Inside the Open Directory of the “You Dun” Threat Group
Common Information
Type Value
UUID cd73dea2-4844-462b-a90e-de863b3c3ff1
Fingerprint a1abb5d527888586
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 28, 2024, 1:05 a.m.
Added to db Oct. 28, 2024, 2:06 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Inside the Open Directory of the “You Dun” Threat Group
Title Inside the Open Directory of the “You Dun” Threat Group
Detected Hints/Tags/Attributes 127/3/376
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 249 The DFIR Report https://thedfirreport.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 27
cve-2014-4113
Details CVE 37
cve-2015-1701
Details CVE 7
cve-2016-0051
Details CVE 63
cve-2020-0796
Details CVE 65
cve-2021-1675
Details CVE 7
cve-2021-25003
Details Domain 3
vulmap.py
Details Domain 208
mp.weixin.qq.com
Details Domain 4127
github.com
Details Domain 3
fgfg.bcfnwg.cc
Details Domain 4
f8x.io
Details File 15
lb3.exe
Details File 3
vulmap.py
Details File 8
ie9compatviewlist.xml
Details File 44
submit.php
Details File 13
%windir%\sysnative\rundll32.exe
Details File 15
%windir%\syswow64\rundll32.exe
Details File 343
process-inject.exe
Details File 4
server.pub
Details File 10
visit.js
Details File 5
红队版.zip
Details File 3
0803.exe
Details File 3
360bowser.exe
Details File 3
add-admin.exe
Details File 3
atpminidump.exe
Details File 3
blocketw.exe
Details File 4
blue.exe
Details File 4
browserghost.exe
Details File 3
bypassadduser.exe
Details File 3
certexp.exe
Details File 3
chfs.exe
Details File 3
clearneventrecordid.ps1
Details File 3
clearnipaddress.ps1
Details File 3
clearntemplog.ps1
Details File 18
crack.exe
Details File 3
credphisher.exe
Details File 38
x64.dll
Details File 23
x86.dll
Details File 3
decryptautologon.exe
Details File 3
decryptteamviewer.exe
Details File 3
dis_defender.exe
Details File 5
efspotato.exe
Details File 3
encode.exe
Details File 3
encryptedzip.exe
Details File 3
fakelogonscreen.exe
Details File 3
fullpowers.dll
Details File 3
gopher.exe
Details File 3
gpscoordinates.exe
Details File 4
hack-browser-data.exe
Details File 4
internalmonologue.exe
Details File 3
invoke-eternalblue.ps1
Details File 4
invoke-ms16032.ps1
Details File 4
invoke-ms16135.ps1
Details File 10
iox.exe
Details File 3
killevenlogservice.ps1
Details File 7
ladon.exe
Details File 3
ladon1.exe
Details File 16
lazagne.exe
Details File 3
listallusers.ps1
Details File 3
listlogged-inusers.ps1
Details File 3
listrdpconnections.exe
Details File 3
localsessionmanager.ps1
Details File 3
macetrap.exe
Details File 5
minidump.exe
Details File 3
napwd.exe
Details File 3
navicatpwd.exe
Details File 4
net-gpppassword.exe
Details File 3
noamci.exe
Details File 3
nonetapiadd.exe
Details File 3
nopowershell.exe
Details File 3
rdpthief_x64.tmp
Details File 3
recon-ad-alllocalgroups.dll
Details File 3
recon-ad-computers.dll
Details File 3
recon-ad-domain.dll
Details File 3
recon-ad-groups.dll
Details File 3
recon-ad-localgroups.dll
Details File 3
recon-ad-spns.dll
Details File 3
recon-ad-users.dll
Details File 3
regrdpport.ps1
Details File 3
rpcscan.dll
