UNKNOWN
Tags
attack-pattern: | Javascript - T1059.007 Mshta - T1218.005 Powershell - T1059.001 Mshta - T1170 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | c1b1a36d-be82-4a3a-97ec-994eebcaeb1c |
Fingerprint | c8b3811ff4993127 |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | None |
Added to db | Dec. 19, 2024, 2:41 p.m. |
Last updated | Dec. 23, 2024, 7:22 a.m. |
Headline | UNKNOWN |
Title | UNKNOWN |
Detected Hints/Tags/Attributes | 24/1/81 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/15511 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | adamnews.for.ug |
|
Details | Domain | 5 | cr.zip |
|
Details | Domain | 3 | fateh.aba.ae |
|
Details | Domain | 2 | xyzx.zip |
|
Details | Domain | 3 | martnews.aba.ae |
|
Details | Domain | 3 | israanews.zz.com.ve |
|
Details | Domain | 463 | securelist.com |
|
Details | Domain | 24 | www.sohu.com |
|
Details | Domain | 200 | www.fireeye.com |
|
Details | Domain | 4 | www.script-coding.com |
|
Details | Domain | 8 | www.vectra.ai |
|
Details | Domain | 2 | abc.zip |
|
Details | Domain | 2 | hw.zip.zip |
|
Details | Domain | 2 | me325noew.zip |
|
Details | Domain | 3 | mslove.mypressonline.com |
|
Details | Domain | 4 | new2019.mine.nu |
|
Details | Domain | 3 | webhoptest.webhop.info |
|
Details | Domain | 3 | mmksba100.linkpc.net |
|
Details | Domain | 3 | mmksba.dyndns.org |
|
Details | Domain | 2 | 303030.zip |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 2 | xyzx.zip |
|
Details | File | 2 | d.vbs |
|
Details | File | 1 | done.js |
|
Details | File | 5 | cr.zip |
|
Details | File | 3 | asd.js |
|
Details | File | 1 | down2.js |
|
Details | File | 2 | 最终程序将会设置注入的系统进程ctfmon.exe |
|
Details | File | 1 | xyzx.js |
|
Details | File | 2 | 然后该程序将会在temp路径下创建img.db |
|
Details | File | 1 | img.db |
|
Details | File | 3 | now-you-see-me-h-worm-by-houdini.html |
|
Details | File | 4 | dynwrapx_eng.html |
|
Details | File | 11 | vectra.ai |
|
Details | File | 2 | abc.zip |
|
Details | File | 2 | linkshw.txt |
|
Details | File | 2 | f_skoifa.vbs |
|
Details | File | 2 | hw.zip |
|
Details | File | 2 | me325noew.zip |
|
Details | File | 6 | webhop.inf |
|
Details | File | 2 | 303030.zip |
|
Details | md5 | 2 | 1D3E3E419B174B2C52C7A5485AAAB7E4 |
|
Details | md5 | 3 | 75ea74251fa57750681c8e6f99696b1b |
|
Details | md5 | 3 | d38592133501622f7a649a2b16d0d1d6 |
|
Details | md5 | 2 | 74ef1c5905200ea664a603a67554422b |
|
Details | md5 | 2 | 9130aa7170a3663cd781010c7261171d |
|
Details | md5 | 2 | 0992b87c510d4cd135e02e432fcb492b |
|
Details | md5 | 2 | e2448384afff94f2cc825d0a6c285e35 |
|
Details | md5 | 2 | bef000aa7ccfd79b76a645ed60462ed1 |
|
Details | md5 | 2 | bf14b74f212cf642c83a34f633732b5d |
|
Details | md5 | 2 | 95194b04018a200d1413f501ff31ecf1 |
|
Details | md5 | 2 | 6e62856152eb198b457487e1eed94d76 |
|
Details | md5 | 2 | 4fa306739fd3ecc75b0ee202a614061d |
|
Details | IPv4 | 2 | 192.119.111.4 |
|
Details | IPv4 | 2 | 72.21.245.117 |
|
Details | IPv4 | 3 | 94.102.56.143 |
|
Details | IPv4 | 2 | 85.17.26.65 |
|
Details | Threat Actor Identifier - APT-C | 14 | APT-C-37 |
|
Details | Url | 2 | http://fateh.aba.ae/xyzx.zip |
|
Details | Url | 2 | https://news.softpedia.com/news/moonlight-apt-uses-h-worm-backdoor-to-spy-on-middle-eastern-targets-509667.shtml |
|
Details | Url | 2 | https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068 |
|
Details | Url | 2 | http://www.sohu.com/a/252565992_100166177 |
|
Details | Url | 3 | https://www.fireeye.com/blog/threat-research/2013/09/now-you-see-me-h-worm-by-houdini.html |
|
Details | Url | 2 | https://www.script-coding.com/dynwrapx_eng.html |
|
Details | Url | 2 | https://www.vectra.ai/blogpost/moonlight-middle-east-targeted-attacks |
|
Details | Url | 2 | http://adamnews.for.ug/2020 |
|
Details | Url | 2 | http://fateh.aba.ae/abc.zip |
|
Details | Url | 2 | http://martnews.aba.ae/linkshw.txt |
|
Details | Url | 2 | http://192.119.111.4/xx/dv |
|
Details | Url | 2 | http://192.119.111.4/xx/f_skoifa.vbs |
|
Details | Url | 2 | http://adamnews.for.ug/hwdownhww |
|
Details | Url | 2 | http://israanews.zz.com.ve/cr.zip |
|
Details | Url | 2 | http://72.21.245.117/files/hw.zip.zip |
|
Details | Url | 2 | http://192.119.111.4/xx/me325noew.zip |
|
Details | Url | 2 | http://192.119.111.4/xx/f_skoifa.vbs? |
|
Details | Url | 2 | http://192.119.111.4:4587/is-enum-faf |
|
Details | Url | 2 | http://192.119.111.4:4587/is-enum-driver |
|
Details | Url | 2 | http://192.119.111.4:4587/is-ready |
|
Details | Url | 2 | http://192.119.111.4/xx |
|
Details | Url | 2 | http://mslove.mypressonline.com/linkshw.txt |
|
Details | Url | 33 | https://ti.qianxin.com |