Virus Bulletin :: VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
Tags
Common Information
| Type | Value |
|---|---|
| UUID | d36809fc-8289-42e5-a145-57d2277fb706 |
| Fingerprint | b404b153c2339391 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 10, 2019, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:56 p.m. |
| Headline | VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary |
| Title | Virus Bulletin :: VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary |
| Detected Hints/Tags/Attributes | 238/4/149 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | uyghurapps.net |
|
| Details | Domain | 188 | com.android |
|
| Details | Domain | 3 | com.ziipin.software |
|
| Details | Domain | 3 | cn.android |
|
| Details | Domain | 6 | mefound.com |
|
| Details | Domain | 4 | libloc4d.so |
|
| Details | Domain | 3 | libkernel.so |
|
| Details | Domain | 16 | com.twitter.android |
|
| Details | Domain | 10 | jp.naver.line.android |
|
| Details | Domain | 26 | com.skype |
|
| Details | Domain | 3 | lala513.gicp.net |
|
| Details | Domain | 5 | cdncool.com |
|
| Details | Domain | 5 | www3.mefound.com |
|
| Details | Domain | 4 | www5.zyns.com |
|
| Details | Domain | 4 | w3.changeip.org |
|
| Details | Domain | 5 | tcpdo.net |
|
| Details | Domain | 4 | adminsysteminfo.com |
|
| Details | Domain | 5 | md5c.net |
|
| Details | Domain | 4 | linkdatax.com |
|
| Details | Domain | 4 | csip6.biz |
|
| Details | Domain | 4 | adminloader.com |
|
| Details | Domain | 4 | logitechwkgame.com |
|
| Details | Domain | 4 | admin.nslookupdns.com |
|
| Details | Domain | 4 | jackhex.md5c.net |
|
| Details | Domain | 3 | querlyurl.com |
|
| Details | Domain | 4 | gooledriveservice.com |
|
| Details | Domain | 4 | appupdatemoremagic.com |
|
| Details | Domain | 3 | sony36.com |
|
| Details | Domain | 3 | md.son36.com |
|
| Details | Domain | 5 | outhmail.com |
|
| Details | Domain | 3 | newfacebk.com |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 4 | up.outhmail.com |
|
| Details | Domain | 3 | wd.w3.ezua.com |
|
| Details | Domain | 4 | smtp.21cn.com |
|
| Details | Domain | 4 | asean.org |
|
| Details | Domain | 2 | www.sporcle.com |
|
| Details | Domain | 3 | thegeopolitics.com |
|
| Details | Domain | 18 | www.cfr.org |
|
| Details | Domain | 22 | www.businessinsider.com |
|
| Details | Domain | 40 | edition.cnn.com |
|
| Details | Domain | 3 | www.military.com |
|
| Details | Domain | 20 | www.idc.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 17 | www.lockheedmartin.com |
|
| Details | Domain | 6 | oasis-open.github.io |
|
| Details | Domain | 21 | foreignpolicy.com |
|
| Details | Domain | 8 | www.chinadaily.com.cn |
|
| Details | Domain | 9 | www.rfa.org |
|
| Details | Domain | 6 | securityledger.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 7 | pan-unit42.github.io |
|
| Details | File | 172 | androidmanifest.xml |
|
| Details | File | 14 | a.zip |
|
| Details | File | 4 | setting.txt |
|
| Details | File | 8 | b.dat |
|
| Details | File | 5 | lib.dat |
|
| Details | File | 3 | rv.db |
|
| Details | File | 4 | jackhex.md5 |
|
| Details | File | 11 | slmgr.vbs |
|
| Details | File | 3 | bscmake.exe |
|
| Details | File | 6 | mspdb80.dll |
|
| Details | File | 8 | sys.dll |
|
| Details | File | 4 | stub.bin |
|
| Details | File | 13 | sys.dat |
|
| Details | File | 25 | main.exe |
|
| Details | File | 8 | aa.txt |
|
| Details | File | 21 | www.mil |
|
| Details | File | 3 | china-demands-us-cancel-arms-sale-taiwan.html |
|
| Details | File | 10 | getdoc.jsp |
|
| Details | File | 13 | cyber-kill-chain.html |
|
| Details | File | 2 | content_30041010.htm |
|
| Details | File | 2 | hackers-09062012153043.html |
|
| Details | md5 | 3 | 0914D1D428914B09A5372866B39524B9 |
|
| Details | sha256 | 2 | 271e29fe8e23901184377ab5d0d12b40d485f8c404aef0bdcc4a4148ccbb1a1a |
|
| Details | sha256 | 3 | 0589bed1e3b3d6234c30061be3be1cc6685d786ab3a892a8d4dae8e2d7ed92f7 |
|
| Details | IPv4 | 3 | 47.90.81.23 |
|
| Details | IPv4 | 3 | 222.139.212.16 |
|
| Details | IPv4 | 4 | 59.188.196.172 |
|
| Details | IPv4 | 4 | 222.239.91.30 |
|
| Details | IPv4 | 3 | 45.32.251.7 |
|
| Details | IPv4 | 3 | 45.32.53.250 |
|
| Details | IPv4 | 3 | 45.32.44.52 |
|
| Details | IPv4 | 3 | 45.32.45.77 |
|
