奇安信情报沙箱助力,识破求职网站伪装下的恶意软件
Tags
| country: | Israel |
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | e3a9bf36-1221-4ca8-973c-c15f034c5cb3 |
| Fingerprint | 536a0ce8d5cfe1cb |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 15, 2024, midnight |
| Added to db | Nov. 15, 2024, 12:36 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | 奇安信情报沙箱助力,识破求职网站伪装下的恶意软件 |
| Title | 奇安信情报沙箱助力,识破求职网站伪装下的恶意软件 |
| Detected Hints/Tags/Attributes | 12/2/46 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | cdn.careers2find.com |
|
| Details | Domain | 17 | sandbox.ti.qianxin.com |
|
| Details | Domain | 2 | signedconnection.zip |
|
| Details | Domain | 129 | api.ipify.org |
|
| Details | Domain | 1 | xboxapicenter.com |
|
| Details | Domain | 1 | quiz.careers2find.com |
|
| Details | Domain | 1 | telementry.cab |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 291 | raw.githubusercontent.com |
|
| Details | Domain | 180 | readme.md |
|
| Details | Domain | 194 | drive.google.com |
|
| Details | Domain | 1 | bringthemhomenow.zip |
|
| Details | Domain | 3 | careers2find.com |
|
| Details | File | 3 | signedconnection.zip |
|
| Details | File | 1 | c:\users\admin\appdata\local\microsoft\windowsinsights\workstation\filecoauth.exe |
|
| Details | File | 2 | signedconnection.exe |
|
| Details | File | 14 | filecoauth.exe |
|
| Details | File | 17 | qt5core.dll |
|
| Details | File | 39 | secur32.dll |
|
| Details | File | 4 | loggingplatform.dll |
|
| Details | File | 51 | msvcp140.dll |
|
| Details | File | 2 | updateringsettings.dll |
|
| Details | File | 69 | vcruntime140.dll |
|
| Details | File | 1 | telementry.cab |
|
| Details | File | 367 | readme.txt |
|
| Details | File | 1 | 保存为后门所在目录的log子目录下的cabinet.zip |
|
| Details | File | 1 | 运行其中的filecoauth.exe |
|
| Details | File | 1 | bringthemhomenow.zip |
|
| Details | File | 1 | coreuicomponent.dll |
|
| Details | Github username | 1 | msdnedgesupport |
|
| Details | md5 | 1 | bb4c8f42cc624c628e4b98bd43f29fa6 |
|
| Details | md5 | 1 | 3528837b4088a22f0043551431809b3d |
|
| Details | md5 | 1 | f9914c7d6e09d227b2cecea50b87e58b |
|
| Details | md5 | 1 | ef262f571cd429d88f629789616365e4 |
|
| Details | md5 | 1 | 816af741c3d6be1397d306841d12e206 |
|
| Details | Mandiant Uncategorized Groups | 3 | UNC1549 |
|
| Details | Url | 44 | https://sandbox.ti.qianxin.com/sandbox/page |
|
| Details | Url | 1 | https://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=azmj5lm1szq0hovfdn9z |
|
| Details | Url | 1 | https://cdn.careers2find.com/assets/app/signedconnection.zip |
|
| Details | Url | 30 | https://www.microsoft.com |
|
| Details | Url | 1 | https://raw.githubusercontent.com/msdnedgesupport/msdn/main/readme.md |
|
| Details | Url | 1 | https://drive.google.com/uc?export=download&id=1prtua0jgp3tvjjyr_o |
|
| Details | Url | 1 | https://xboxapicenter.com |
|
| Details | Url | 1 | https://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=azmlo6meonzsmf3 |
|
| Details | Url | 1 | https://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |