Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment
Tags
Common Information
| Type | Value |
|---|---|
| UUID | c66b0871-a790-4319-b9dd-2b86dba58195 |
| Fingerprint | ea1409dbcef7a68d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 21, 2018, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 360 核心安全技术博客 |
| Title | Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment |
| Detected Hints/Tags/Attributes | 123/3/236 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blogs.360.cn/post/APT_C_01_en.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 2 | AS1688 |
|
| Details | CVE | 39 | cve-2014-4114 |
|
| Details | CVE | 57 | cve-2017-8759 |
|
| Details | CVE | 176 | cve-2012-0158 |
|
| Details | CVE | 18 | cve-2014-6352 |
|
| Details | Domain | 212 | technet.microsoft.com |
|
| Details | Domain | 25 | www.cve.mitre.org |
|
| Details | Domain | 243 | cve.mitre.org |
|
| Details | Domain | 2 | api-upload.kanbox.com |
|
| Details | Domain | 2 | auth.kanbox.com |
|
| Details | Domain | 9 | tmp.zip |
|
| Details | Domain | 3 | updateinfo.servegame.org |
|
| Details | Domain | 2 | zxcv201789.dynssl.com |
|
| Details | Domain | 1 | gaewaaa.upgrinfo.com |
|
| Details | Domain | 2 | moneyaaa.beijingdasihei.com |
|
| Details | Domain | 3 | javainfo.upgrinfo.com |
|
| Details | Domain | 9 | news.xinhuanet.com |
|
| Details | Domain | 3 | 126mailserver.serveftp.com |
|
| Details | Domain | 2 | access.webplurk.com |
|
| Details | Domain | 2 | aliago.dyndns.dk |
|
| Details | Domain | 2 | as1688.webhop.org |
|
| Details | Domain | 2 | babana.wikaba.com |
|
| Details | Domain | 2 | backaaa.beijingdasihei.com |
|
| Details | Domain | 2 | bt0116.servebbs.net |
|
| Details | Domain | 2 | ceepitbj.servepics.com |
|
| Details | Domain | 2 | check.blogdns.com |
|
| Details | Domain | 2 | china.serveblog.net |
|
| Details | Domain | 3 | chinamil.lflink.com |
|
| Details | Domain | 3 | cluster.safe360.dns05.com |
|
| Details | Domain | 2 | cnwww.m-music.net |
|
| Details | Domain | 2 | fff.dynamic-dns.net |
|
| Details | Domain | 2 | gaewaa.upgrinfo.com |
|
| Details | Domain | 2 | givemea.ygto.com |
|
| Details | Domain | 2 | givemeaaa.upgrinfo.com |
|
| Details | Domain | 2 | goldlion.mefound.com |
|
| Details | Domain | 2 | gugupd.008.net |
|
| Details | Domain | 2 | guliu2008.9966.org |
|
| Details | Domain | 2 | hyssjc.securitytactics.com |
|
| Details | Domain | 2 | jason.zyns.com |
|
| Details | Domain | 2 | jerry.jkub.com |
|
| Details | Domain | 4 | kav2011.mooo.com |
|
| Details | Domain | 2 | kouwel.zapto.org |
|
| Details | Domain | 2 | laizaow.mefound.com |
|
| Details | Domain | 2 | localhosts.ddns.us |
|
| Details | Domain | 2 | mail.sends.sendsmtp.com |
|
| Details | Domain | 4 | mail163.mypop3.net |
|
| Details | Domain | 2 | mailsends.sendsmtp.com |
|
| Details | Domain | 2 | mediatvset.no-ip.org |
|
| Details | Domain | 2 | motices.ourhobby.com |
|
| Details | Domain | 2 | mp3.dnset.com |
|
| Details | Domain | 2 | netlink.vizvaz.com |
|
| Details | Domain | 2 | operater.solaris.nu |
|
| Details | Domain | 2 | pps.longmusic.com |
|
| Details | Domain | 2 | ps1688.webhop.org |
|
| Details | Domain | 4 | rising.linkpc.net |
|
| Details | Domain | 4 | safe360.dns05.com |
|
| Details | Domain | 2 | sandy.ourhobby.com |
