360 Threat Intelligence Center

#APT # Konni MD5: cfa9474e43df286726351a098e4d1862 C&C: http://footballs[.]sportsontheweb[.]net

@redbad2 是C2地址，硬编码在样本中

@360CoreSec 这个域名现在是NXDOMAIN，在样本中，这个域名的作用是C2还是某种其他的控制功能？

#APT #StrongPity MD5: 3118385afbd4ebef45b7b230cd5a643e C2: cdn2-state-upd[.]com

#APT #Gamaredon MD5:6d956049dbaadc19543a565d303e26a5 C&C:http://classroom[.]dangeti[.]ru/IRINA/interdependent/intercourse/intercourse[.]dot

#APT-C-35 #Donot MD5: 46899620da3c24566258eda6202251b5 C&C: http://wee365[.]com/craken/authenticate/check.php

#APT The lure document #FerociousKitten Group used: MD5: 3e38999a11cda8c9290dbe02b0e4634a C&C: microsoft.microcaft[.]xyz

#APT-C-61 #Sanuwa MD5：54f8ac92afeb71cf53fe5c10a71fb880 https://op9.herokuapp[.]com

jayshreeram[.]cf/AnyDesk.exe jayshreeram[.]cf/PAG-HCNR-visit-US-on-25-jun-21.jpg

The samples were from South Asia. The attacker tricked victims with political hotspots on phony website with fanatical slogans in Indian, and conducted RAT #attack. MD5： fbeb1867cee05818199f91ccb99bc32e 37255857bd1fc48c7fcc2a3fa8af86a5 c820f9d2ec9ea0d0c74a11d48a74b311

It 's suspected to be an #attack targeting IN. MD5: 953bb2b7296ffc9ee915c90adaf6a716 d061dab09ce1480d9317b79bf0a15a71 908F0BF164379FFF5A0A99B73FE64CA7 45.147.228[.]195

The sample conducted targeted information collection. MD5: 37278b7996dc08b11968cb5d1e5f438e 0e18eb5bf3ab75e555e4909d9171b64a www.master2025[.]com slpct.co[.]in/images/totalegit[.]exe

It 's suspected to be an #attack targeting South America. MD5: 2e1b90807d12eb20c5d7bc495fca543a 8a4e17f2a30047f307ea3c956e04d4ac deae11179f4c80cf07c96280548fb843

#APT-C-41 #StrongPity Sample of downloaders MD5: E324079702DAC313A849749217EAB6BC C&C: singlefunctionapp[.]com 195[.]123[.]246[.]38

#Evilnum MD5: 984a7a5f67eddd64dfd538797018feb2 FileName: SelfiePassport2505.jpg.lnk C2: http[:]//apintoative[.]com/get.php

#TransparentTribe #Netwire #Backdoor MD5: 3C3AD5B94E69953D141CDB7C1BC65747 C&C: 66.154.103.106:13374

#Netwire RAT suspected to be dropped by #APT-C-56 #TransparentTribe MD5: c2a38018cf336685e3c760c614bbf4c3 f0b43a3f4821a4cf4b514144b496e4d7

#Kimsuky Script MD5: a7e25f83a24ac1c73acb587457e325e7 http://outwd[.]myartsonline[.]com/yu/ls[.]down

#APT #Kimsuky Template injection file: BIOStyle.dotm MD5: 863fd86868014b5cc008764816c422c5 URL： http://vnskwl[.]mypressonline[.]com/relationship/BIOStyle[.]dotm http://outwd[.]myartsonline[.]com/yu/ls[.]txt

#OperationMermaid #APT-C-07 MD5: 5070200184B2A7B0373008B85EDED359 filename:d697 14BCE6FA7E68F2D886D221E3EFFEFB0F filename:d962.exe

#APT-C-56 #TransparentTribe #Downloader MD5:b0be45e54ac96dd70887f836bd43a5ed URL:https://www[.]bsnlplots[.]com/css/css/chk[.]php