ioc[.]one - OSINT Cyber Threat Intelligence Database

Tricky Chinese-Targeted Trojan Bypasses Authentication

Tags

country:	China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Regsvr32 - T1218.010 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Regsvr32 - T1117

Show in Graph

Common Information

Type	Value
UUID	e187dfa8-2241-4b8b-a219-59a313031edb
Fingerprint	ac149858edbe8347
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 7, 2019, midnight
Added to db	Jan. 18, 2023, 11:18 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Tricky Chinese-Targeted Trojan Bypasses Authentication
Title	Tricky Chinese-Targeted Trojan Bypasses Authentication
Detected Hints/Tags/Attributes	60/3/68

Source URLs

	Redirection	Url
Details	Source	https://www.fortinet.com/blog/threat-research/chinese-targeted-trojan-analysis.html

URL Provider

Details	Provider	Source level domain
Details	fortinet.com	www.fortinet.com

Attributes

Details	Type	#Events	Value
Details	CVE	31	cve-2018-20250
Details	CVE	375	cve-2017-11882
Details	Domain	5	click.clickanalytics208.com
Details	Domain	67	360.cn
Details	Domain	12	www.360.cn
Details	Domain	62	icanhazip.com
Details	Domain	5	generic.ac
Details	Domain	1	www.twitter.hnwfj.com
Details	Domain	1	althawry.org
Details	Domain	1	www.careerdesk.org
Details	Domain	1	arthur.niria.biz
Details	Domain	1	amsamex.com
Details	Domain	1	apple-pie.in
Details	Domain	1	ahmediye.net
Details	Domain	1	ampyazilim.com.tr
Details	Domain	1	g2.arrowhitech.com
Details	File	4	s_code.js
Details	File	1	conf.exe
Details	File	459	regsvr32.exe
Details	File	8	qq.exe
Details	File	1	c:\\windows\temp\conf.exe
Details	File	312	calc.exe
Details	File	23	test.dll
Details	File	2	mpclient.exe
Details	File	4	getsign.asp
Details	File	1	xlaccount.dll
Details	File	1	xs.jpg
Details	File	1	xs2.jpg
Details	sha256	1	bbf36d18436c8993d2c2dc3ee2095db6bb23ece287568ebb31040124733367ee
Details	sha256	1	88d13e9bb6a644bf258b353afdf48bbd83c8490d01f16b9b3731bf4a62eb4b30
Details	sha256	1	4614b2f398d17fe231fd690eeb5b842ea5135a504ee3f464daacbe55d669c2c0
Details	sha256	1	7692617edaeb5598c8a3653c44ad85aca5cf61cd7effcd4ae88af1eb057d8f08
Details	sha256	1	6dc753cd93e1e5f205676b545dd1b9f81277f17c147a2e1bb5692560154f3ab9
Details	sha256	1	25a2dee5c5e9d537def7a9027a799815c5796fe7513978b0335ec46ea8ac6698
Details	sha256	1	46043089b8242b8b0066f7694faad8d353be1e564df1a28831102038b08859f8
Details	sha256	1	e326393f0609c91a1c83b1a53c8be050966bf0d2414d0156476c27762214c752
Details	sha256	1	a66ec1ab17f71659965edd7aa4187ef776ca730a8c19439533c14f80ff6b45a8
Details	sha256	1	93d3201a560b34613327af582c76bb08cea9e74d1e02f2915b76d901e0d0b98c
Details	sha256	1	db1b203f2d169afadf026d470bc2d462ec13cfdf6fa4f3e990a460570188080e
Details	sha256	1	1567b42c3f95faf9a67e9b698ad80c8192cc0382ede5b42412cb6f18ddf52d25
Details	sha256	1	263a967112ee6eeb15503f4a8327bda58cebac4e8e565447f300483f8fe0179a
Details	sha256	1	18082e681361d6994ab39d8bd5615de5cceafce49fa29f4771fabe2b97f65fd0
Details	IPv4	1	154.222.140.49
Details	IPv4	1	122.112.245.78
Details	IPv4	1	218.31.126.140
Details	Url	1	https://click.clickanalytics208.com/s_code.js?cid=239&v=243bcb3d3c0ba83d41fc
Details	Url	1	http://154.222.140.49/qq.exe
Details	Url	1	http://154.222.140.49/calc.exe
Details	Url	7	http://icanhazip.com
Details	Url	1	http://154.222.140.49/123.sct
Details	Url	1	https://www.twitter.hnwfj.com/login
Details	Url	1	http://althawry.org/images/xs.jpg?62ba3=3639483
Details	Url	1	http://althawry.org/images/xs.jpg?68697=2993697
Details	Url	1	http://www.careerdesk.org/images/xs.jpg?6b4db=2637090
Details	Url	1	http://www.careerdesk.org/images/xs.jpg?63cf2=3679362
Details	Url	1	http://arthur.niria.biz/xs.jpg?63d8b=1635884
Details	Url	1	http://arthur.niria.biz/xs.jpg?6983e=3889710
Details	Url	1	http://amsamex.com/xs.jpg?640d7=1229445
Details	Url	1	http://amsamex.com/xs.jpg?6a441=3046855
Details	Url	1	http://apple-pie.in/images/xs.jpg?6c18d=4427650
Details	Url	1	http://apple-pie.in/images/xs.jpg?2ae562=28112340
Details	Url	1	http://ahmediye.net/xs.jpg?67f06=4257340
Details	Url	1	http://ahmediye.net/xs.jpg?6b69d=3959685
Details	Url	1	http://ampyazilim.com.tr/images/xs2.jpg?67994=3394720
Details	Url	1	http://g2.arrowhitech.com/xs.jpg?66deb=421355
Details	Url	1	http://g2.arrowhitech.com/xs.jpg?6e6c8=2713776
Details	Windows Registry Key	1	HKCU\Software\Classes\Folder\Shell\test\Command
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run