【HVV情报】2024-08-01

公众号新规只对常读和星标的公众号才能展示大图推送，建议大家把公众号“night安全”设为星标，否则可能就看不到啦！

免责声明

night安全致力于分享技术学习和工具掌握。然而请注意不得将此用于任何未经授权的非法行为，请您严格遵守国家信息安全法律法规。任何违反法律、法规的行为，均与本人无关。如有侵权烦请告知，我们会立即删除并致歉。谢谢！

##2024你懂得##

内容部分信息已脱敏,复制文章内的关键词回复公众号获取今日风险情报以及ip情报，其余情报请看文章。

情报上传至百度和阿里两个网盘中，大家自行选择。

情报详情获取方式：

回复：HW20240801

风险情报

搜狗输入法绕过【0day】同享TXEHR V15人力管理管理平台UploadHandler存在xxx方天云智慧平台系统 GetCompanyItem xxx用友U9 DoQuery xxx泛微OA E-cology setup xxxFOG Project export存在xxx迈普多业务融合网关send_order.cgi存在xxxSoftnext电子邮件系统存在xxxApache SeaTunnelWeb xxxSetuptools xxx用友NC-complainbilldetail存在xxx用友NC-complainjudge接口存在xxx广联达协同办公管理平台存在xxx

样本情报

样本主题：**98.zipSHA256: 2986a1d0a6b790f55947ea30cdaf8984c564211d74f88479274de7ee5e72ef18MD5: 0eecdff38f90033e2daa0375a4f3eb75C2：47.116.174.168:443分析结论：ELF木马样本主题：**-*****-个人简历及其他材料.rarSHA256: 3e4cc24146d09c316a57a20f801c180182a8836c9806d97d98b72c6438a8e90aMD5: 22069d91664028b0fac358eea3793985C2：175.178.3.223:80分析结论：CobaltStrike木马样本主题：****业务部招聘jd&福利(1).zipSHA256: fc76f0b0d1c84a939a8d6a3684c7f08b3288f91f18c39fb232c6f2b6c3f8297dMD5: ee22812be16b8063fca0679dbe317847相关IP和域名：vangogh.bytedance.com、passport.bytedance.com、learning.bytedance.com、news.163.com、staos.microsoft.com攻击手法：域前置分析结论：CobaltStrike木马样本主题：**** 2024年Q1****后续问题反馈.exeSHA256: e2f2695a52692b639407604b975fcb3c90bead59ec7bbdd032dabdcda68b63d9MD5: fc6aea2d4740c5217eace9b4236d3b4fC2：152.136.166.138:57687恶意软件：152.136.166.138:8085分析结论：CobaltStrike木马样本主题：【****集团有限公司】岗位补贴通知.zipSHA256: e2f2695a52692b639407604b975fcb3c90bead59ec7bbdd032dabdcda68b63d9MD5: fc6aea2d4740c5217eace9b4236d3b4f恶意软件：static-aliyun-docx.oss-cn-hangzhou.aliyuncs.com相关IP和域名：223.111.24.107、121.29.38.230、58.218.215.183、221.178.6.239、180.163.146.91、119.84.72.233、182.242.49.114、elaber.net攻击手法：域前置分析结论：CobaltStrike木马样本主题：关于违规使用远程控制软件的重要通知.eml邮件标题：关于违规使用远程控制软件的重要通知发件人：sh***88@163.com附件SHA256: 3a9b64a61f6373ee427f27726460e7047b21ddcfd1d0d45ee4145192327a0408MD5: c998d9fb9645d06577ccc7f6f057b583附件样本C2：123.207.74.22:11443分析结论：钓鱼邮件，附件为CobaltStrike木马

吃瓜娱乐

ip情报

42.96.32.18959.149.23.19591.92.154.112101.67.50.789.116.32.177101.67.50.28.130.35.13343.128.40.194222.86.107.151120.245.61.93103.131.13.34123.57.180.149142.119.5.74101.67.29.194101.175.183.19360.188.9.109101.67.29.199221.194.163.1860.188.10.205194.182.166.19839.101.205.127120.245.61.8339.173.107.15116.179.37.14551.38.113.200115.59.208.181114.218.59.24052.201.216.14838.207.178.198115.48.144.125154.215.17.16936.112.165.149113.108.88.12149.231.254.146198.235.24.107154.215.17.177213.32.39.3447.107.118.12360.188.9.21060.188.9.69106.52.180.3958.47.40.21131.226.98.5560.188.9.205175.137.37.12660.188.9.20160.188.10.22960.188.9.20346.243.186.7539.149.216.25268.8.120.181103.97.178.15843.226.35.234215.43.204.148114.119.145.4747.96.81.13260.188.10.225223.4.208.204182.86.73.76123.182.42.13977.239.211.114180.143.102.23943.136.20.206183.155.72.218107.174.121.15358.18.88.130117.152.73.155171.88.12.252220.203.28.200221.194.163.144194.163.168.9124.130.104.169134.232.105.76171.41.129.224116.179.32.43116.179.32.41104.28.161.543.138.114.226116.179.32.40122.55.108.3452.91.50.18551.91.79.105134.8.196.84120.138.186.178198.235.24.102221.194.163.15747.97.107.90101.67.50.20221.194.163.154221.194.163.155116.179.32.35122.11.214.59101.67.49.4061.54.27.211217.12.200.158220.181.108.104103.6.151.122101.206.58.101 221.10.155.182 14.205.46.72 120.11.21.91       182.115.77.187       122.190.164.209       111.113.88.246       123.14.119.106      60.211.72.66       101.200.166.219       120.210.205.218       115.55.56.5  河南省-商丘市  115.55.78.139  河南省-驻马店市  115.55.9.118  河南省-商丘市115.56.150.172  河南省-开封市  115.56.159.3  河南省-开封市  115.57.69.16  河南省-郑州市  115.58.122.56  河南省-商丘市  115.58.132.3  河南省-信阳市  115.58.155.28  河南省-信阳市