【HVV情报】2024-07-29

公众号新规只对常读和星标的公众号才能展示大图推送，建议大家把公众号“night安全”设为星标，否则可能就看不到啦！

免责声明

night安全致力于分享技术学习和工具掌握。然而请注意不得将此用于任何未经授权的非法行为，请您严格遵守国家信息安全法律法规。任何违反法律、法规的行为，均与本人无关。如有侵权烦请告知，我们会立即删除并致歉。谢谢！

##2024你懂得##

内容部分信息已脱敏,复制文章内的关键词回复公众号获取今日情报详情。

情报详情获取方式：

回复：20240729-001

风险情报

网传-通达OA SQL浪潮GS企业管理软件xtdysrv.asmx泛微HrmService存在Netgear WN604无线路由器siteSurvey.phpLinux kemefWWBN AVideo存在Solar-Log存在餐厅数字化综合管理平台

样本情报

样本主题：建议虚拟机中运行本程序.exeSHA256: 524fbb6bbc86885ed0ec0ba3194302df0a1e356dded509e55725362cd2662b00MD5: 33650f678ffc4857aaaa9a6513d6becb相关域名：doc.run、sched.tdnsv8.com、www.shangxueba.com、oweeqjtrqesn.kuaizhan.com、www.cdn.dnsv1.com、www.dsa.sp.spcdntip.com攻击手法：域前置分析结论：CobaltStrike木马样本主题：****-https.exeSHA256: 85302308d8bf8d807ab179e5c4bdeb88379ddbcd4a342c07a29d1ca8dab8258aMD5: 4a3456392d3b19f74bcd77d192b62774C2：27.211.158.244:43904分析结论：CobaltStrike木马样本主题：***-新媒体矩阵微信稿.isoSHA256: 22f85b30529877305948b2942d3f3347b62b61ed61572f30cd26ccca553cf6b5MD5: 1c273925cfb2a43b8a915934721f0f32恶意软件：private-javascript.oss-cn-hangzhou.aliyuncs.com.s2-web.dogedns.com分析结论：CobaltStrike木马样本主题：西安****有限公司资料信息.zipSHA256: 667cf48fec5c42592382cbe28e077ce7cefb68f93496c160b74580b1ffae5e18MD5: d91bf15ad5e67bc051fcc4b30d2e2cfe恶意软件：yuntechmirror.oss-cn-hangzhou.aliyuncs.com、chinabucketos.oss-cn-hangzhou.aliyuncs.com、ailiyunbrowser.oss-cn-hangzhou.aliyuncs.com、alizbhn.oss-cn-shenzhen.aliyuncs.com相关域名：123youke.com、rjf56.com、turingmaker.com攻击手法：域前置分析结论：CobaltStrike木马

域名情报

2024.nizarsaadjabal.com www.0xqtt57e.sched.vip-dk.tdnsvod1.cn123youke.comrjf56.comturingmaker.comdoc.runsched.tdnsv8.comwww.shangxueba.comoweeqjtrqesn.kuaizhan.comwww.cdn.dnsv1.comwww.dsa.sp.spcdntip.com

ip情报

5.75.142.14952.227.248.137213.138.97.228112.124.54.173 193.176.10.151193.178.170.60188.165.180.1083.149.93.148152.32.249.41152.32.251.32152.32.210.197146.190.74.215146.190.168.188146.190.120.181101.37.81.72 83.149.128.151148.113.173.193185.54.147.165185.53.207.2723.97.147.64121.41.169.217 152.32.169.48182.92.232.85 47.94.222.178 152.42.156.97121.196.232.45213.140.128.244116.62.236.119 142.93.172.2100.1.226.15823.101.206.18523.96.110.38112.124.41.218112.124.19.38112.124.71.123159.65.28.100159.65.41.205159.65.201.83159.65.40.119159.69.197.20159.69.199.205118.195.183.184 39.106.59.150 159.65.254.198159.65.23.71159.75.96.211194.177.53.5180.150.65.15785.105.39.5794.124.124.18221.228.67.19202.22.224.978.189.148.23141.72.131.5850.188.104.15218.153.90.3150.243.160.243211.102.192.2434.120.243.20934.122.3.3534.122.230.14534.121.16.14334.123.183.15034.124.197.180119.45.22.216 34.126.175.2934.131.16.8634.131.198.9234.133.148.5134.135.206.15334.135.86.21034.134.82.31189.151.208.1939.68.73.160 116.62.197.15167.86.115.9386.57.135.244.206.159.130124.70.103.151106.55.202.118        123.6.81.16     61.160.224.9       121.32.243.7     61.160.224.8       223.111.128.11      106.55.202.118       117.72.75.193       77.90.22.16 德国 黑森州 美因河畔法兰克福 223.104.73.133 中国 广东省 珠海市 ......