新APT组织穆伦鲨(MurenShark) 调查报告:袭向土耳其海军的鱼雷 – 绿盟科技技术博客
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f58bbd73-3ff5-4aca-a4c9-692949586569 |
| Fingerprint | 765242cea6259944 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 18, 2022, 6:34 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Dec. 22, 2024, 12:40 p.m. |
| Headline | 新APT组织穆伦鲨(MurenShark) 调查报告:袭向土耳其海军的鱼雷 |
| Title | 新APT组织穆伦鲨(MurenShark) 调查报告:袭向土耳其海军的鱼雷 – 绿盟科技技术博客 |
| Detected Hints/Tags/Attributes | 10/0/48 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.nsfocus.net/murenshark |
| Details | Source | http://blog.nsfocus.net/murenshark/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | neu.edu.tr |
|
| Details | Domain | 1 | cachedns.io |
|
| Details | Domain | 1 | d0g3.cachedns.io |
|
| Details | Domain | 4688 | github.com |
|
| Details | Domain | 1 | jc.neu.edu.tr |
|
| Details | Domain | 1 | bookstore.neu.edu.tr |
|
| Details | File | 1 | %localappdata%\microsoft\edgefss\filesyncshell64.dll |
|
| Details | File | 1 | comhijack_dll_load.vb |
|
| Details | File | 5 | c:\windows\system32\taskhost.exe |
|
| Details | File | 1 | %localappdata%\microsoft\edgefss\下是否存在名为filesyncshell64.dat |
|
| Details | File | 1 | 该filesyncshell64.dat |
|
| Details | File | 1 | 如果指定目录下未发现名为filesyncshell64.dat |
|
| Details | File | 1 | 回复包中所含加密内容的解密方式与前述对filesyncshell64.dat |
|
| Details | File | 1 | r_main.js |
|
| Details | File | 1 | tarihleri.xlsx |
|
| Details | Github username | 5 | s3cur3th1ssh1t |
|
| Details | Github username | 11 | thewover |
|
| Details | md5 | 1 | 0a286239b3fe2e44545470e4117f66eb |
|
| Details | md5 | 1 | 88bba0077207359cdb9bddb3760f1f32 |
|
| Details | md5 | 1 | 423cff633679c5dc1bfb27b4499eb171 |
|
| Details | md5 | 1 | 3592e56022ce1d87000e36cc0dd37d0e |
|
| Details | md5 | 1 | bb9e1f1e5ef6f3f9f8de6d12d626c435 |
|
| Details | md5 | 1 | 11a5c681e108cf84a2cc669e8204ac53 |
|
| Details | md5 | 1 | 0a768a5c9f4714f7ca92545baf9f72c9 |
|
| Details | md5 | 1 | a92c6617aa28d4041c44f4b9cc3a5fa3 |
|
| Details | md5 | 1 | 9a31e7918ae4de42c28d67e711802f58 |
|
| Details | md5 | 1 | 07e4844bde106bb6786e9e767d376408 |
|
| Details | md5 | 1 | 9a0889667c89e592914e74916fd1ec56 |
|
| Details | md5 | 1 | 468b3eaf031b5aef98b34b5ce39facad |
|
| Details | md5 | 1 | c0f37db18293732872643994e12a4ad2 |
|
| Details | md5 | 1 | 44da01a0a636a6fa3141c698f3bb2673 |
|
| Details | md5 | 1 | e6c1685e504fe1d05aa365c79a5e0231 |
|
| Details | md5 | 1 | 32704a3fb28508e3b15bbbd28716ec76 |
|
| Details | md5 | 1 | dc60577efe1d18c05b7c90853bac4c86 |
|
| Details | md5 | 1 | 349341fe3519a81c0178c5840009cf87 |
|
| Details | md5 | 1 | 156e197d7838558f44eed800b3b3ee8a |
|
| Details | md5 | 1 | 0f5b520120008ca6969ccad439020f98 |
|
| Details | md5 | 1 | d509145bcf4e6af3de1a746609c23564 |
|
| Details | md5 | 1 | e4b353f731739487dd48e322bf540405 |
|
| Details | Url | 1 | https://bilgem.tubitak.gov.tr/tr/haber/akya-torpidosu-muren-prevezeye-entegre-ediliyor),并已在21年测试完成,在22年提供给土耳其海军司令部(https://raillynews.com/2021/11/denizaltilari-muren-yonetecek/)。土耳其海军对müren项目给予很大期望,认为该项目能够推动土耳其海军系统国产化,并成为土耳其国家级潜艇项目“milden”的关键一步(https://www.navalnews.com/naval-news/2021/11/turkeys-new-submarine-cms-muren-to-enter-service-in-2022 |
|
| Details | Url | 1 | http://blog.nsfocus.net/apt-dogecoin |
|
| Details | Url | 1 | https://neu.edu.tr |
|
| Details | Url | 1 | https://github.com/s3cur3th1ssh1t/offensivevba/blob/main/src/comhijack_dll_load.vba |
|
| Details | Url | 1 | https://github.com/thewover/donut)生成的完整载荷。借助该框架,universaldonut可以在shellcode执行阶段实现大量对抗功能,包括chaskey算法加密、amsi/wdlp绕过、连通性检测等。最重要的是,donut提供的.net支持使穆伦鲨攻击者可以使用该shellcode加载后续阶段主要木马letmeout |
|
| Details | Url | 1 | http://jc.neu.edu.tr/apply |
|
| Details | Url | 1 | http://jc.neu.edu.tr/r_main.js |
|
| Details | Url | 1 | http://bookstore.neu.edu.tr/kgb |
|
| Details | Url | 1 | http://bookstore.neu.edu.tr/ara |