ioc[.]one - OSINT Cyber Threat Intelligence Database

[RE023] Phân tích nhanh và xử lý loạt biến thể mã độc mới của nhóm tin tặc Panda đã từng tấn công Ban Cơ yếu Chính Phủ Việt Nam đang hoạt động mạnh gần đây

Tags

attack-pattern:

Data Malware - T1587.001 Malware - T1588.001 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	c661379f-ea08-4e12-8a37-e8c2f7a7fc22
Fingerprint	17be017defa67657
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 3, 2021, 1:48 p.m.
Added to db	Oct. 23, 2023, 12:21 a.m.
Last updated	Nov. 16, 2024, 12:12 p.m.
Headline	UNKNOWN
Title	[RE023] Phân tích nhanh và xử lý loạt biến thể mã độc mới của nhóm tin tặc Panda đã từng tấn công Ban Cơ yếu Chính Phủ Việt Nam đang hoạt động mạnh gần đây
Detected Hints/Tags/Attributes	36/1/55

Source URLs

	Redirection	Url
Details	Source	https://blog.vincss.net/2021/07/re023-phan-tich-va-xu-ly-loat-bien-the-ma-doc-moi-cua-Panda-da-tung-tan-cong-BCYCP-VN.html

URL Provider

Details	Provider	Source level domain
Details	vincss.net	blog.vincss.net

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	71	✔	—	https://blog.vincss.net/feeds/posts/default?alt=rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	21	cr.yp.to
Details	Domain	268	www.virustotal.com
Details	Domain	2	www.newshcm.com
Details	Domain	2	www.sexphm.com
Details	Domain	2	xxx.codepage-core.xxx
Details	Domain	2	nls.bt
Details	Domain	2	malware.report
Details	Domain	3	vincss.net
Details	Email	2	malware.report@vincss.net
Details	File	5	smanager_ssl.dll
Details	File	2	msiscsi.dll
Details	File	2	verifierpr.dll
Details	File	6	wercplsupport.dll
Details	File	2	dllsvchdtchx64.bin
Details	File	2	errorsvc.dll
Details	File	2	stuffe.dll
Details	File	2	tmp01.dat
Details	File	5	winsec.dll
Details	File	2	access.sys
Details	File	2	dllhijkdtchx64.bin
Details	File	13	wmiapsrv.exe
Details	File	2	axlnst.bin
Details	File	2	koreanflass.bin
Details	File	2	vsmapi.dll
Details	File	2	vfwwdm.dll
Details	File	2	pubiapi.dll
Details	File	2	c_xxxx.dll
Details	File	2	checkcp.exe
Details	File	2	nlsscan.exe
Details	File	11	sfc.exe
Details	sha256	2	2b15479eb7ec43f7a554dce40fe6a4263a889ba58673b7490a991e7d66703bc8
Details	sha256	2	08f2e828fe16c22515f0b8b7a5ccf9489ceeb58802ded94da4a3e13acd011e32
Details	sha256	2	4578b3bf586658c47c8db1d497a8994d7637d28f16a11af9f6af64836085d4ed
Details	sha256	2	8061df4d29ea57a420491f0db4bf37964070cc695f4b1b45af40e46194cc8c36
Details	sha256	2	4b1928dbaf68e427db2f3971ea2ff5604d210ef0dee876d57281d7e395da8c37
Details	sha256	2	d2beff6d7f5be68cdda36182d010e8103d86053fcc63f1166fec42727c26558d
Details	sha256	2	d28984576620aebfa929767ad9453fe7549c969716d41ba49cbe6ca7fae72789
Details	sha256	2	3714568d8c8b7359259e968664de3a6c13d6d7c16559dfb0a25f9aa8194e8de4
Details	sha256	2	b69d9ed06cba8eea081df01bad146abb004a4cf5fb6b296017d82ebb18975386
Details	sha256	2	5afc41060cf62d1613219caa108eb9714074479a413f4a26797c0358fc95a4db
Details	sha256	2	8dd13f34d1734d3c844474ce98a4f39244e511bafbefd59b18bb7fb0b52ce895
Details	sha256	2	9abf047566c6e9bd77120e8eb6c3503eef7c05dd4fd0abac9046d495291e5c8d
Details	sha256	2	60fe689bafb1ce4def3fab1c91e69e46b223869314e4364fa8efb12e6a0bafba
Details	sha256	2	68e871190f405131635ccaa851339c9ca3f61c3b6a9d84dbd7afc99b65edd588
Details	sha256	2	918ad6c918b26de1e112281393f6ced9141712484bb0da5f8250fb36fc0d476b
Details	sha256	2	c092546e9db9424d454cc21047d847ad93424440e7a4d339fe58fa9a4d8f6913
Details	IPv4	2	172.16.22.22
Details	Pdb	3	1.pdb
Details	Pdb	2	c:\users\machine\desktop\work\20200913\auto_firefox\x64\release\8.pdb
Details	Pdb	2	c:\dev\16\3\x64\release\f71.pdb
Details	Pdb	2	c:\dev\17d\release\7.pdb
Details	Pdb	2	c:\users\vs\desktop\auto_firefox\x64\release\8.pdb
Details	Url	2	http://cr.yp.to/snuffle/ecrypt.c
Details	Url	2	https://www.virustotal.com/gui/search/content%3a%22u0fbsp2ddytlhiq9mxseexmh7jbin3k%22/files
Details	Url	2	https://www.hybrid-analysis.com/string-search/results/08f2e828fe16c22515f0b8b7a5ccf9489ceeb58802ded94da4a3e13acd011e32