ioc[.]one - OSINT Cyber Threat Intelligence Database

Tracking Tick Through Recent Campaigns Targeting East Asia

Tags

country:	Japan South Korea
attack-pattern:	Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006

Show in Graph

Common Information

Type	Value
UUID	ed8f14bc-aa97-4c22-8a19-e2f9fc6b13a7
Fingerprint	a5ac1f9105f88f19
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 18, 2018, 12:49 p.m.
Added to db	Oct. 9, 2022, 4:07 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Vulnerability Information
Title	Tracking Tick Through Recent Campaigns Targeting East Asia
Detected Hints/Tags/Attributes	52/2/47

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	whitepia.co.kr
Details	Domain	2	www.amamihanahana.com
Details	Domain	904	snort.org
Details	Domain	1	www.oonumaboat.com
Details	Domain	1	www.houeikai.or.jp
Details	Domain	1	rbb.gol-unkai4.com
Details	Domain	1	www.whitepia.co.kr
Details	Domain	1	www.adc-home.com
Details	Domain	1	www.sakuranorei.com.com
Details	File	2	javascript.php
Details	File	1206	index.php
Details	File	2	set.html
Details	File	1	ko-ho.gif
Details	File	109	index.htm
Details	File	1	28732.html
Details	sha256	1	397a5e9dc469ff316c2942ba4b503ff9784f2e84e37ce5d234a87762e0077e25
Details	sha256	2	c2e87e5c0ed40806949628ab7d66caaf4be06cab997b78a46f096e53a6f49ffc
Details	sha256	4	569ceec6ff588ef343d6cb667acf0379b8bc2d510eda11416a9d3589ff184189
Details	sha256	4	d91894e366bb1a8362f62c243b8d6e4055a465a7f59327089fa041fe8e65ce30
Details	sha256	1	5a6990bfa2414d133b5b7b2c25a6e2dccc4f691ed4e3f453460dee2fbbcf616d
Details	sha256	1	7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849
Details	sha256	1	2f6745ccebf8e1d9e3e5284a895206bbb4347cf7daa2371652423aa9b94dfd3d
Details	sha256	1	4149da63e78c47fd7f2d49d210f9230b94bf7935699a47e26e5d99836b9fdd11
Details	sha256	2	a52c3792d8cef6019ce67203220dc191e207c6ddbdfa51ac385d9493ffe2a83a
Details	sha256	1	e71be765cf95bef4900a1cef8f62e263a71d1890a3ecb5df6666b88190e1e53c
Details	sha256	1	9b8c1830a3b278c2eccb536b5abd39d4033badca2138721d420ab41bb60d8fd2
Details	sha256	1	1df4678d7210a339acf5eb786b4f7f1b31c079365bb99ab8028018fa0e849f2e
Details	IPv4	1	111.92.189.19
Details	IPv4	1	211.13.196.164
Details	IPv4	1	202.218.32.135
Details	IPv4	1	202.191.118.191
Details	IPv4	2	110.45.203.133
Details	IPv4	2	61.106.60.47
Details	IPv4	1	52.84.186.239
Details	Pdb	1	c:\users\123\documents\visual studio 2010\projects\shadowwalker\release\bypassuacdll.pdb
Details	Pdb	1	c:\users\123\documents\visual studio 2010\projects\shadowwalker\release\loadsetup.pdb
Details	Pdb	3	c:\users\123\documents\visual studio 2010\projects\xxmm2\release\test2.pdb
Details	Pdb	2	c:\users\123\desktop\xxmm3\x64\release\reflectivloader.pdb
Details	Url	1	http://whitepia.co.kr/bbs/include/javascript.php
Details	Url	1	http://www.amamihanahana.com/diary/archives/a_/2/index.php
Details	Url	1	http://www.amamihanahana.com/contact/contact_php/jcode/set.html
Details	Url	1	http://www.oonumaboat.com/cx/index.php
Details	Url	1	http://www.houeikai.or.jp/images/ko-ho.gif
Details	Url	1	http://rbb.gol-unkai4.com/common/include/index-visual/index.htm
Details	Url	1	http://www.whitepia.co.kr/bbs/include/javascript.php
Details	Url	1	http://www.adc-home.com/28732.html
Details	Url	1	http://www.sakuranorei.com.com/blog/index.php