Details File 4
safetykatz.exe
Details File 3
scout.exe
Details File 3
scrying.exe
Details File 6
seatbelt.exe
Details File 3
sessiongopher.ps1
Details File 3
sessionsearcher.exe
Details File 3
sharp3389.exe
Details File 3
sharpavkb.exe
Details File 3
sharpbypassuac.exe
Details File 3
sharpchassistype.exe
Details File 3
sharpcheckinfo.exe
Details File 3
sharpchromium.exe
Details File 3
sharpcliphistory.exe
Details File 3
sharpcloud.exe
Details File 3
sharpcrasheventlog.exe
Details File 9
sharpdecryptpwd.exe
Details File 3
sharpdecryptpwd2.exe
Details File 3
sharpdir.exe
Details File 3
sharpdirlister.exe
Details File 3
sharpdomainspray.exe
Details File 3
sharpdoor.exe
Details File 5
sharpdpapi.exe
Details File 3
sharpdump.exe
Details File 3
sharpedrchecker.exe
Details File 3
sharpersist.exe
Details File 3
sharpeventlog.exe
Details File 3
sharpexcelibur.exe
Details File 3
sharpexec.exe
Details File 3
sharpgettitle.exe
Details File 3
sharpgpoabuse.exe
Details File 3
sharphide.exe
Details File 16
sharphound.exe
Details File 3
sharplocker.exe
Details File 3
sharpminidump.exe
Details File 3
sharpnetcheck.exe
Details File 3
sharpoxid-find.exe
Details File 3
sharpscshell.exe
Details File 5
sharpshares.exe
Details File 3
sharpspray.exe
Details File 3
sharpspray1.exe
Details File 3
sharpsqldump.exe
Details File 3
sharpsqltools.exe
Details File 3
sharpstay.exe
Details File 3
sharptask.exe
Details File 6
sharpweb.exe
Details File 3
sharpwebscan.exe
Details File 3
sharpwifigrabber.exe
Details File 3
sharpwmi.exe
Details File 3
sharpxdecrypt.exe
Details File 3
sharpzerologon.exe
Details File 3
sharpzip.exe
Details File 3
shhmon.exe
Details File 3
solarflare.exe
Details File 3
spnsearcher.exe
Details File 9
stealer.exe
Details File 3
stickynotesextract.exe
Details File 6
sweetpotato.exe
Details File 3
telemetry.exe
Details File 29
5.exe
Details File 14
temp.exe
Details File 22
user.exe
Details File 3
watson.exe
Details File 3
weblogicrce.exe
Details File 3
wiretap.exe
Details File 3
wmihacker.vbs
Details File 6
bypass.exe
Details File 15
frpc.exe
Details File 9
fscan.exe
Details File 816
index.html
Details File 33
nc.exe
Details File 4
npc.exe
Details File 3
printspoofer.dll
Details File 4
printspoofer.exe
Details File 27
tls.cer
Details File 4
kk.txt
Details File 4
kr.txt
Details File 3
hh.txt
Details File 3
wb.txt
Details File 4
ww.txt
Details File 3
uu.txt
Details File 9
target.txt
Details File 4
tt.txt
Details File 91
access.log
Details File 3
yenoenxsqb.exe
Details File 3
chatladon.exe
Details File 3
ladon.ps1
Details File 3
ladon911.exe
Details File 3
ladonexp.exe
Details File 3
ladongui.exe
Details File 3
ladonshell.exe
Details File 3
ladonstudy.exe
Details File 31
newtonsoft.json
Details Github username 3
sripathikrishnan
Details Github username 25
projectdiscovery
Details md5 4
e43a1b63f09794f74d90a9889f7acb77
Details md5 4
a490a5e2db1fcc496e6b793a8ea02a19
Details md5 3
15af977ce25de452b96affa2addb1036
Details md5 3
475c9302dc42b2751db9edcac3b74891
Details md5 4
8c4d6f6c6db273d79a7c46b623e515e3
Details md5 4
77915c856012baa7cd554041e7315317
Details md5 4
2cc31da03228b31dae0a05065e9e1506
