穷源溯流:KONNI APT组织伪装韩国Android聊天应用的攻击活动剖析
Tags
| attack-pattern: | Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | db7966f9-6c94-4002-aae9-e2205270f1a6 |
| Fingerprint | b143f26ebff4b4d3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 24, 2019, midnight |
| Added to db | Jan. 30, 2023, 4:34 p.m. |
| Last updated | Nov. 17, 2024, 2:49 p.m. |
| Headline | 穷源溯流:KONNI APT组织伪装韩国Android聊天应用的攻击活动剖析 |
| Title | 穷源溯流:KONNI APT组织伪装韩国Android聊天应用的攻击活动剖析 |
| Detected Hints/Tags/Attributes | 10/1/42 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/G1Cebamao-gigq7VsskLnQ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 3 | oaass-torrent.com |
|
| Details | Domain | 3 | download-apks.com |
|
| Details | Domain | 188 | com.android |
|
| Details | Domain | 42 | rambler.ru |
|
| Details | Domain | 17 | sandbox.ti.qianxin.com |
|
| Details | Domain | 37 | blog.alyac.co.kr |
|
| Details | 1 | 16@gmail.com |
||
| Details | 1 | downmaner15@rambler.ru |
||
| Details | File | 3 | kakaotalk.apk |
|
| Details | File | 1 | 写入数据到accountinfo.txt |
|
| Details | File | 1 | 结果写入到appinfo.txt |
|
| Details | File | 1 | 结果写入到phoneinfo.txt |
|
| Details | File | 1 | starter.txt |
|
| Details | File | 1 | accountinfo.txt |
|
| Details | File | 1 | totalmsg.txt |
|
| Details | File | 1 | appinfo.txt |
|
| Details | File | 1 | boardinfo.txt |
|
| Details | File | 1 | maninfo.txt |
|
| Details | File | 1 | newmsg.txt |
|
| Details | File | 1 | recordinfo.mp4 |
|
| Details | File | 1 | cardinfo.txt |
|
| Details | File | 1 | curtime.txt |
|
| Details | File | 1 | phoneinfo.txt |
|
| Details | File | 17 | up.php |
|
| Details | md5 | 2 | 2487a29d1193b5f48d29df02804d8172 |
|
| Details | md5 | 1 | 2cbf145eb39818d2b43b8c03ddb28ddf |
|
| Details | md5 | 2 | 9e9745415793488ecf0774c7477bf2ae |
|
| Details | md5 | 1 | e039be15ddf7334311ee01711ba69481 |
|
| Details | IPv4 | 2 | 2.56.151.8 |
|
| Details | Url | 1 | http://bit.ly/2cznaqd- |
|
| Details | Url | 1 | http://oaass-torrent.com/kakaotalk.apk |
|
| Details | Url | 1 | http://download-apks.com/kaokaotalk |
|
| Details | Url | 1 | http://download-apks.com/上还存在其他公开目录 |
|
| Details | Url | 44 | https://sandbox.ti.qianxin.com/sandbox/page |
|
| Details | Url | 1 | http://2.56.151.8/manager |
|
| Details | Url | 1 | http://bit.ly/2cznaqd |
|
| Details | Url | 1 | http://bit.ly/37gauoo |
|
| Details | Url | 1 | http://download-apks.com |
|
| Details | Url | 1 | http://oaass-torrent.com |
|
| Details | Url | 1 | http://download-apks.com/kakaotalk/kakaotalk.apk |
|
| Details | Url | 2 | https://blog.alyac.co.kr/2486 |