响尾蛇APT组织近期针对周边国家和地区的攻击活动分析
Tags
Common Information
Type | Value |
---|---|
UUID | bed1426f-1a9a-4c0d-8f5c-3bb96b3c72cb |
Fingerprint | fba047aeb6136b96 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | May 20, 2020, midnight |
Added to db | Dec. 21, 2024, 2:16 a.m. |
Last updated | Dec. 21, 2024, 3:06 a.m. |
Headline | 响尾蛇APT组织近期针对周边国家和地区的攻击活动分析 |
Title | 响尾蛇APT组织近期针对周边国家和地区的攻击活动分析 |
Detected Hints/Tags/Attributes | 7/0/59 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/19626 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | classes.zip |
|
Details | Domain | 25 | test.zip |
|
Details | Domain | 32 | sandbox.ti.qianxin.com |
|
Details | Domain | 6 | reawk.net |
|
Details | Domain | 6 | ap-ms.net |
|
Details | Domain | 3 | www.link-cdnl.net |
|
Details | Domain | 4 | kat0x.net |
|
Details | Domain | 5 | cloud-apt.net |
|
Details | Domain | 4 | www.d01fa.net |
|
Details | Domain | 2 | www.nrots.net |
|
Details | Domain | 3 | www.fdn-en.net |
|
Details | Domain | 8 | it.rising.com.cn |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 3 | classes.zip |
|
Details | File | 2 | pak_army_deployed_in_country_in_fight_against_coronavirus.pdf |
|
Details | File | 3 | additional_csd_rebate.pdf |
|
Details | File | 2 | daraz-coupon.pdf |
|
Details | File | 25 | test.zip |
|
Details | File | 2 | lnk以及pak_army_deployed_in_country_in_fight_against_coronavirus.pdf |
|
Details | File | 2 | 执行后将通过mshta.exe |
|
Details | File | 2 | 解码加载的dll名为lnikzip.dll |
|
Details | File | 2 | 若下载成功则通过mshta.exe |
|
Details | File | 2 | 解密执行的dll名为stinstaller.dll |
|
Details | File | 2 | 之后拷贝系统目录下的rekeywiz.exe |
|
Details | File | 2 | 并命名为duser.dll |
|
Details | File | 2 | 之后启动恶意软件目录下的rekeywiz.exe |
|
Details | File | 2 | 采用白加黑的方式加载恶意duser.dll |
|
Details | File | 39 | duser.dll |
|
Details | File | 2 | 名为systemapp.dll |
|
Details | File | 2 | 最终恶意payload也为systemapp.dll |
|
Details | File | 2 | 19658.html |
|
Details | md5 | 2 | 865e7c8013537414b97749e7a160a94e |
|
Details | md5 | 2 | 3c9f64763a24278a6f941e8807725369 |
|
Details | md5 | 2 | 120e3733e167fcabdfd8194b3c49560b |
|
Details | md5 | 2 | 7442b3efecb909cfff4aea4ecaae98d8 |
|
Details | md5 | 2 | d7187130cf52199fae92d7611dc41dac |
|
Details | md5 | 2 | bad0917fdb0963903747e86c33b74c08 |
|
Details | md5 | 2 | 58363311f04f03c6e9ccd17b780d03b2 |
|
Details | md5 | 2 | fef12d62a3b2fbf1d3be1f0c71ae393e |
|
Details | md5 | 2 | f6d29ca878f0815935fc1de2def06c46 |
|
Details | md5 | 2 | dbb09fd0da004742cac805150dbc01ca |
|
Details | md5 | 2 | 2c798c915568b3fd8ee7909c45a43168 |
|
Details | md5 | 2 | 4476ee858c455a84031d3f54a0dfe73d |
|
Details | md5 | 2 | affbb0cf97289220b88dee2961e0a4b3 |
|
Details | md5 | 2 | cf18974bb2f68e7d9d172d939a4ba313 |
|
Details | md5 | 2 | 4dc475b2055b5a880cbd67526b0f6e3c |
|
Details | md5 | 2 | 265222bbe164d55750ca0ee1a53f2de2 |
|
Details | md5 | 2 | 4e5deecb468ab36c5fe347a39878c949 |
|
Details | Url | 9 | https://sandbox.ti.qianxin.com |
|
Details | Url | 94 | https://sandbox.ti.qianxin.com/sandbox/page |
|
Details | Url | 2 | http://www.au-edu.km01s.net/images/e2bc769a/16914/11662/84c7b244/3387c59,http://www.au-edu.km01s.net/cgi/8ee4d36866/16914/11662/eeef4361/file.hta |
|
Details | Url | 2 | https://kat0x.net/202/pqvzogpu3ormmdi7cyxmi9cwfgf2idgzkuiz2ybi/16914/11662/b0aad51f |
|
Details | Url | 2 | https://www.link-cdnl.net/202/cklcpzebtbrgqv4jbbk1at910xhhknvpnnfm4o10/-1/2369/ecc56eb4 |
|
Details | Url | 3 | https://cloud-apt.net/202/h5lvzvpjay89njsklmam4psgoxdnzrgs0ybwrvt7/20/11248/371a005a |
|
Details | Url | 3 | http://www.d01fa.net/images/d817583e/16364/11542/f2976745/966029e |
|
Details | Url | 2 | http://www.nrots.net/images/5328c28b/15936/11348/7c8d64e9/e17e25e |
|
Details | Url | 2 | http://www.fdn-en.net/images/0b0d90ad/-1/2418/9ccd0068/9d68236 |
|
Details | Url | 2 | https://ti.qianxin.com/blog/articles/coronavirus-analysis-of-global-outbreak-related-cyber-attacks |
|
Details | Url | 2 | http://it.rising.com.cn/dongtai/19658.html |