Details md5 4
0658d07948a053da265ef693a64e9626
Details md5 4
c8033ec30b55a46ce7daf9d7d9b6b596
Details md5 4
f87afacff9c44b94db109e3e956a4b33
Details md5 4
98d006fbea457ec76243cab8f7f6631a
Details md5 4
8cda17f33d42754721ef2a87f3b5a984
Details md5 4
bfd92dedefe429205a635a38096429a2
Details md5 4
201ebb467e02e63242ab4e0a21576f52
Details md5 3
67a604d24c2478b19d80032dbc5a3d41
Details md5 4
13b2df26ffb467142106040cfa98e8dd
Details md5 4
251fe0878c16d68aa88405994c74a8d8
Details md5 4
ee28414ff1bcbb3a6efd9a08f7baaf51
Details md5 4
1d0d8fb9803967c5b23c2e519e4c2cfe
Details md5 4
5562f8aa216f87142dccc080506e2ad2
Details md5 4
f481acde58892cc1af01a009e73c3ae5
Details md5 4
fed5394f1b2a425d760e5ac9ee90d851
Details md5 4
f41eed0c700eb6961310b19449595af3
Details md5 4
f3ac9fb21d91fd283d6762a09fee8776
Details md5 4
a65b02f7ee85fec8580d69361df16350
Details md5 4
bf1bbfd14c7cf3e72458a173c8e7f5a4
Details md5 4
282b368bc42f506b58b83ae16e200544
Details md5 4
4f887be6011ea3e3d1b6afc41da2227d
Details md5 4
9cd740d0de919819ad00f73665c40500
Details md5 4
38d1bf58e34b68a8836b352af978d6a1
Details md5 4
a63c52d46cb33e57f1f17beaa733ea65
Details md5 3
1dc27c44d74bf619aaf496963dfd67d6
Details md5 4
894aba8dfa538ba99c1453066824cc63
Details md5 4
28e874a7107b7e08e79e6efc63602609
Details md5 4
34fb77cd8902076f55071b218c494f77
Details md5 4
2c2ddfb749aeeca32a9fd5fc20324b47
Details md5 4
3aa57bf8e7ea973cc793745de79033fa
Details md5 4
6b7bba769db3701e13214cb70ca5a54d
Details md5 4
d0929362057fbcb2a9971222ef6db973
Details md5 4
fd18c734fa25bbacf0b7a6331d404126
Details md5 4
e8a59e21ab61a7d615a7f8a407d72712
Details md5 4
13508e34428cf9611c8d7904b532e1b2
Details md5 4
50c0e5c847f4a66fbcdda53e6555267f
Details md5 4
80926c91b6d82c4ad7f915bafa70e8d3
Details md5 4
b8016d2f778b9c4c7d7a6347608fb18c
Details md5 4
da296f6861a17738358b043ecc823bdc
Details md5 4
b175bb17e17ba2f6a8826c9c90cb9c7e
Details md5 4
4332225f7e3672c16f705a779dc360f5
Details md5 4
976df0f9c9319c50a5ac20f4643dec4c
Details md5 4
7e65a509b90b6e9fa0963803020280d9
Details md5 4
3f6b6935f5820196c69616e6bd8aa684
Details md5 4
7349fa84c7e2fced4885fea0ef0fec63
Details md5 4
66a7733af713c5beff9c76d0b6adbe6d
Details md5 4
c69e7c0bac6b1846fcad05ee7fdd5023
Details md5 4
bbee3a7a828af2a936e3e9a2931f2022
Details md5 4
fb5fbc7c6b56a7a491532581faef5ee1
Details md5 4
5ed0803ea91968c87994280f6432d43c
Details md5 4
cdaa0eda10dce813a0def8be3a669825
Details md5 5
29321457a14c9722d76c9134781cf328
Details md5 4
42de98c28dae64d104dcccc1d72e7834
Details md5 3
8885ae88e244f6bcf3089eba94e2cc87
Details md5 4
d4969c3a7d88ad38f885a061bba26752
Details md5 5
e06b24113cab27ff5a1173fa3f9e1615
Details md5 4
755fa47d4527e9c93433e1887bd871ab
Details md5 4
74f79b71ba72dd55ca261ef789d243d6
Details md5 4
205621408b7f84a5f451df233b0b87b1
Details md5 4
7b5da1d6648103353216a0391638cee8
Details md5 4
da478e7f17353b01d9ffa53aab0f0528
Details md5 4
470acd82ade29f1ef29f198027771517
Details md5 4
f04164b15b9530d4b7ada28c1b9042b3
Details md5 4
44bac97f297c86a66b2af33eee7e4d8e
Details md5 4
df37fedde5fa9dc9d7a7ea7a87b71e10
Details md5 4
6f5764932e177157f307b33649968b5b
