Goblin Panda against the Bears
Tags
| country: | Russia |
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | cabb4773-fcdc-41c7-bcab-6da6fc51b30f |
| Fingerprint | 86a629dec581e78d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 3, 2018, 8:31 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Goblin Panda against the Bears |
| Title | Goblin Panda against the Bears |
| Detected Hints/Tags/Attributes | 28/2/19 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://medium.com/@Sebdraven/gobelin-panda-against-the-bears-1f462d00e3a4 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | CVE | 63 | cve-2017-8570 |
|
| Details | Domain | 1 | kmbk8.hicp.net |
|
| Details | Domain | 1 | sd123.eicp.net |
|
| Details | Domain | 1 | cv3sa.gicp.net |
|
| Details | Domain | 1 | 36106g.com |
|
| Details | Domain | 10 | go.crowdstrike.com |
|
| Details | Domain | 1 | www.36106g.com |
|
| Details | File | 57 | eqnedt32.exe |
|
| Details | File | 1 | reportglobalthreatintelligence.pdf |
|
| Details | sha256 | 3 | 722e5d3dcc8945f69135dc381a15b5cad9723cd11f7ea20991a3ab867d9428c7 |
|
| Details | sha256 | 3 | 71c94bb0944eb59cb79726b20177fb2cd84bf9b4d33b0efbe9aed58bb2b43e9c |
|
| Details | IPv4 | 1 | 122.158.140.100 |
|
| Details | IPv4 | 1 | 103.255.45.200 |
|
| Details | IPv4 | 1 | 180.131.58.9 |
|
| Details | IPv4 | 1 | 1.188.233.201 |
|
| Details | IPv4 | 1 | 1.188.236.22 |
|
| Details | Url | 1 | https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/cve-2017-8570-rtf-and-the-sisfader-rat |
|
| Details | Url | 1 | https://go.crowdstrike.com/rs/281-obq-266/images/reportglobalthreatintelligence.pdf |