|
| Details | Domain | 4 | soagov.sytes.net |
|
| Details | Domain | 4 | soagov.zapto.org |
|
| Details | Domain | 4 | soasoa.sytes.net |
|
| Details | Domain | 2 | ssy.ikwb.com |
|
| Details | Domain | 2 | ssy.mynumber.org |
|
| Details | Domain | 2 | svcsrset.ezua.com |
|
| Details | Domain | 2 | teacat.https443.org |
|
| Details | Domain | 2 | tong.wikaba.com |
|
| Details | Domain | 2 | updates.lflink.com |
|
| Details | Domain | 2 | usa08.serveftp.net |
|
| Details | Domain | 2 | waterfall.mynumber.org |
|
| Details | Domain | 2 | webupdate.dnsrd.com |
|
| Details | Domain | 2 | www.safe360.dns05.com |
|
| Details | Domain | 2 | www.ssy.ikwb.com |
|
| Details | Domain | 2 | www.tong.wikaba.com |
|
| Details | Domain | 2 | wwwdo.tyur.acmetoy.com |
|
| Details | Domain | 4 | xinhua.redirectme.net |
|
| Details | Domain | 2 | bearingonly.rebatesrule.net |
|
| Details | Domain | 2 | canberk.gecekodu.com |
|
| Details | Domain | 2 | emailser163.serveusers.com |
|
| Details | Domain | 2 | fevupdate.ocry.com |
|
| Details | Domain | 2 | geiwoaaa.qpoe.com |
|
| Details | Domain | 2 | hy-zhqopin.mynumber.org |
|
| Details | Domain | 2 | l63service.serveuser.com |
|
| Details | Domain | 2 | microsoftword.serveuser.com |
|
| Details | Domain | 2 | office.go.dyndns.org |
|
| Details | Domain | 2 | uswebmail163.sendsmtp.com |
|
| Details | Domain | 2 | winsysupdate.dynamic-dns.net |
|
| Details | Domain | 2 | wmiaprp.ezua.com |
|
| Details | Domain | 2 | www.service.justdied.com |
|
| Details | Domain | 2 | officepatch.dnset.com |
|
| Details | Domain | 2 | pouhui.diskstation.org |
|
| Details | Domain | 2 | comehigh.mefound.com |
|
| Details | Domain | 2 | annie165.zyns.com |
|
| Details | File | 1 | doc.ppt |
|
| Details | File | 1 | xls.wps |
|
| Details | File | 4 | ms12-027.aspx |
|
| Details | File | 2 | ms14-060.aspx |
|
| Details | File | 2 | 3010060.aspx |
|
| Details | File | 2 | ms14-064.aspx |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 1 | profiles.log |
|
| Details | File | 8 | svch0st.exe |
|
| Details | File | 2 | atnewyrr.exe |
|
| Details | File | 9 | tmp.zip |
|
| Details | File | 2 | newyrr.exe |
|
| Details | File | 2 | doll.exe |
|
| Details | File | 2 | aaa.vbs |
|
| Details | File | 12 | b.bat |
|
| Details | File | 53 | server.exe |
|
| Details | File | 9 | officeupdate.exe |
|
| Details | File | 3 | tiny1detvghrt.tmp |
|
| Details | File | 1 | tinyq1detvghrt.tmp |
|
| Details | File | 82 | kernelbase.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 2 | work.tmp |
|
| Details | File | 2 | %s.bak |
|
| Details | File | 5 | tmp.tmp |
|
| Details | File | 1 | 2012年度涉台法学研究课题材料.doc |
|
| Details | File | 1 | 2012年度涉台周边问题研究课题材料.doc |
|
| Details | File | 1 | 2013年度涉台周边问题研究课题材料.doc |
|
| Details | File | 1 | 关于海峡两岸关系法学研究会2012年年会暨会员大会的通报.doc |
|
| Details | File | 2 | 关于两岸关系研究学术座谈会的背景材料.doc |
|
| Details | File | 1 | 海峡两岸关系研究会2013年度涉台周边问题研究征集选题.zip |
|
| Details | File | 2 | 海峡论坛深层次推动两岸关系.exe |
|
| Details | File | 2 | 两岸军事互信研究学术研讨会议邀请信.doc |
|
| Details | File | 1 | 台盟中央参政议政工作通讯2013年第2期.doc |
|
| Details | File | 2 | c_1110741502.htm |
|
| Details | File | 4 | cluster.safe |
|
| Details | File | 72 | www.safe |
|
| Details | md5 | 2 | 67d5f04fb0e00addc4085457f40900a2 |
|
