UNKNOWN
Common Information
Type Value
UUID b751c0e2-3ab1-4173-83ab-eb1d2ae098a6
Fingerprint ecec1d65781033a9
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published None
Added to db Dec. 19, 2024, 3:04 p.m.
Last updated Dec. 23, 2024, 4:12 p.m.
Headline UNKNOWN
Title UNKNOWN
Detected Hints/Tags/Attributes 54/1/136
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 4
cloud-security.ggpht.ml
Details Domain 7
email.gov.in.maildrive.email
Details Domain 4
mireene.com
Details Domain 5
crphone.mireene.com
Details Domain 3
ubf8t346g9.office
Details Domain 17
backup.zip
Details Domain 2
india.zip
Details Domain 128
qq.com
Details Domain 2
com.coronasafetymask.app
Details Domain 2
masksbox.com
Details Domain 3
coronasafetymask.tk
Details Domain 3
com.device.security
Details Domain 1492
twitter.com
Details Domain 40
blog.alyac.co.kr
Details Domain 6752
163.com
Details Email 2
原始文件名].[id].[coronavirus@qq.com
Details File 2
武汉旅行信息收集申请表.xlsm
Details File 2
卫生部指令.docx
Details File 4
新表.xls
Details File 4
covid-19.rar
Details File 7
1.xls
Details File 4
대응.doc
Details File 6
korea.docx
Details File 2
normal.php
Details File 17
backup.zip
Details File 3
cyber.doc
Details File 2
covid-19-faq.xls
Details File 2
2.eml
Details File 2
requisition.xls
Details File 2
恶意的宏代码将会从远程下载文件并通过rundll32.exe
Details File 2
avoid.msg
Details File 2
vessel.xls
Details File 2
measures.eml
Details File 2
organization_pdf.gz
Details File 2
运行后将解密一个可执行文件注入到regasm.exe
Details File 2
中国男子在马尼拉死于肺炎.exe
Details File 2
菲律宾各大楼冠状肺炎名单-1.exe
Details File 2
菲律宾各大楼冠状肺炎名单.exe
Details File 2
这个文章很可靠.exe
Details File 2
口罩价格及例图.exe
Details File 2
公司重要通知新冠肺炎防范措施.exe
Details File 43
sample.exe
Details File 2
india.zip
Details File 3
covid-19.exe
Details File 2
以covid-19.exe
Details File 2
家族在疫情期间投递的sample.exe
Details File 2
点击查询冠状病毒消息.exe
Details File 2
covid-19.apk
Details File 2
coronavirus.apk
Details File 2
coronasafetymask.apk
Details File 2
coronavirus_tracker.apk
Details File 2
covidcompany.slk
Details File 2
eeskiri-covid-19.chm
Details File 3
coronavirus.doc
Details File 2
covid22_form.vbs
Details File 2
covid-19.vbs
Details File 6
coronavirus_covid-19.vbs
Details File 2
以covid22_form.vbs
Details File 8
update.jar
Details md5 2
53b31f65bb6ced61c5bafa8e4c98e9e8
Details md5 2
0ACECAD57C4015E14D9B3BB02B433D3E
Details md5 4
e074c234858d890502c7bb6905f0716e
Details md5 4
e262407a5502fa5607ad3b709a73a2e0
Details md5 3
a9dac36efd7c99dc5ef8e1bf24c2d747
Details md5 5
a4388c4d0588cd3d8a607594347663e0
Details md5 2
1a7232ef1386f78e76052827d8f703ae
Details md5 3
501b86caaa8399d508a30cdb07c78453
Details md5 2
8d172a2eb3d94322b34a2586365eb442
Details md5 2
baef0f7897694a3d2783cef0b19239be
Details md5 2
d5930a9698f1d6aa8bb4ec61a1e1b314
Details md5 2
9b389a1431bf046aa94623dd4b218302
Details md5 2
f75c658265dd97c22c6ba3b99f50cb78
Details md5 2
fb5f82e67745216ad87d92a8d9a5c3d8
Details md5 2
3a0a6dbc2ba326854621f3baf87f611c
Details md5 2
87ad582f478099a6d98bf4b2527d0175
Details md5 2