Details md5 4
6214cc7a0b9491b38a592be4d3032dd1
Details md5 4
3cf370a9f29a6b7ea83abac4a3141f26
Details md5 4
34f645d8bf012f8f4965c1cd8857921f
Details md5 4
98bacbfcc39e0dee46a0092699a56832
Details md5 4
51cf67846561fe279e6e1c4bda712dbe
Details md5 4
3a273a07749d17b50a4ec6387a54e2cc
Details md5 4
95fec2925ea9fa4a5181d491ea07f5e5
Details md5 4
1ef929169b3309a01e850c6ff4e0064f
Details md5 4
122413ef9a5f642703b1e8385c5dbad1
Details md5 4
5b1c1007de5a2864d24276e3b1d293da
Details md5 4
03ee7c0c3822822b5e2373c4f532545a
Details md5 4
a4f9bfa588427735f80e749ee341e819
Details md5 4
fe4f202c9595f6242903fbad0611eebb
Details md5 4
f6c2d2cc1e2016fddb7654822411ab2b
Details md5 5
71eaf81214239027d5385a61e3917ab2
Details md5 4
56892df95d1b9d78261587d5080630d1
Details md5 4
ea381b3247b6c2ed4d39973eca62669f
Details md5 4
bddf6c8e9a8229ed7667e3e1bb33aac9
Details md5 4
6181e5196eaeb14ec9ff798b43300ceb
Details md5 4
56c33b2a06e3d68fe4e8b9421b36e902
Details md5 4
09e471f71d1d66f5c8b407dfadce8ce5
Details md5 4
e390dbe577164988694d7aab5235e1af
Details md5 4
ccf2d0a5bbe52e80775900a2e18fe70f
Details md5 4
d06c2c02133b810eb0111c6b4e34e940
Details md5 4
1d1478fddbf9b4128a4ecb85238c87b7
Details md5 4
aca267b9a1ab0c97b8f88773d356220c
Details md5 4
3f1abaf273e3ce16265a3f639945ff3e
Details md5 4
dc443ffed5b96bee78ca2309d0f8fdca
Details md5 4
fc98ec23880eea7f0f701c5d66fa6892
Details md5 4
1ca3ca7750b0ce2095a2f99d5b33177a
Details md5 4
e23e588319f82d826d3bf2c9fa4d1cba
Details md5 4
bf2144fcf764bc3e5337fa3d2253232b
Details md5 4
e73ca08a6937b95d8d5a90a33fcbc5c1
Details md5 4
2ac4edf1110124560aeec330de7f8328
Details md5 4
1de240d44557e7497ad1a1e144077805
Details md5 4
76fca31c99b232be1ec92d6b5762d97b
Details md5 4
ad9382b2e7214d350f622f360f300ccf
Details md5 4
a145f3345a4a2fd23b49dd299d0c3a83
Details md5 4
99d639417aa2a0ed7d188c85ea9ece23
Details md5 4
624007937ba4931486c9bba5bb695688
Details md5 4
2d9777a0e299315b23d08955389154ed
Details md5 4
817ddd444915bda25a5e81c1faa8978e
Details md5 4
ceb337687402e19efdf57264b2682d08
Details md5 4
9c444a9c1d75cbd07798110eeca1c3ce
Details md5 4
2a449b2b65686a72525c98622e5bade7
Details md5 4
98d8bbeac624e77323f45256f6c87369
Details md5 4
1c96ec806a6e0a54cd7e0e78bb75eeb7
Details md5 4
3febcc80ab5ea418ef3e2103fe92d2e0
Details md5 4
4b1fdcf5cfa616fcaf411f3bff9acd75
Details md5 4
b3ec75c3a7454a096c65a99a0eb3073c
Details md5 4
d7b669038c4860f1e3be02d389ed52d7
Details md5 4
827cdfb4c1f1169c21ba84a194a70a0f
Details md5 3
c8c886ca25a381b22343a397f80a35c1
Details md5 4
159801144740381f30e0ae4dfbfd62e6
Details md5 3
e0e467f5597828a1d3c8abdbde8b6f17
Details md5 4
dafc44bc1e488e1108449e39bcb147e1
Details md5 3
e79195ab1fda13edac7a000cf8742802
Details md5 4
600c41b3a161c5d2019767c87a7889ce
Details md5 4
5e4319826d24eacce3ca0738885722f3
Details md5 4
d035f1c73e746553323924e3b61b3fb2
Details md5 4
b5fac96201ab68d8a0c29eb8df6596e7
Details md5 4
58bbb92c36ee75183d2257b2ae64a0c2
Details md5 4
0e51c36a7c45a2dea751fcb692102a6b
Details md5 5
73255c8357afd671c2256360d0be69cd
Details md5 4
5bd9a0f8a2f63622eb0d8bba2fb70fbb
Details md5 4
bb15b1dbc80dae1b9ac51455c72b44b4
Details md5 4
