血茜草:永不停歇的华语情报搜集活动
Tags
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 |
Common Information
| Type | Value |
|---|---|
| UUID | c728bc9f-1240-4b02-8973-5d74f12f93d7 |
| Fingerprint | 4745e34083e032b3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 1, 2020, midnight |
| Added to db | Jan. 16, 2023, 4:57 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | 血茜草:永不停歇的华语情报搜集活动 |
| Title | 血茜草:永不停歇的华语情报搜集活动 |
| Detected Hints/Tags/Attributes | 16/1/164 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/omacDXAdio88a_f0Xwu-kg |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | serveusers.com |
|
| Details | Domain | 2 | serveuser.com |
|
| Details | Domain | 5 | ddns.info |
|
| Details | Domain | 10 | servehttp.com |
|
| Details | Domain | 41 | ddns.net |
|
| Details | Domain | 3 | servepics.com |
|
| Details | Domain | 8 | zapto.org |
|
| Details | Domain | 6 | dynamic-dns.net |
|
| Details | Domain | 2 | dsmtp.com |
|
| Details | Domain | 2 | organiccrap.com |
|
| Details | Domain | 5 | myvnc.com |
|
| Details | Domain | 2 | carpox.com |
|
| Details | Domain | 4 | dynssl.com |
|
| Details | Domain | 2 | securitytactics.com |
|
| Details | Domain | 5 | zyns.com |
|
| Details | Domain | 2 | thongminhtq.zapto.org |
|
| Details | Domain | 2 | www.emailsevr.net |
|
| Details | Domain | 2 | fs.163.com |
|
| Details | Domain | 2 | webmaill.net |
|
| Details | Domain | 2 | mail.acca21.xxxx.net |
|
| Details | Domain | 2 | mail.cass.xxxx.net |
|
| Details | Domain | 2 | mail.ccps.xxxx.net |
|
| Details | Domain | 2 | mail.ceair.xxxx.net |
|
| Details | Domain | 2 | mail.chiansc.xxxx.net |
|
| Details | Domain | 2 | mail.chinaoil.xxxx.net |
|
| Details | Domain | 2 | mail.cpifa.xxxx.net |
|
| Details | Domain | 2 | mail.fujian.xxxx.net |
|
| Details | Domain | 2 | mail.gxi.xxxx.net |
|
| Details | Domain | 2 | mail.huanjia.xxxx.net |
|
| Details | Domain | 2 | mail.mee.xxxx.net |
|
| Details | Domain | 2 | mail.mfa.xxxx.net |
|
| Details | Domain | 2 | mail.ouc.xxxx.net |
|
| Details | Domain | 2 | mail.weichai.xxxx.net |
|
| Details | Domain | 2 | rzport.xxxx.net |
|
| Details | Domain | 2 | mynetav.com |
|
| Details | Domain | 2 | officeupdate.mynetav.com |
|
| Details | Domain | 2 | maildocument.serveuser.com |
|
| Details | Domain | 2 | neteaseyhnujm.serveusers.com |
|
| Details | Domain | 2 | neteasedqwert.serveuser.com |
|
| Details | Domain | 2 | yls.dynssl.com |
|
| Details | Domain | 2 | 163.dynssl.com |
|
| Details | Domain | 2 | 163cloudload.cemtertr.online |
|
| Details | Domain | 2 | 163cloudload.securitytactics.com |
|
| Details | Domain | 2 | 163-tuiguang.com |
|
| Details | Domain | 2 | netease-master.com |
|
| Details | Domain | 2 | 163-member.com |
|
| Details | Domain | 2 | netease-help.com |
|
| Details | Domain | 2 | netease-decryption.com |
