URLZone:疑似针对日本高科技企业雇员的攻击活动分析
Tags
| country: | Japan |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 |
Common Information
| Type | Value |
|---|---|
| UUID | f66c6c9c-a80e-4995-bb4b-1856ae415961 |
| Fingerprint | bc775ef2a1b4c9a8 |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 14, 2019, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | URLZone:疑似针对日本高科技企业雇员的攻击活动分析 |
| Title | URLZone:疑似针对日本高科技企业雇员的攻击活动分析 |
| Detected Hints/Tags/Attributes | 19/2/69 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/NRytT94ne5gKN31CSLq6GA |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | imagehosting.biz |
|
| Details | Domain | 1 | images2.imagebam.com |
|
| Details | Domain | 1 | mger.co |
|
| Details | Domain | 4 | images2.imgbox.com |
|
| Details | Domain | 1 | oi68.tinypic.com |
|
| Details | Domain | 1 | thumbsnap.com |
|
| Details | Domain | 4 | postimg.cc |
|
| Details | Domain | 1 | panisdar.com |
|
| Details | Domain | 247 | www.virusbulletin.com |
|
| Details | Domain | 184 | www.fireeye.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 5 | www.johannesbader.ch |
|
| Details | File | 1 | 67874_2019年2月18.xls |
|
| Details | File | 1 | in1.png |
|
| Details | File | 1 | dd7e561126561184.png |
|
| Details | File | 1 | w84vm.png |
|
| Details | File | 1 | 1zc8bevk_o.png |
|
| Details | File | 1 | 中的invoke-reflectivepeinjection.ps1 |
|
| Details | File | 1 | 2saxhrc.jpg |
|
| Details | File | 1 | aqiamg1b.png |
|
| Details | File | 1 | l1.png |
|
| Details | File | 83 | sbiedll.dll |
|
| Details | File | 1 | urlzone将以挂起状态启动新的explorer.exe |
|
| Details | File | 1 | urlzone_zones_inon.html |
|
| Details | File | 8 | invoke-reflectivepeinjection.ps1 |
|
| Details | File | 1 | deobfuscate_api_calls.py |
|
| Details | File | 1 | threat-spotlight-urlzone-malware-campaigns-targeting-japan.html |
|
| Details | Github username | 22 | powershellmafia |
|
| Details | Github username | 35 | neo23x0 |
|
| Details | Github username | 13 | pan-unit42 |
|
| Details | md5 | 1 | b158d69db6ef7110ef4308f4b0749e0f |
|
| Details | md5 | 1 | 61120c989de3d759c1a136ffd91e59d2 |
|
| Details | md5 | 1 | f0c47667c50cf18c66094094b44627ba |
|
| Details | md5 | 1 | ddc16b26c2cd6f8d157bed810bf944f4 |
|
| Details | md5 | 1 | 165587b4de646744fd685fdccad483aa |
|
| Details | md5 | 1 | 83599a1ac098a6139eb2329040da64f0 |
|
| Details | md5 | 1 | aa54935d07d2f3f120484095e3a622e9 |
|
| Details | md5 | 1 | c9fe46a97f382f5507a137b55aa9a180 |
|
| Details | md5 | 1 | d1eb688573524b62eac643184afe14f7 |
|
| Details | md5 | 1 | d388b03e657a21251383de725f4602a2 |
|
| Details | md5 | 1 | d6aee99594fafd6293cb3dff71e1710a |
|
| Details | md5 | 1 | e7e3581b38de0054d5ec67009b07208a |
|
| Details | md5 | 1 | ec617c9083f6e02cb9ab32a45a3ced3b |
|
| Details | md5 | 1 | f325516686b6096224c0ef66cecb6e28 |
|
| Details | md5 | 1 | fef3e566e2bc7a520f423a223970af95 |
|
| Details | md5 | 1 | a9dca658ba431a4123be8aa3f13284bc |
|
| Details | md5 | 1 | c909568a2dce7a3214a6f2e131a74f9c |
|
| Details | md5 | 1 | dd7e569e55b7cd8b6b2ed266a8e56f97 |
|
| Details | md5 | 1 | 5ce3d93453a5af55577da49236ae887d |
|
| Details | md5 | 1 | 285d70d4e25d9f68ef165189d8af55e0 |
|
| Details | IPv4 | 27 | 10.0.2.15 |
|
| Details | Url | 1 | http://imagehosting.biz/images/2019/02/14/in1.png |
|
| Details | Url | 1 | http://images2.imagebam.com/f1/b1/50/dd7e561126561184.png |
|
| Details | Url | 1 | https://mger.co/img/w84vm.png |
|
| Details | Url | 1 | https://images2.imgbox.com/34/60/1zc8bevk_o.png |
|
| Details | Url | 1 | http://oi68.tinypic.com/2saxhrc.jpg |
|
| Details | Url | 1 | https://thumbsnap.com/i/aqiamg1b.png?0214 |
|
| Details | Url | 1 | https://i.postimg.cc/0jfwgvb3/l1.png |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/63d3d639-7fd2-4afb-abbe-0d5b5551eef8 |
|
| Details | Url | 1 | https://www.virusbulletin.com/virusbulletin/2012/09/urlzone-reloaded-new-evolution |
|
| Details | Url | 1 | https://www.fireeye.com/blog/threat-research/2016/01/urlzone_zones_inon.html |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/previous-versions/office/developer/office-2010/ff861819(v=office.14 |
|
| Details | Url | 2 | https://www.crowdstrike.com/blog/cutwail-spam-campaign-uses-steganography-to-distribute-urlzone |
|
| Details | Url | 1 | https://github.com/powershellmafia/powersploit/blob/master/codeexecution/invoke-reflectivepeinjection.ps1 |
|
| Details | Url | 1 | https://github.com/neo23x0/signature-base/blob/master/yara/apt_grizzlybear_uscert.yar |
|
| Details | Url | 1 | https://github.com/pan-unit42/public_tools/blob/master/teslacrypt/deobfuscate_api_calls.py |
|
| Details | Url | 1 | https://threatvector.cylance.com/en_us/home/threat-spotlight-urlzone-malware-campaigns-targeting-japan.html |
|
| Details | Url | 1 | https://www.johannesbader.ch/2015/01/the-dga-of-shiotob |