20b6490ca026
Details	Threat Actor Identifier - APT-Q	9	APT-Q-31
Details	Threat Actor Identifier - APT	132	APT32
Details	Url	3	https://www.elastic.co/security-labs/grimresource
Details	Url	1	https://github.com/zerodetection/msc_dropper