APT-C-36(盲眼鹰)近期攻击手法分析
Tags
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | f46a33a3-e499-4076-a0d7-1b333657adc1 |
| Fingerprint | f78b0e19e73c4e19 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 21, 2022, midnight |
| Added to db | June 15, 2023, 2:59 p.m. |
| Last updated | Oct. 28, 2024, 12:02 p.m. |
| Headline | APT-C-36(盲眼鹰)近期攻击手法分析 |
| Title | APT-C-36(盲眼鹰)近期攻击手法分析 |
| Detected Hints/Tags/Attributes | 9/1/23 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 265 | ✔ | 360数字安全 | https://wechat2rss.xlab.app/feed/85e7bf4fe192ded1a15f130aa43ac306d227f61b.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | travel-ag.com |
|
| Details | File | 2 | radicado_0000369854.uue |
|
| Details | File | 1 | protected01.exe |
|
| Details | File | 1 | wordz.exe |
|
| Details | File | 1 | c:\programdata\remcos\log.dat |
|
| Details | File | 2 | nuevadll.txt |
|
| Details | File | 1 | 将载荷数据处理后注入到regasm.exe |
|
| Details | md5 | 1 | 56ACA38D92559ED7CD1A393A90BB7D27 |
|
| Details | md5 | 1 | 55AEBC396DE35DBCDCA6D31947ADF04F |
|
| Details | md5 | 2 | e82d72d74ad409f6ed3cc0f5ceb62029 |
|
| Details | md5 | 2 | ad33ef06451e32263fec67bda2bf5491 |
|
| Details | md5 | 2 | 9ebeddbc4932f8e4cf9d6dbc3d84459a |
|
| Details | md5 | 2 | 20a9ee686bccecd08d2bbdb293dc9600 |
|
| Details | md5 | 2 | ae0f6ecbfe3275603188c30e9d5ebc67 |
|
| Details | md5 | 1 | 6A1E7CCF1AD1F2B2C58D9B84F1D4BE9D |
|
| Details | md5 | 1 | E6DF600AF59A848A8E6F1222BC6B10B7 |
|
| Details | md5 | 1 | C3E32C38B8A8CF706A29EB9E1A9A97A6 |
|
| Details | md5 | 1 | 44E9AAF786001E31567DA53E6F7E1B8F |
|
| Details | IPv4 | 3 | 91.213.50.74 |
|
| Details | Threat Actor Identifier - APT-C | 83 | APT-C-36 |
|
| Details | Url | 2 | https://cdn.discordapp.com/attachments/1105473734833352788/1111284420977115186/radicado_0000369854.uue |
|
| Details | Url | 2 | http://91.213.50.74/green/rx/nuevadll.txt |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Remcos |