|
| Details | Domain | 2 | 163-membership.com |
|
| Details | Domain | 2 | qqmailservers.serveuser.com |
|
| Details | Domain | 2 | fuwumostsystem.serveuser.com |
|
| Details | Domain | 2 | count.mail.163.com.uswebmailsmtp.online |
|
| Details | Domain | 2 | serve163.servepics.com |
|
| Details | Domain | 2 | rilakkuma.justdied.com |
|
| Details | Domain | 2 | mailfile.dubya.info |
|
| Details | Domain | 2 | webmailaccounts.serveuser.com |
|
| Details | Domain | 2 | 163icpbj.serveusers.com |
|
| Details | Domain | 2 | 163uswebmail.serveusers.com |
|
| Details | Domain | 2 | downloaddrive.dynamic-dns.net |
|
| Details | Domain | 2 | yaheatyuio.serveuser.com |
|
| Details | Domain | 2 | 126-maildownload.serveusers.com |
|
| Details | Domain | 2 | mingming.cf |
|
| Details | Domain | 2 | ming1.tk |
|
| Details | Domain | 2 | 163maildownloadicilp.serveusers.com |
|
| Details | Domain | 2 | 163datadownloaddomain.serveusers.com |
|
| Details | Domain | 2 | 163emails.ddns.info |
|
| Details | Domain | 2 | 163mailboxdownload.servehttp.com |
|
| Details | Domain | 2 | email-filedownfile.ddns.net |
|
| Details | Domain | 2 | sitdownplease-01.servepics.com |
|
| Details | Domain | 2 | xproxybox.servehttp.com |
|
| Details | Domain | 2 | xproxybox.zapto.org |
|
| Details | Domain | 2 | hkxbbuaa.servehttp.com |
|
| Details | Domain | 2 | www.smalll.top |
|
| Details | Domain | 2 | qqmailsoftwarepatch.serveuser.com |
|
| Details | Domain | 2 | qqmailsoftwarepatch.serveusers.com |
|
| Details | Domain | 2 | softwarepatch.serveusers.com |
|
| Details | Domain | 2 | 163mail.serveuser.com |
|
| Details | Domain | 2 | qq-cloudmail-download.serveuser.com |
|
| Details | Domain | 2 | qqmailserver.dynamic-dns.net |
|
| Details | Domain | 2 | qqmailservice.dsmtp.com |
|
| Details | Domain | 2 | winupate.organiccrap.com |
|
| Details | Domain | 2 | webmailqq.xyz |
|
| Details | Domain | 2 | cty-thongminhtq.zapto.org |
|
| Details | Domain | 2 | grandviewctd.serveusers.com |
|
| Details | Domain | 2 | grandviewins.zapto.org |
|
| Details | Domain | 2 | grendviewetd.myvnc.com |
|
| Details | Domain | 2 | usviph9.carpox.com |
|
| Details | File | 7 | ddns.inf |
|
| Details | File | 2 | 163frame.html |
|
| Details | File | 2 | documentmail.html |
|
| Details | File | 2 | 而只有在域名后面加上index.html |
|
| Details | File | 2 | qqframe.html |
|
| Details | File | 207 | login.php |
|
| Details | File | 2 | 534902565352545104541c040205034c550052554b080c04538.html |
|
| Details | File | 2 | docmail.html |
|
| Details | File | 2 | 两岸一家亲.exe |
|
| Details | File | 2 | 最后在%temp%目录下生成system.bat |
|
| Details | File | 2 | 相关信息.rar |
|
| Details | File | 2 | 第十二届北京中国国际国防电子展.rar |
|
| Details | File | 2 | 关于调整部分优抚对象等人员抚恤和生活补助标准的通知.pdf |
|
| Details | File | 1 | 20090112300014投稿作者通讯表模板.doc |
|