| Details | md5 | 2 | 03d762794a6fe96458d8228bb7561629 |
|
| Details | md5 | 2 | 0595f5005f237967dcfda517b26497d6 |
|
| Details | md5 | 2 | 07561810d818905851ce6ab2c1152871 |
|
| Details | md5 | 2 | 0e80fca91103fe46766dcb0763c6f6af |
|
| Details | md5 | 2 | 1374e999e1cda9e406c19dfe99830ffc |
|
| Details | md5 | 2 | 1396cafb08ca09fac5d4bd2f12c65059 |
|
| Details | md5 | 2 | 1ab54f5f0b847a1aaaf00237d3a9f0ba |
|
| Details | md5 | 2 | 1aca8cd40d9b84cab225d333b09f9ba5 |
|
| Details | md5 | 2 | 1dc61f30feeb60995174692e8d864312 |
|
| Details | md5 | 2 | 250c9ec3e77d1c6d999ce782c69fc21b |
|
| Details | md5 | 2 | 2579b715ea1b76a1979c415b139fdee7 |
|
| Details | md5 | 2 | 26d7f7aa3135e99581119f40986a8ac3 |
|
| Details | md5 | 2 | 27f683baed7b02927a591cdc0c850743 |
|
| Details | md5 | 2 | 28e4545e9944eb53897ee9acf67b1969 |
|
| Details | md5 | 2 | 2a96042e605146ead06b2ee4835baec3 |
|
| Details | md5 | 2 | 2c405d608b600655196a4aa13bdb3790 |
|
| Details | md5 | 2 | 30866adc2976704bca0f051b5474a1ee |
|
| Details | md5 | 2 | 31c81459c10d3f001d2ccef830239c16 |
|
| Details | md5 | 2 | 3484302809ac3df6ceec857cb4f75fb1 |
|
| Details | md5 | 2 | 36c23c569205d6586984a2f6f8c3a39e |
|
| Details | md5 | 2 | 382132e601d7a4ae39a4e7d89457597f |
|
| Details | md5 | 2 | 3e12538b6eaf19ca163a47ea599cfa9b |
|
| Details | md5 | 4 | 41c7e09170037fafe95bb691df021a20 |
|
| Details | md5 | 2 | 45e983ae2fca8dacfdebe1b1277102c9 |
|
| Details | md5 | 2 | 4e57987d0897878eb2241f9d52303713 |
|
| Details | md5 | 2 | 5696bbee662d75f9be0e8a9ed8672755 |
|
| Details | md5 | 2 | 5e4c2fbcd0308a0b9af92bf87383604f |
|
| Details | md5 | 2 | 5ee2958b130f9cda8f5f3fc1dc5249cf |
|
| Details | md5 | 2 | 5f1a1ff9f272539904e25d300f2bfbcc |
|
| Details | md5 | 2 | 611cefaee48c5f096fb644073247621c |
|
| Details | md5 | 2 | 6a37ce66d3003ebf04d249ab049acb22 |
|
| Details | md5 | 2 | 6ca3a598492152eb08e36819ee56ab83 |
|
| Details | md5 | 2 | 7639ed0f0c0f5ac48ec9a548a82e2f50 |
|
| Details | md5 | 2 | 76782ecf9684595dbf86e5e37ba95cc8 |
|
| Details | md5 | 2 | 785b24a55dd41c94060efe8b39dc6d4c |
|
| Details | md5 | 2 | 7c498b7ad4c12c38b1f4eb12044a9def |
|
| Details | md5 | 2 | 81232f4c5c7810939b3486fa78d666c2 |
|
| Details | md5 | 2 | 81e1332d15b29e8a19d0e97459d0a1de |
|
| Details | md5 | 2 | 8abb22771fd3ca34d6def30ba5c5081c |
|
| Details | md5 | 2 | 95f0b0e942081b4952e6daef2e373967 |
|
| Details | md5 | 2 | 9b925250786571058dae5a7cbea71d28 |
|
| Details | md5 | 2 | 9bcb41da619c289fcfdf3131bbf2be21 |
|
| Details | md5 | 2 | 9f9a24b063018613f7f290cc057b8c40 |
|
| Details | md5 | 2 | a73d3f749e42e2b614f89c4b3ce97fe1 |
|
| Details | md5 | 2 | a807486cfe05b30a43c109fdb6a95993 |
|
| Details | md5 | 2 | a8417d19c5e5183d45a38a2abf48e43e |
|
| Details | md5 | 2 | acc598bf20fada204b5cfd4c3344f98a |
|
| Details | md5 | 2 | accb53eb0faebfca9f190815d143e04b |
|
| Details | md5 | 2 | adc3a4dfbdfe7640153ed0ea1c3cf125 |
|
| Details | md5 | 2 | ae004a5d4f1829594d830956c55d6ae4 |
|
| Details | md5 | 2 | b0be3c5fe298fb2b894394e808d5ffaf |
|
| Details | md5 | 2 | b244cced7c7f728bcc4d363f8260090d |
|
| Details | md5 | 2 | b301cd0e42803b0373438e9d4ca01421 |
|
| Details | md5 | 2 | bd2272535c655aff1f1566b24a70ee97 |
|
| Details | md5 | 2 | bd4b579f889bbe681b9d3ab11768ca07 |
|
| Details | md5 | 2 | bfb9d13daf5a4232e5e45875e7e905d7 |