258eda999b9ac33c52b53f4d8c77dcb0
Details md5 2
72ecf3804af2d9016fa765a708e25b7c
Details md5 2
dc0b5e263ce35f03ccdb097ba8c76d9d
Details md5 2
52316b66ced3426d244735d26fa0e259
Details md5 2
055d1462f66a350d9886542d4d79bc2b
Details md5 2
f94d84da27bd095fdeaf08ed4f7d8c9a
Details md5 2
6245712b2f127a1595adab16b8224faf
Details md5 2
d8f6c66f84546ef19d8373f3bc9f1185
Details md5 2
2C522F3527DEF8AC97958CD2C89A7C29
Details md5 3
B8328A55E1C340C1B4C7CA622AD79649
Details md5 2
d7d43c0bf6d4828f1545017f34b5b54c
Details md5 3
D1D417235616E4A05096319BB4875F57
Details md5 2
e92d7a5ed21c5504316e046875d07444
Details md5 2
6c27a66fc08deef807cd7c27650bf88f
Details md5 2
42c6b1b0e770887c461c51002b3b71d2
Details md5 2
97fe215dd21915ed7530fa0501ad903c
Details md5 2
c97e9545291fb0af77630cb52f411caa
Details md5 5
7a1288c7be386c99fad964dbd068964f
Details md5 2
583c8dc8e20c8337b79c6f6aaacca903
Details md5 2
b08dc707dcbc1604cfd73b97dc91a44c
Details md5 2
3519b57181da2548b566d3c49f2bae18
Details md5 2
78359730705d155d5c6928586d53a68e
Details md5 2
21b837f22afa8d9ca85368c69025a9f4
Details md5 5
d739f10933c11bd6bd9677f91893986c
Details md5 2
74572fba26f5e988b297ec5ea5c8ac1c
Details md5 2
a30391c51e0f2e57aa38bbe079c64e26
Details md5 2
2c268c58756eb83c4ecfd908d1b482ea
Details md5 2
fe852bb041f4daba68a80206966e12c0
Details md5 2
4d30ea0082881d85ff865140b284ec3f
Details md5 2
f264626b18a074010f64cf3e467c4060
Details md5 2
bc102766521118a99fc99c09beb8b5fe
Details md5 2
18d156e18a9c23bc1ea9dbe5ca1bdb9d
Details md5 2
038d513fe3d04057b93a81e45826d141
Details md5 2
5c5cffca81810952b66d8d7bb3bd2065
Details md5 2
324445e12e6efabd9c9299342bd72e29
Details md5 2
5585ea31ee7903aade5c85b9f76364e8
Details md5 2
b48c3f716ebdb56ec2647b1e83049aa3
Details md5 2
097c83d36393cc714e9867bd87871938
Details md5 2
2036755c86ce5ce006ca76a7025d5d09
Details md5 2
2ea346432bfb1cbc120d43c4de906cda
Details md5 2
4d412d13b20be55f6834eae8aba916a7
Details md5 2
29e8800ebaa43e3c9a8b9c8a2fcf0689
Details md5 2
dce43ca5113bb214359d0d2d08630f38
Details md5 2
e75c159d4f96a6a9307c7a32e98900e3
Details md5 2
d6557715b015a2ff634e4ffd5d53ffba
Details md5 2
2c522f3527def8ac97958cd2c89a7c29
Details IPv4 7
107.175.64.209
Details IPv4 2
185.62.188.204
Details Threat Actor Identifier - APT-C 24
APT-C-09
Details Url 3
http://email.gov.in.maildrive.email/?att=1581914657
Details Url 2
http://email.gov.in.maildrive.email/进行样本下发
Details Url 2
http://crphone.mireene.com/plugin/editor/templates/normal.php?name=web下载带有恶意宏的文档继续运行
Details Url 2
http://t.zer2.com下载恶意文件到本地并放入到powershell中加载执行
Details Url 2
https://masksbox.com
Details Url 2
http://coronasafetymask.tk
Details Url 2
http://185.62.188.204下载后续的远控exe到本地执行以控制受害者计算机
Details Url 94
https://sandbox.ti.qianxin.com/sandbox/page
Details Url 2
https://twitter.com/reddrip7/status/1237983760802394112
Details Url 2
https://twitter.com/reddrip7/status/1237619274581041157
Details Url 3
https://twitter.com/reddrip7/status/1230683740508000256
Details Url 2
https://blog.alyac.co.kr/2347