APT组织Patchwork七月活动,利用“第七届COMAC国际科技创新周”主题进行钓鱼攻击 | CTF导航
Tags
| attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | f4fcbb6f-80ec-4de0-be9a-5fab5df163f6 |
| Fingerprint | b77ddffee426e5e4 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Aug. 5, 2024, midnight |
| Added to db | Aug. 31, 2024, 10:42 a.m. |
| Last updated | Nov. 16, 2024, 11:18 a.m. |
| Headline | APT组织Patchwork七月活动,利用“第七届COMAC国际科技创新周”主题进行钓鱼攻击 |
| Title | APT组织Patchwork七月活动,利用“第七届COMAC国际科技创新周”主题进行钓鱼攻击 | CTF导航 |
| Detected Hints/Tags/Attributes | 8/1/14 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.ctfiot.com/201445.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 476 | ✔ | APT – CTF导航 | https://www.ctfiot.com/apt/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 83 | xz.aliyun.com |
|
| Details | Domain | 2 | yuxuan.ghshijie.com |
|
| Details | File | 2 | 并且重命名为update.exe |
|
| Details | File | 2 | 每分钟执行一次update.exe |
|
| Details | File | 3 | windowssystem32conhost.exe |
|
| Details | File | 2 | c:\\users\\public\\comac_technology_innovation.pdf |
|
| Details | File | 2 | c:\\users\\public\\sam-newnamec:\\users\\public\\update.exe |
|
| Details | File | 2 | microsoftedgeapplicationmsedge.exe |
|
| Details | File | 175 | update.exe |
|
| Details | Threat Actor Identifier - APT-Q | 11 | APT-Q-36 |
|
| Details | Url | 1 | https://xz.aliyun.com/t/15376首发作者 |
|
| Details | Url | 1 | https://xz.aliyun.com/t/15376 |
|
| Details | Url | 2 | https://xingyu.ghshijie.com/cvbcolo09/tqerwer8-outfilec:\\users\\public\\comac_technology_innovation.pdf |
|
| Details | Url | 2 | https://yuxuan.ghshijie.com/jlytw07sev/fuol91mv-outfilec |