deca5d20a7fb145e288f39d4e4bd5042
Details md5 4
dbff25033593278d05d2eee6cb9f44a6
Details md5 4
7c42df21e22b9c6cc87b2eebf219c01d
Details md5 4
34daed0b12685ee391660f658b5980b5
Details md5 4
7728fc3821a7ff9c994258a36812e250
Details md5 4
dc6606879efe07595dfd968f8edf82f7
Details md5 4
575b5020c27e3d7b14fee8b2b33c44e3
Details md5 5
108da75de148145b8f056ec0827f1665
Details md5 4
bd0f451c578f5a0b6c55e39e124db2fa
Details md5 5
d0139fda662f3ca949dd335c30573fa2
Details md5 6
9b0e4652a0317e6e4da66f29a74b5ad7
Details md5 4
a5a74d73fbf4a6f0b75f074de316277e
Details md5 4
07edf20febc120edf731c4dc0d4d3b0b
Details md5 4
5047fc7502bc9520fd2b9c26e8cbbd82
Details md5 5
2a74db17b50025d13a63d947d8a8f828
Details md5 4
11c1ffdff16dd42e33c8014f2b5360cd
Details md5 5
03f45692db10fe291de65f15ca9761af
Details md5 4
3505308cf3fd01398f1e4d1974b2438e
Details md5 4
8fa2d7a60d5bc36ead30c61d7b3608e7
Details md5 4
f860286242afc5151d9ff68f0c7b8a56
Details md5 4
1f040434a5bbaa855822ab4bed5fde2b
Details md5 4
9055f7437681be39b865326fad31cfd4
Details md5 4
689aa7368a41586690d84a1a9d1b158a
Details md5 4
59a5445907ea5f4e6db1cc4d47a0417e
Details md5 4
31aa0419b32bf3b3228157f91c1a21fd
Details md5 4
2242303952f6fb570b2484974b7771ba
Details md5 4
813fb29abbe42068283efaf665bea1c7
Details md5 4
6153ce694983cf7e1c12e875d944e7e7
Details md5 3
486015a44a273c6c554a27b3d498365c
Details sha1 4
56bd833178c08baedb0a6f51c957a0cc8e6f9298
Details sha1 4
89b12a33628d5939bcedb53c908df9dbb24fe910
Details sha1 4
b7b0a37aee514c735913bfa8826faa4bbfc14556
Details sha1 4
2787930ac016783837e7d11903cd84c055356e4c
Details sha1 4
f8ccc2503052eceebd5311a8b74dc197a4e9f68a
Details sha256 4
4de3278507c89d2242a12c20b74878e3f84970c463a924771f156a3da7d7b5a1
Details sha256 4
1192d660e36e9b6f671a22a1ed1adb50f752ca986885ecfffdbbf3967e8ff9c1
Details sha256 4
b94d9412764529f264433c39b6043d43b96e824d016f40a5a38e26771374171f
Details sha256 4
6e3c5f8444040e5982da9990cbb9d0ce66b7272a3e6804139e7cbe3083459035
Details sha256 4
fa301a12655598b9266a8315ac7f48da4f79ed4ea39273e57ac08b8c66b6fced
Details sha256 4
206ac51c01604267c04f0966cdc685fd9ade42dd8d0698df639b06a0ed19377f
Details sha256 4
07104f9be906e62be7539e4f81d980dddb480d64dce204c199a2afe5a0bc3367
Details IPv4 6
116.212.120.32
Details IPv4 6
163.53.216.157
Details IPv4 6
43.228.89.245
Details IPv4 4
43.228.89.246
Details IPv4 4
43.228.89.247
Details IPv4 4
43.228.89.248
Details IPv4 6
103.228.108.247
Details IPv4 6
115.126.107.244
Details IPv4 4
101.36.124.183
Details Mandiant Temporary Group Assumption 22
TEMP.EXE
Details MITRE ATT&CK Techniques 444
T1071
Details MITRE ATT&CK Techniques 472
T1486
Details MITRE ATT&CK Techniques 208
T1068
Details MITRE ATT&CK Techniques 542
T1190
Details MITRE ATT&CK Techniques 492
T1105
Details MITRE ATT&CK Techniques 56
T1595.002
Details MITRE ATT&CK Techniques 442
T1071.001
Details MITRE ATT&CK Techniques 8
T1595.003
Details Url 3
https://mp.weixin.qq.com/s/gqbxcx1fisli6gky3m-jca
Details Url 3
https://github.com/sripathikrishnan/redis-rdb-tools
Details Url 3
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/cve-2021-25003.yaml
Details Url 3
https://f8x.io