| Details | File | 2 | 稿件审查结果通知单.doc |
|
| Details | File | 2 | 元旦.swf |
|
| Details | File | 2 | 端午.swf |
|
| Details | File | 1 | 2019工作规划进度.rar |
|
| Details | File | 1 | %appdata%\microsoft\windows\start menu\programs\startup目录释放svchost.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 2 | 对象名单.doc |
|
| Details | File | 2 | 人才招聘信息.doc |
|
| Details | File | 2 | 名单统计表.xls |
|
| Details | File | 2 | 征求意见通知书.pdf |
|
| Details | File | 1 | 关于报送oa系统联络人的通知.doc |
|
| Details | File | 2 | 关于机场信息小中心及方法改造享目说明.docx |
|
| Details | File | 2 | 献方.7z |
|
| Details | File | 3 | 新表.xls |
|
| Details | File | 1 | 学术交流大会征稿通知.pdf |
|
| Details | File | 1 | 技成果鉴定通知及产业未来发展预测报告.rar |
|
| Details | File | 2 | dubya.inf |
|
| Details | File | 1 | xx模拟报告.docx |
|
| Details | File | 1 | 助标准的通知.pdf |
|
| Details | File | 1 | 职缺与对应薪酬一览表.7z |
|
| Details | File | 1 | 我司兼职职缺与对应薪酬一览表.doc |
|
| Details | File | 1 | 电子展.rar |
|
| Details | File | 1 | 军民融合发展展览兼职及对应薪资一览表.doc |
|
| Details | File | 2 | 征文通知.rar |
|
| Details | File | 1 | 疫情期间重要通知.rar |
|
| Details | File | 2 | qqmailservice.dsm |
|
| Details | File | 1 | 兼职职缺与对应薪酬一览表.doc |
|
| Details | File | 1 | 防中的应用.pdf |
|
| Details | md5 | 2 | 4eb36b4e019a0df60bbc64d52e6d885b |
|
| Details | md5 | 2 | 004d7c37c65f418e91f5f6329a9f1092 |
|
| Details | md5 | 2 | 389f7e80b22facf9fda048762fd271b0 |
|
| Details | md5 | 2 | 182baf8d5e720bb7019b34fc7d2294f9 |
|
| Details | md5 | 4 | 41c7e09170037fafe95bb691df021a20 |
|
| Details | IPv4 | 2 | 139.180.202.208 |
|
| Details | IPv4 | 2 | 114.44.6.144 |
|
| Details | IPv4 | 2 | 133.130.102.181 |
|
| Details | IPv4 | 2 | 45.76.94.151 |
|
| Details | IPv4 | 2 | 199.247.0.113 |
|
| Details | IPv4 | 2 | 149.28.36.134 |
|
| Details | IPv4 | 2 | 139.180.214.245 |
|
| Details | IPv4 | 2 | 149.28.154.5 |
|
| Details | IPv4 | 2 | 45.76.51.47 |
|
| Details | IPv4 | 2 | 45.77.24.192 |
|
| Details | IPv4 | 2 | 149.28.186.36 |
|
| Details | IPv4 | 2 | 78.141.193.185 |
|
| Details | IPv4 | 2 | 167.179.101.49 |
|
| Details | IPv4 | 2 | 139.180.216.24 |
|
| Details | IPv4 | 2 | 45.76.66.60 |
|
| Details | IPv4 | 2 | 45.77.44.242 |
|
| Details | IPv4 | 2 | 167.179.79.209 |
|
| Details | IPv4 | 2 | 45.32.26.132 |
|
| Details | IPv4 | 2 | 155.138.128.101 |
|
| Details | IPv4 | 2 | 45.32.27.69 |
|
| Details | IPv4 | 2 | 207.148.10.221 |
|
| Details | IPv4 | 2 | 45.77.157.67 |
|
| Details | IPv4 | 2 | 108.61.247.62 |
|
| Details | IPv4 | 2 | 45.32.28.119 |
|
| Details | IPv4 | 2 | 104.238.157.144 |
|
| Details | Threat Actor Identifier - APT-C | 19 | APT-C-01 |
|
| Details | Threat Actor Identifier - APT-C | 44 | APT-C-00 |
|
| Details | Url | 2 | http://www.emailsevr.net/?downloadlink=xxx&file=xxx&title=xxx |
|
| Details | Url | 2 | http://fs.163.com/fs/display/?p=xxx&file=xxx |
|
| Details | Url | 24 | https://ti.qianxin.com |