TransparentTribe APT组织2019年针对印度政府、军事目标的攻击活动报告
Tags
Show in Graph
Common Information
Type Value
UUID d923ddd5-3609-418e-b131-badd63bcf652
Fingerprint 8e5243adf6a74140
Analysis status DONE
Considered CTI value 2
Text language
Published March 5, 2019, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 5:54 p.m.
Headline TransparentTribe APT组织2019年针对印度政府、军事目标的攻击活动报告
Title TransparentTribe APT组织2019年针对印度政府、军事目标的攻击活动报告
Detected Hints/Tags/Attributes 10/0/78
Source URLs
Redirection Url
Details Source https://s.tencent.com/research/report/669.html
URL Provider
Details Provider Source level domain
Details tencent.com s.tencent.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
firebasebox.com
Details Domain 3 
stemtopx.com
Details Domain 1 
cynqms.com
Details Domain 1 
bdrive.club
Details Domain 1 
cloudserve.online
Details Domain 1 
bdrive.space
Details Domain 1 
www.scan9t.com
Details Domain 2 
tprlink.com
Details Domain 224 
unit42.paloaltonetworks.com
Details Domain 16 
www.anquanke.com
Details File 1 
united_nations_military_observers____course___unmoc-19_.xls
Details File 1 
eoma_pga_2019.xls
Details File 1 
contacts.doc
Details File 1 
exclusive_pictures__destruction_of_jaish_camp_and_dead_bodies_of_terrorists.doc
Details File 1 
rgiwsdasxa.zip
Details File 1 
rgiwsdasxa.exe
Details File 1 
%userprofile%\documents\hadram.zip
Details File 1 
并且将hadram.zip
Details File 1 
解压到当前目录下hadram.exe
Details File 1 
以诱饵4释放的文件rgiwsdasxa.exe
Details File 1 
以诱饵1释放的文件hadram.exe
Details File 1 
hadram.exe
Details File 1 
实际名为lioeek.exe
Details File 1 
lioeek.exe
Details File 1 
%allusersprofile%\ekeoil\ekeoil.exe
Details File 1 
ekeoil.exe
Details File 1 
c0_ncussi0n.php
Details File 1 
c:\programdata\ekeoil\ekeoil.xml
Details File 1 
会下载执行一个基于python的恶意文件axess.exe
Details File 1 
axess.exe
Details File 1 
并复制自身到该文件夹下并重命名为axess_xxxx.exe
Details File 1 
axess.db
Details File 1 
officer_course_for_fy_2018_19-4.xls
Details File 1 
ewbusm.exe
Details File 2 
graphics.exe
Details File 59 
2.exe
Details md5 1 
7fa6689ec0a8863e5084d30de4b9b252
Details md5 1 
f2260694b2ecb02bf03181e774140f29
Details md5 1 
b16d4956f6609104eb93a521b60c6f42
Details md5 1 
1b7b5c85fe5b9daf2264b7d5f6b364e9
Details md5 3 
41b70737fa8dda75d5e95c82699c2e9b
Details md5 1 
91e5c5afcf42f8912d5ae3b7dafcda22
Details md5 1 
10f6cc542bf69acdd749f8e226200cf5
Details md5 1 
c9401cdee589b69c5d57b4c747a950af
Details md5 1 
e0e9c625adab63c255a0e16fe8683189
Details md5 2 
2eb4469c76f5230c66626a6918c7664f
Details md5 1 
79d690b27e287a0a24c91b6be91254cf
Details md5 1 
0f3488c89f4f519ceba2c97e83d12af2
Details md5 1 
801f94eedb9481fb65709457c1f4c47a
Details md5 1 
ab68db5c97f9ee12ca29c1eed881781d
Details md5 1 
512dd1f7380b3507f670c061e756f005
Details md5 1 
2c94776b6a145854f305a9febf95fd00
Details md5 1 
b709529e2db6356c4578000de02725cb
Details md5 1 
1300ef72d620d298d5413658e01ee7e8
Details md5 1 
973ca595e9abe9f4c6e6cf5a624f21d7
Details md5 1 
3b3b39cb3c2306e38f9e06b23c4a645e
Details md5 1 
ec544e62d65474e4f033fdc4d4aff639
Details md5 1 
11bfb965c20327564f4555734e966cdc
Details md5 1 
93350312094d1ffcf2656c8d8df694bf
Details md5 1 
4dfde74cb13ed3890e33082b7f296f57
Details md5 1 
208606ace2e34c4b2fefeb4909c66d50
Details IPv4 2 
216.176.190.98
Details IPv4 1 
2.1.2.9
Details IPv4 109 
1.0.0.0
Details IPv4 1 
8.7.18.11
Details IPv4 1 
210.115.241.121
Details Url 1 
https://www.quora.com/if-programming-languages-had-honest-slogans-what-would-they-be
Details Url 1 
http://firebasebox.com/tootie292/reboshw/c0_ncussi0n.php
Details Url 1 
http://stemtopx.com/work/i/2.exe
Details Url 1 
http://firebasebox.com
Details Url 1 
http://cynqms.com
Details Url 1 
http://bdrive.club
Details Url 1 
http://cloudserve.online
Details Url 1 
http://bdrive.space
Details Url 1 
http://www.scan9t.com
Details Url 1 
http://tprlink.com
Details Url 3 
https://unit42.paloaltonetworks.com/unit42-gorgon-group-slithering-nation-state-cybercrime
Details Url 1 
https://www.anquanke.com/post/id/101722