【HVV情报】2024-07-25

锐捷统一上网行为管理与审计系统 static_convert.php 金和OA C6-GeneralXmlhttpPage.aspx存在金和OA C6 DownLoadBglmage 金和OA UploadFileDownLoadnew 红海云eHR kqFile.mob 任意灵当crm存在⽂件国泰新点oa协同系统TOTOLINK A6000R 数字通云平台 time 金慧-综合管理信息系统-汇智ERP-filehandle.aspx存在用友时空KSOA-PreviewKPQT.jsp存在F-logic DataCube3存在泛微e-cology9接口WorkPlanService华磊科技物流modifyInsurance华磊科技物流getOrderTrackingNumber飞讯云 WMS /MyDown/MyImportDat资产管理运营系统comfileup.phpdevikaBert-VITS2JeePlus快速开发平台

样本主题:**会议（去除30分钟限制）.exeSHA256:ac962605550d120d4d38ba87a10c87027c7ccb3f430475c0104646183bc6f825MD5:2a04ff4412e48aabdc6fc073ae734cd2C2：154.12.83.210:54123样本主题: **有限公司社会招聘报名登记表.exeSHA256:02bbeb4d9d6f13fe1db44a0a2da572b1596d9ff59b79376e8afaeab0ba76a1d6MD5:09c7199b2bcd0d908a2b8d6867a1b240C2：2gwxrah28rj0z.cfc-execute.bj.baidubce.com攻击手法：垃圾代码耗时、Rust分析结论：CobaltStrike木马样本主题:**金融(渠道经理).zipSHA256:431d010c90b451c107d4160bb134ff072cf8c7076f16ab516faa2d31ef3c4759MD5:6330fab9ce531ce8943132272a3cb2a7相关IP或域名：mobile.static.apiproxy.cloud.360.netC2：mobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com:443攻击手法：域前置分析结论：CobaltStrike木马样本主题:第三周周报.exeSHA256:090a42171e42477dbcf0d02a4e901e8eb20cfde8c1765c9a67a84bafd256b2a4MD5:5cd7b3e9950c5169a5278bdee38438efC2：2gwxrah28rj0z.cfc-execute.bj.baidubce.comdownloadlog.oss-cn-chengdu.aliyuncs.com

43.254.216.22636.134.103.86107.151.240.254112.126.68.27118.195.226.22194.233.65.183155.94.163.251119.3.204.3843.133.36.20847.104.241.90101.37.165.3739.106.54.8742.193.108.13742.193.108.13734.231.135.14222.186.134.2528.138.126.5781.70.50.7574.48.115.162116.62.56.1381.70.204.12038.147.170.224122.152.237.101139.224.238.23282.156.188.21182.157.67.48101.200.90.115103.57.228.102103.57.228.100103.57.228.99124.222.129.148120.53.86.13047.109.44.7946.101.97.13345.88.186.1247.109.53.241202.79.168.6547.109.44.7946.101.97.13345.88.186.1247.109.53.241202.79.168.65120.224.223.240122.233.235.135185.213.175.176195.170.172.225183.237.209.37202.106.126.112114.246.34.190140.249.15.151124.64.17.242223.14.40.174223.104.39.17460.163.11.198 中国 浙江省 嘉兴市 xxx60.174.26.232 中国 安徽省 池州市 xxx....