威胁情报 | 网络空间的“边水往事”?针对华语黑产及用户进行攻击的 APT-K-UN3 活动分析 | CTF导航
Tags
Common Information
| Type | Value |
|---|---|
| UUID | b74b3c48-c8ed-4a10-9c0c-6b94fc49d669 |
| Fingerprint | 3b3c3b9fcf2e3bb6 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Sept. 2, 2024, midnight |
| Added to db | Sept. 9, 2024, 12:17 p.m. |
| Last updated | Nov. 12, 2024, 2:53 p.m. |
| Headline | 威胁情报 | 网络空间的“边水往事”?针对华语黑产及用户进行攻击的 APT-K-UN3 活动分析 |
| Title | 威胁情报 | 网络空间的“边水往事”?针对华语黑产及用户进行攻击的 APT-K-UN3 活动分析 | CTF导航 |
| Detected Hints/Tags/Attributes | 8/0/35 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.ctfiot.com/204392.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | down.letsvpnc.com |
|
| Details | Domain | 1 | letpspn.com |
|
| Details | Domain | 1 | lsetvnp.com |
|
| Details | Domain | 71 | news.sophos.com |
|
| Details | File | 1 | 运行其中的4.exe |
|
| Details | File | 25 | 4.exe |
|
| Details | File | 1 | 线程1主要负责3.txt |
|
| Details | File | 61 | 1.bat |
|
| Details | File | 40 | libcef.dll |
|
| Details | File | 1 | 和svchos.exe |
|
| Details | File | 1 | 线程2负责4.txt |
|
| Details | File | 1 | 线程3负责7.txt |
|
| Details | File | 1 | 例如本例中主程序为4.exe |
|
| Details | File | 5 | 5.txt |
|
| Details | File | 1 | c:\users\public\documents\mm\1.bat |
|
| Details | File | 1 | userspublicdocumentsmmsvchos.exe |
|
| Details | File | 2 | svchos.exe |
|
| Details | File | 1 | 当其运行后则会默认加载libcef.dll |
|
| Details | File | 1 | 这将导致同目录下的libcef.dll |
|
| Details | File | 1 | 的主要功能是读取3.txt |
|
| Details | File | 20 | 3.txt |
|
| Details | File | 1 | 主要功能与ss.txt |
|
| Details | File | 5 | 7.txt |
|
| Details | File | 1 | c:\programdata\microsoft drive\destop.ini |
|
| Details | sha256 | 1 | f4352c9e78031c9296948ea5fa33fad67b91ec8d8604f22b5ea05e2d2f6defc9 |
|
| Details | sha256 | 1 | 07f95b92365d9f6bcba5ef8dc4f9f5a406055ec6639b068432f21b0fa27771de |
|
| Details | sha256 | 1 | 9582653f210bd6bb00a65fc718c30541c66cf0fdd5623da88e2e78c7ac646f8f |
|
| Details | sha256 | 1 | 44caf464ac8f55dc5ade89d37009f41dbc9c2bde77422ae1d443a44d1496517d |
|
| Details | IPv4 | 1 | 206.238.198.201 |
|
| Details | IPv4 | 1 | 38.60.94.134 |
|
| Details | IPv4 | 1 | 206.238.114.130 |
|
| Details | IPv4 | 1 | 118.107.46.2 |
|
| Details | IPv4 | 1 | 43.249.29.202 |
|
| Details | Url | 5 | https://ti.qianxin.com/blog/articles/operation-dragon-dance-the-sword-of-damocles-hanging-over-the-gaming-industry |
|
| Details | Url | 3 | https://news.sophos.com/en-us/2023/05/03/doubled-dll-sideloading-dragon-breath |