|
| Details | md5 | 2 | c31549489bf0478ab4c367c563916ada |
|
| Details | md5 | 2 | c8755d732be4dc13eecd8e4c49cfab94 |
|
| Details | md5 | 2 | c8fd2748a82e336f934963a79313aaa1 |
|
| Details | md5 | 2 | ca663597299b1cecaf57c14c6579b23b |
|
| Details | md5 | 2 | d12099237026ae7475c24b3dfb5d18bc |
|
| Details | md5 | 2 | d61c583eba31f2670ae688af070c87fc |
|
| Details | md5 | 2 | dde2c03d6168089affdca3b5ec41f661 |
|
| Details | md5 | 2 | e2e2cd911e099b005e0b2a80a34cfaac |
|
| Details | md5 | 2 | e9a9c0485ee3e32e7db79247fee8bba6 |
|
| Details | md5 | 2 | ec7e11cfca01af40f4d96cbbacb41fed |
|
| Details | md5 | 2 | eff88ecf0c3e719f584371e9150061d2 |
|
| Details | md5 | 2 | f0c29f89ffdb0f3f03e663ef415b9e4e |
|
| Details | md5 | 2 | f1b6ed2624583c913392dcd7e3ea6ae1 |
|
| Details | md5 | 2 | f27a9cd7df897cf8d2e540b6530dceb3 |
|
| Details | md5 | 2 | f29abd84d6cdec8bb5ce8d51e85ddafc |
|
| Details | md5 | 2 | f3ed0632cadd2d6beffb9d33db4188ed |
|
| Details | md5 | 2 | fbd0f2c62b14b576f087e92f60e7d132 |
|
| Details | md5 | 2 | fccb13c00df25d074a78f1eeeb04a0e7 |
|
| Details | md5 | 2 | 0fb92524625fffda3425d08c94c014a1 |
|
| Details | md5 | 2 | 168365197031ffcdbe65ab13d71b64ec |
|
| Details | md5 | 2 | 2b5ddabf1c6fd8670137cade8b60a034 |
|
| Details | md5 | 2 | 517c81b6d05bf285d095e0fd91cb6f03 |
|
| Details | md5 | 2 | 7deeb1b3cce6528add4f9489ce1ec5d6 |
|
| Details | md5 | 2 | aa57085e5544d923f576e9f86adf9dc0 |
|
| Details | md5 | 2 | cda1961d63aaee991ff97845705e08b8 |
|
| Details | md5 | 2 | e07ca9f773bd772a41a6698c6fd6e551 |
|
| Details | md5 | 2 | fb427874a13f6ea5e0fd1a0aec6a095c |
|
| Details | sha256 | 1 | 8cee670d7419d1fd0f8f0ac6a2bd981593c2c96ca0f6b8019317cf556337cfa8 |
|
| Details | IPv4 | 2 | 131.213.66.10 |
|
| Details | IPv4 | 2 | 146.0.32.168 |
|
| Details | IPv4 | 2 | 165.227.220.223 |
|
| Details | IPv4 | 2 | 188.166.67.36 |
|
| Details | IPv4 | 2 | 199.101.133.169 |
|
| Details | IPv4 | 2 | 45.32.8.137 |
|
| Details | IPv4 | 2 | 45.76.125.176 |
|
| Details | IPv4 | 2 | 45.76.228.61 |
|
| Details | IPv4 | 2 | 45.76.9.206 |
|
| Details | IPv4 | 2 | 45.77.171.209 |
|
| Details | Threat Actor Identifier - APT-C | 19 | APT-C-01 |
|
| Details | Url | 2 | https://technet.microsoft.com/zh-cn/library/security/ms12-027.aspx |
|
| Details | Url | 7 | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve |
|
| Details | Url | 2 | https://technet.microsoft.com/zh-cn/library/security/ms14-060.aspx |
|
| Details | Url | 106 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve |
|
| Details | Url | 2 | https://technet.microsoft.com/zh-cn/library/security/3010060.aspx |
|
| Details | Url | 2 | https://technet.microsoft.com/zh-cn/library/security/ms14-064.aspx |
|
| Details | Url | 2 | https://api-upload.kanbox.com/0/upload/%s/%s?bearer_token=%s |
|
| Details | Url | 2 | https://auth.kanbox.com/0/token |
|
| Details | Url | 2 | http://updateinfo.servegame.org |
|
| Details | Url | 3 | http://updateinfo.servegame.org/tiny1detvghrt.tmp |
|
| Details | Url | 1 | https://www.virustotal.com/en/file/8cee670d7419d1fd0f8f0ac6a2bd981593c2c96ca0f6b8019317cf556337cfa8/analysis |
|
| Details | Url | 2 | http://news.xinhuanet.com/world/2014-05/18/c_1110741502.htm |
|
| Details | Url | 2 | http://annie165.zyns.com/zxcvb.hta |