UNKNOWN
Common Information
Type Value
UUID c1b1a36d-be82-4a3a-97ec-994eebcaeb1c
Fingerprint c8b3811ff4993127
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published None
Added to db Dec. 19, 2024, 2:41 p.m.
Last updated Dec. 23, 2024, 7:22 a.m.
Headline UNKNOWN
Title UNKNOWN
Detected Hints/Tags/Attributes 24/1/81
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 3
adamnews.for.ug
Details Domain 5
cr.zip
Details Domain 3
fateh.aba.ae
Details Domain 2
xyzx.zip
Details Domain 3
martnews.aba.ae
Details Domain 3
israanews.zz.com.ve
Details Domain 463
securelist.com
Details Domain 24
www.sohu.com
Details Domain 200
www.fireeye.com
Details Domain 4
www.script-coding.com
Details Domain 8
www.vectra.ai
Details Domain 2
abc.zip
Details Domain 2
hw.zip.zip
Details Domain 2
me325noew.zip
Details Domain 3
mslove.mypressonline.com
Details Domain 4
new2019.mine.nu
Details Domain 3
webhoptest.webhop.info
Details Domain 3
mmksba100.linkpc.net
Details Domain 3
mmksba.dyndns.org
Details Domain 2
303030.zip
Details Domain 6752
163.com
Details File 2
xyzx.zip
Details File 2
d.vbs
Details File 1
done.js
Details File 5
cr.zip
Details File 3
asd.js
Details File 1
down2.js
Details File 2
最终程序将会设置注入的系统进程ctfmon.exe
Details File 1
xyzx.js
Details File 2
然后该程序将会在temp路径下创建img.db
Details File 1
img.db
Details File 3
now-you-see-me-h-worm-by-houdini.html
Details File 4
dynwrapx_eng.html
Details File 11
vectra.ai
Details File 2
abc.zip
Details File 2
linkshw.txt
Details File 2
f_skoifa.vbs
Details File 2
hw.zip
Details File 2
me325noew.zip
Details File 6
webhop.inf
Details File 2
303030.zip
Details md5 2
1D3E3E419B174B2C52C7A5485AAAB7E4
Details md5 3
75ea74251fa57750681c8e6f99696b1b
Details md5 3
d38592133501622f7a649a2b16d0d1d6
Details md5 2
74ef1c5905200ea664a603a67554422b
Details md5 2
9130aa7170a3663cd781010c7261171d
Details md5 2
0992b87c510d4cd135e02e432fcb492b
Details md5 2
e2448384afff94f2cc825d0a6c285e35
Details md5 2
bef000aa7ccfd79b76a645ed60462ed1
Details md5 2
bf14b74f212cf642c83a34f633732b5d
Details md5 2
95194b04018a200d1413f501ff31ecf1
Details md5 2
6e62856152eb198b457487e1eed94d76
Details md5 2
4fa306739fd3ecc75b0ee202a614061d
Details IPv4 2
192.119.111.4
Details IPv4 2
72.21.245.117
Details IPv4 3
94.102.56.143
Details IPv4 2
85.17.26.65
Details Threat Actor Identifier - APT-C 14
APT-C-37
Details Url 2
http://fateh.aba.ae/xyzx.zip
Details Url 2
https://news.softpedia.com/news/moonlight-apt-uses-h-worm-backdoor-to-spy-on-middle-eastern-targets-509667.shtml
Details Url 2
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068
Details Url 2
http://www.sohu.com/a/252565992_100166177
Details Url 3
https://www.fireeye.com/blog/threat-research/2013/09/now-you-see-me-h-worm-by-houdini.html
Details Url 2
https://www.script-coding.com/dynwrapx_eng.html
Details Url 2
https://www.vectra.ai/blogpost/moonlight-middle-east-targeted-attacks
Details Url 2
http://adamnews.for.ug/2020
Details Url 2
http://fateh.aba.ae/abc.zip
Details Url 2
http://martnews.aba.ae/linkshw.txt
Details Url 2
http://192.119.111.4/xx/dv
Details Url 2
http://192.119.111.4/xx/f_skoifa.vbs
Details Url 2
http://adamnews.for.ug/hwdownhww
Details Url 2
http://israanews.zz.com.ve/cr.zip
Details Url 2
http://72.21.245.117/files/hw.zip.zip
Details Url 2
http://192.119.111.4/xx/me325noew.zip
Details Url 2
http://192.119.111.4/xx/f_skoifa.vbs?
Details Url 2
http://192.119.111.4:4587/is-enum-faf
Details Url 2
http://192.119.111.4:4587/is-enum-driver
Details Url 2
http://192.119.111.4:4587/is-ready
Details Url 2
http://192.119.111.4/xx
Details Url 2
http://mslove.mypressonline.com/linkshw.txt
Details Url 33
https://ti.qianxin.com