【HVV情报】2024-07-27

公众号新规只对常读和星标的公众号才能展示大图推送，建议大家把公众号“night安全”设为星标，否则可能就看不到啦！

免责声明

night安全致力于分享技术学习和工具掌握。然而请注意不得将此用于任何未经授权的非法行为，请您严格遵守国家信息安全法律法规。任何违反法律、法规的行为，均与本人无关。如有侵权烦请告知，我们会立即删除并致歉。谢谢！

##2024你懂得##

内容部分信息已脱敏,复制文章内的关键词回复公众号获取今日情报详情。

情报获取方式：

回复：20240727-001

风险情报

Oracle WebLogic server铭飞MCMS 致远互联FE协作办公平台某接口致远OA ucpcLogin接口帆软报表 FineVis 数据可视化插件 PEPMCookie 广联达 GEPS 企业项目管理系统LVS精益价值管理系统FileUploadH42-1宏脉-医美行业管理系统

样本情报

样本主题：化工项目现场安全员+**+*****.zipSHA256: dccc77558f6a4bb755c94b3e2e6839beec74dc901dcd7c5560677075c3e564acMD5: c0d123b6b03d01a2c85cff552ad94958恶意软件：downloadlog.oss-cn-chengdu.aliyuncs.comC2：2gwxrah28rj0z.cfc-execute.bj.baidubce.com分析结论：CobaltStrike木马样本主题：关于***违规违纪问题处理意见的函.rarSHA256: 1245ea34f6c3b1d6f9670c0288c5293f6ed3da7b1e430db9d75fdd3a92b8d7a2MD5: 5a212b546c34362fac0c0b59a8ce25e4C2：193.112.199.63:61080、193.112.199.63:443分析结论：CobaltStrike木马样本主题：***集团网站隐私保护政策的疑问及建议.zipSHA256: c17b09d9b839541a40ec8febdeac5fddcb26b92910af1bc11300fafc09f70bf6MD5: b545f8ce929fb291ececd08a06264fddC2：51f8e520800d40aba9f0e79930d4b1a8.apic.cn-east-3.huaweicloudapis.com分析结论：CobaltStrike木马

域名情报

k3.laomaogege.comstatic.aliyuncs.com.dsa.dnsv1.comlt3khyvt.slt.sched.tdnsv8.comdownload-sysfile.oss-cn-beijing.aliyuncs.com2gwxrah28rj0z.cfc-execute.bj.baidubce.comchinabucketos.oss-cn-hangzhou.aliyuncs.comailiyunbrowser.oss-cn-hangzhou.aliyuncs.commobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com2gwxrah28rj0z.cfc-execute.bj.baidubce.comdownloadlog.oss-cn-chengdu.aliyuncs.comservice-n6kl2nsa-1320121995.gz.apigw.tencentcs.comcontent.mielong.comqq.fgovseqb.bondxnfvr.boatshym.cnhzw.comqq9uyaq7grp3vvqe.fgovseqbbb.bonddocerwps.cnmimikatz-tech.stevenyu1132284389.workers.devwww.0xqtt57e.sched.vip-dk.tdnsvod1.cnweizhan.appbuilder.baidu.com.cn

ip情报

157.230.21.685.188.142.1235.181.159.85.189.164.1015.181.159.1125.181.159.1115.182.86.1651.17.221.23713.40.167.16115.188.88.7554.191.16.18118.143.155.18518.236.161.18013.40.142.11618.188.142.12554.190.164.64213.252.247.88213.252.246.5635.155.204.7451.16.46.152.198.129.13452.201.216.148207.244.239.10518.196.32.15934.243.9.12452.36.88.20254.213.243.74107.175.0.200107.170.56.1213.245.89.8644.204.251.9054.188.214.12918.140.244.918.134.249.167:909943.142.138.45:10001159.75.104.157:7788154.12.83.210:54123182.92.243.166:8081101.43.96.82:443129.28.178.227        漏洞利用150.158.84.27        漏洞利用119.45.153.143        漏洞利用112.124.13.162        漏洞利用8.130.21.221        扫描器扫描......