奇安信威胁情报中心
Tags
| attack-pattern: | Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | c4712b5a-1d2d-4365-848f-5e1eb7ce860f |
| Fingerprint | bd77af52367abc7a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 31, 2019, midnight |
| Added to db | Jan. 16, 2023, 3:50 p.m. |
| Last updated | Nov. 17, 2024, 6:30 p.m. |
| Headline | UNKNOWN |
| Title | 奇安信威胁情报中心 |
| Detected Hints/Tags/Attributes | 15/1/97 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | cloud.unite.un.org.docs-verify.com |
|
| Details | Domain | 1 | www.ms0ffice.guest-mailclouds.com |
|
| Details | Domain | 1 | datasectioninfo.com |
|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 1 | microsoft.ccivde.com |
|
| Details | Domain | 1 | mail-hostfile.com |
|
| Details | Domain | 1 | oversea-cnki.net |
|
| Details | Domain | 1 | blue.chinfoset.com |
|
| Details | Domain | 1 | lion.waitnetwork.net |
|
| Details | Domain | 1 | service-hq.com |
|
| Details | Domain | 1 | netease.smartsystem36.com |
|
| Details | Domain | 1 | www.morning-place.com |
|
| Details | Domain | 1 | helpdesk-mailservice.com |
|
| Details | Domain | 1 | netease.mail-drivecenter.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | 1 | 该漏洞由laginimaineb@google.com |
||
| Details | File | 49 | nuxt.js |
|
| Details | File | 2 | org.doc |
|
| Details | File | 1 | 20191031.pdf |
|
| Details | File | 1 | start00.html |
|
| Details | File | 4 | exp.html |
|
| Details | File | 1 | exp2.html |
|
| Details | File | 1 | d.jpg |
|
| Details | File | 2 | e.jpg |
|
| Details | File | 1 | 下载带360a.exe |
|
| Details | File | 1 | 访问同目录下的start00.html |
|
| Details | File | 1 | 如果存在可利用的浏览器则会执行exp.html |
|
| Details | File | 1 | 判断浏览器版本和系统版本后执行exp2.html |
|
| Details | File | 1 | np-mswmp.dll |
|
| Details | File | 1 | 在播放1.wmv |
|
| Details | File | 1 | 然后dll执行起来后会执行360a.exe |
|
| Details | File | 1 | 分别位于exp1.html |
|
| Details | File | 1 | 和exp2.html |
|
| Details | File | 1 | 其中exp1.html |
|
| Details | File | 1 | 360a.exe |
|
| Details | File | 1 | 释放svctask.exe |
|
| Details | File | 1 | 和sndvolsso.dll |
|
| Details | File | 2 | sndvolsso.dll |
|
| Details | File | 1 | uac起svctask.exe |
|
| Details | File | 1 | svctask.exe |
|
| Details | File | 1 | side-loading加载np-mswmp.dll |
|
| Details | File | 1 | 修改了正常的np-mswmp.dll |
|
| Details | File | 1 | 并运行起来360a.exe |
|
| Details | File | 1 | 主要功能为解密释放loader程序sndvolsso.dll |
|
| Details | File | 1 | 和远控主程序svctask.exe |
|
| Details | File | 1 | uac技术通过ifileoperation的方式将sndvolsso.dll |
|
| Details | File | 1 | 实现explorer.exe |
|
| Details | File | 1 | uac的方法运行svctask.exe |
|
| Details | File | 1 | doil.php |
|
| Details | File | 1 | 把5个插件通过远程线程注入到进程名为svctask.exe |
|
| Details | File | 1 | pear.dll |
|
| Details | File | 1 | mango.dll |
|
| Details | File | 1 | melon.dll |
|
| Details | File | 1 | peach.dll |
|
| Details | File | 1 | durain.dll |
|
| Details | File | 1 | lemon.dll |
|
| Details | File | 2 | map.php |
|
| Details | File | 1 | daily.php |
|
| Details | File | 1 | flight.php |
|
| Details | File | 1 | net下载apple.exe |
|
| Details | File | 1 | 虎木槿利用该漏洞调用wscript执行v.vbs |
|
| Details | File | 2 | filelocatorproportable.exe |
|
| Details | File | 1 | 释放恶意的sfantibot.exe |
|
| Details | File | 1 | sfantibot.exe |
|
| Details | File | 1 | edrtl.php |
|
| Details | File | 1 | vmcret.exe |
|
| Details | File | 2 | mscowlib.dll |
|
| Details | File | 1 | 360chkcloud.exe |
|
| Details | md5 | 1 | 580da4e63c9e617573831127df6e02fe |
|
| Details | md5 | 1 | 8962b07c12f1e8d1a0cff81b94e21538 |
|
| Details | md5 | 1 | e356e764bc0f2d2807314dae322889de |
|
| Details | md5 | 1 | 2c5f443b2af64be2c35ebbbc56f61ff0 |
|
| Details | md5 | 1 | 0e59d990a6cd93c999481c802ff83c3d |
|
| Details | md5 | 1 | 2205e0119c825b8b5086e648957edf79 |
|
| Details | md5 | 1 | 5b63114850a148dc74cce50a36778880 |
|
| Details | md5 | 1 | 0782a0d6313fbb19a61d1fdc59234812 |
|
| Details | md5 | 1 | 29f84b0c138f0a8c3b1f6c9a43911984 |
|
| Details | md5 | 1 | d2ea8a53e5db1b1d78bdc08d66bc1cf6 |
|
| Details | md5 | 1 | c296fc1c0d181c2e39f4fd5a8bceb70b |
|
| Details | md5 | 1 | 87b65abafbd51bbd30a5eae624401912 |
|
| Details | md5 | 1 | 63b80446ff4cefa9db70f6cdffaa6a05 |
|
| Details | md5 | 1 | aef737cc72ac492ae54cf916cd60b7c1 |
|
| Details | md5 | 1 | 2353c6bc28050fc95ceca63ef608bca8 |
|
| Details | md5 | 1 | fe39b7713f040e839f54edc42af7b63a |
|
| Details | IPv4 | 1 | 190.2.147.128 |
|
| Details | IPv4 | 1 | 194.88.107.34 |
|
| Details | IPv4 | 1 | 193.9.113.180 |
|
| Details | IPv4 | 1 | 88.150.227.110 |
|
| Details | IPv4 | 1 | 141.255.160.250 |
|
| Details | IPv4 | 1 | 62.112.8.79 |
|
| Details | Url | 1 | https://www\.google\.com/url?q=http://\{domain\}/index\.php?addr=xxx&rc=xxx&source=gmail&ust=xxx&usg=xxx |
|
| Details | Url | 1 | http://dict\.xxxxx\.com/appapi/redirect?module=compose\.composemodule&redirecturl=http://oversea\-cnki\[\.\]net/ccps/20191031\.pdf |
|
| Details | Url | 1 | http://datasectioninfo.com/ccps/20191031.pdf |
|
| Details | Url | 1 | http://190.2.147.128/sangfor/cloud/edrtl.php |
|
| Details | Url | 1 | http://62.112.8.79/images/png/p |
|
| Details | Url | 1 | http://190.2.147.128/360-cloud/chk |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/bizr4gamnqmrdomw1uppnw |