| Details | IPv4 | 3 | 59.188.196.162 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1249 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1264 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1265 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1295 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1307 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1312 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1345 |
|
| Details | MITRE ATT&CK Techniques | 2 | T1474 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1476 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1406 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 16 | T1402 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1418 |
|
| Details | MITRE ATT&CK Techniques | 26 | T1065 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 14 | T1412 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1413 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1416 |
|
| Details | MITRE ATT&CK Techniques | 5 | T1421 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1422 |
|
| Details | MITRE ATT&CK Techniques | 25 | T1426 |
|
| Details | MITRE ATT&CK Techniques | 22 | T1429 |
|
| Details | MITRE ATT&CK Techniques | 21 | T1430 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1432 |
|
| Details | MITRE ATT&CK Techniques | 9 | T1433 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1319 |
|
| Details | MITRE ATT&CK Techniques | 4 | T1328 |
|
| Details | MITRE ATT&CK Techniques | 279 | T1060 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 29 | T1045 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1073 |
|
| Details | MITRE ATT&CK Techniques | 60 | T1043 |
|
| Details | Pdb | 3 | e:\workspace\a1\coding\farseer\remoteshellsremote\release\remoteshellsremote.pdb |
|
| Details | Url | 3 | http://www3.mefound.com/aa.txt |
|
| Details | Url | 2 | https://asean.org/asean/asean-member-states/. |
|
| Details | Url | 1 | https://www.sporcle.com/blog/2019/04/what-are-the-autonomous-regions-of-china/. |
|
| Details | Url | 1 | https://www.theguardian.com/cities/ng-interactive/2018/jul/30/what-china-belt-road-initiative-silk-road-explainer. |
|
| Details | Url | 1 | https://thegeopolitics.com/china-and-xinjiang-the-fate-of-bri/. |
|
| Details | Url | 1 | https://www.cfr.org/backgrounder/chinas-crackdown-uighurs-xinjiang. |
|
| Details | Url | 1 | https://www.businessinsider.com/map-explains-china-crackdown-on-uighur-muslims-in-xinjiang-2019-2. |
|
| Details | Url | 1 | https://edition.cnn.com/interactive/2018/08/asia/south-china-sea/. |
|
| Details | Url | 2 | https://www.military.com/daily-news/2019/07/10/china-demands-us-cancel-arms-sale-taiwan.html |
|
| Details | Url | 1 | https://www.idc.com/getdoc.jsp?containerid=prus45042319 |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/. |
|
| Details | Url | 12 | https://attack.mitre.org/. |
|
| Details | Url | 9 | https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html |
|
| Details | Url | 1 | https://oasis-open.github.io/cti-documentation/stix/intro. |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/. |
|
| Details | Url | 2 | https://unit42.paloaltonetworks.com/unit42-henbox-inside-coop/. |
|
| Details | Url | 1 | https://foreignpolicy.com/2014/04/21/welcome-to-the-uighur-web/. |
|
| Details | Url | 1 | http://www.chinadaily.com.cn/business/tech/2017-07/08/content_30041010.htm |
|
| Details | Url | 1 | https://www.rfa.org/english/news/uyghur/hackers-09062012153043.html |
|
| Details | Url | 1 | https://securityledger.com/2014/08/study-finds-unrelenting-cyber-attacks-against-chinas-uyghurs/. |
|
| Details | Url | 1 | https://securelist.com/cyber-attacks-against-uyghur-mac-os-x-users-intensify/64259/. |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/. |
|
| Details | Url | 2 | https://en.wikipedia.org/wiki/turkistan_islamic_party. |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/unit-42-attack-delivers-9002-trojan-through-google-drive/. |
|
| Details | Url | 1 | https://web.archive.org/web/20160618095613/https://www.arbornetworks.com/blog/asert/recent-poison-iv/. |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/farseer-previously-unknown-malware-family-bolsters-the-chinese-armoury/. |
|
| Details | Url | 2 | https://pan-unit42.github.io/playbook_viewer/. |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |