SideCopy组织近期以印度国防部相关文档为诱饵的攻击活动分析
Tags
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | e39033f7-a8f4-40db-8a55-e3b518b2f633 |
| Fingerprint | 5195ef6c79fecc60 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 21, 2022, midnight |
| Added to db | April 20, 2023, 12:45 p.m. |
| Last updated | Nov. 15, 2024, 12:36 p.m. |
| Headline | SideCopy组织近期以印度国防部相关文档为诱饵的攻击活动分析 |
| Title | SideCopy组织近期以印度国防部相关文档为诱饵的攻击活动分析 |
| Detected Hints/Tags/Attributes | 9/1/79 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | grant-of-risk-and-hardship-allowance-jcos-or.zip |
|
| Details | Domain | 3 | kcps.edu.in |
|
| Details | Domain | 5 | www.cornerstonebeverly.org |
|
| Details | Domain | 4 | cornerstonebeverly.org |
|
| Details | Domain | 3 | hpuniversity.in |
|
| Details | Domain | 5 | file2.zip |
|
| Details | Domain | 3 | file3.zip |
|
| Details | Domain | 3 | women.zip |
|
| Details | Domain | 3 | survry.zip |
|
| Details | Domain | 4 | software.zip |
|
| Details | Domain | 2 | assignment1.zip |
|
| Details | Domain | 3 | principles.zip |
|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | File | 2 | grant-of-risk-and-hardship-allowance-jcos-or.zip |
|
| Details | File | 1 | 使用系统的mshta.exe |
|
| Details | File | 1 | 其功能为通过注册表为crezly.exe |
|
| Details | File | 1 | 不同之处在于会休眠一分钟后直接启动释放的simsre.exe |
|
| Details | File | 1 | 并且注册表添加自启动项的程序也是simsre.exe |
|
| Details | File | 1 | 会在%temp%目录下生成tmplate.txt |
|
| Details | File | 4 | simsre.exe |
|
| Details | File | 33 | duser.dll |
|
| Details | File | 1 | 侧加载的duser.dll |
|
| Details | File | 1 | 加载执行释放的simsre.exe |
|
| Details | File | 1 | 不同的是其最终载荷duser.dll |
|
| Details | File | 5 | file2.zip |
|
| Details | File | 3 | file3.zip |
|
| Details | File | 3 | women.zip |
|
| Details | File | 3 | survry.zip |
|
| Details | File | 4 | software.zip |
|
| Details | File | 2 | assignment1.zip |
|
| Details | File | 3 | principles.zip |
|
| Details | md5 | 2 | 577419F202182F6E933C1CF83EF922EA |
|
| Details | md5 | 2 | 087E366A4BECCBECB7D7CDB5C2F73088 |
|
| Details | md5 | 2 | 3E3D3F78A07BAB5A3342E0414E48D787 |
|
| Details | md5 | 2 | 26E41AF2CA9EA82C244C1AA1EC77654A |
|
| Details | md5 | 2 | FA6C832E22F978B8210C0630DB69E6A2 |
|
| Details | md5 | 2 | EFCC2BF765993711CC9E4E86D2EBB876 |
|
| Details | md5 | 2 | 191C389140293C782D7A2304893151E2 |
|
| Details | md5 | 2 | 6528A9F0AF30DF7F4211EF8B341ACC2E |
|
| Details | md5 | 2 | 0725318B4F5C312EEAF5EC9795A7E919 |
|
| Details | md5 | 2 | AB11B91F97D7672DA1C5B42C9ECC6D2E |
|
| Details | md5 | 2 | CBAA7FC86E4F1A30A155F60323FDB72A |
|
| Details | md5 | 2 | 036DA574B5967C71951F4E14D000398C |
|
| Details | md5 | 2 | 2E19B7A2BBDC8082024D259E27E86911 |
|
| Details | md5 | 2 | 3F22B345ED1F9E244DB034F9AF49E707 |
|
| Details | md5 | 2 | EDE163036A1754C71D6FF11B266B91CE |
|
| Details | md5 | 2 | 5BE4E4884F4E021BA975CBED0A7E9C25 |
|
| Details | md5 | 2 | F7D1E515CB84F6DC2D0349AB93BD4E05 |
|
| Details | md5 | 2 | 63789CACECC1ABD9669344516ADB4120 |
|
| Details | md5 | 2 | 9B06472E5ACF2311D0AF62D638A8E51A |
|
| Details | md5 | 2 | D129B81C1D40C34AC628835E144A4740 |
|
| Details | md5 | 2 | BA2ADA448B8471789C0EF3B3345597FE |
|
| Details | md5 | 2 | 6B3F45F7A6758D198A317DE43D51E669 |
|
| Details | md5 | 2 | A65EB385C9019C712EA513E4C5C25152 |
|
| Details | md5 | 2 | 1A1C8C0F5CAFB7DF661086BCB804154C |
|
| Details | md5 | 2 | 0C44DA9103FB26DAFC710E83E95AD1C2 |
|
| Details | md5 | 2 | 61427F7A200D7A21C1CF38FFE2FD4EE5 |
|
| Details | md5 | 2 | 441F580A36757CF20493029B055F581E |
|
| Details | IPv4 | 5 | 144.91.72.17 |
|
| Details | IPv4 | 4 | 185.229.119.60 |
|
| Details | Url | 1 | https://kcps.edu.in/css/fonts/files/docs/graentsodocumentso/ganeshostwoso/snbtoolswires.hta下载一段js代码回来执行 |
|
| Details | Url | 3 | https://kcps.edu.in/css/fonts/files/avena |
|
| Details | Url | 44 | https://sandbox.ti.qianxin.com/sandbox/page |
|
| Details | Url | 3 | https://kcps.edu.in/css/fonts/files/ntsfonts |
|
| Details | Url | 3 | https://kcps.edu.in/css/fonts/files/jquery |
|
| Details | Url | 4 | https://www.cornerstonebeverly.org/js/files/docufentososo/doecumentosoneso/pantomime.hta |
|
| Details | Url | 3 | https://cornerstonebeverly.org/js/files/ntfonts/avena |
|
| Details | Url | 3 | https://cornerstonebeverly.org/js/files/ntfonts |
|
| Details | Url | 2 | https://hpuniversity.in/uploads/files/women/start |
|
| Details | Url | 3 | https://hpuniversity.in/uploadsssss/files/file2/file2.zip |
|
| Details | Url | 3 | https://hpuniversity.in/uploadsssss/files/file3/file3.zip |
|
| Details | Url | 3 | https://hpuniversity.in/uploadsssss/files/women/women.zip |
|
| Details | Url | 3 | https://hpuniversity.in/uploadsssss/files/survey/survry.zip |
|
| Details | Url | 3 | http://hpuniversity.in/filessss/software/software.zip |
|
| Details | Url | 3 | https://hpuniversity.in/documents/women/women.zip |
|
| Details | Url | 2 | https://hpuniversity.in |
|
| Details | Url | 3 | https://hpuniversity.in/filessss/principles/principles.zip |
|
| Details | Url | 3 | https://hpuniversity.in/documents/survey/start/2.hta |
|
| Details | Url | 3 | https://ti.qianxin.com/blog/articles/sidecopy-dual-platform-weapon |