银狐IOC情报 批次#20260602055023
摘要
银狐恶意软件IOC情报新增: 7个IP, 6个域名, 30个样本, 52个路径。数据时间: 2026-06-01 21:04 UTC
正文
# 银狐恶意软件 IOC 情报(新增) ## 基本信息 - **批次ID**: 20260602055023 - **数据更新时间**: 2026-06-01 21:04:04 UTC - **采集时间**: 2026-06-01 21:50:52 UTC ## 本批次新增统计 | 类型 | 新增数量 | |------|----------| | 恶意IP | 7 | | 恶意域名 | 6 | | 恶意样本 | 30 | | 释放路径 | 52 | ## 新增恶意 IP 地址 | # | IP 地址 | |---|---------| | 1 | `134.122.173.137` | | 2 | `55.33.22.11` | | 3 | `23.249.28.75` | | 4 | `178.16.54.109` | | 5 | `27.18.154.117` | | 6 | `192.238.134.233` | | 7 | `45.192.208.50` | ## 新增恶意域名 | # | 域名 | |---|------| | 1 | `fymomo.bing.hk.cn` | | 2 | `mm.mcpklyd.com` | | 3 | `knjghuig.biz` | | 4 | `cvgrf.biz` | | 5 | `npukfztj.biz` | | 6 | `anpmnmxo.biz` | ## 新增恶意样本哈希 | # | SHA256 | MD5 | SHA1 | |---|--------|-----|------| | 1 | `b8c2703705b500be...aea61a56` | - | - | | 2 | `4526ba009c4191dc...d63130b6` | - | - | | 3 | `c603975b4d51f9f4...82d4375d` | - | - | | 4 | `437ec4416097063f...5f284945` | - | - | | 5 | `bdc424249a3083a0...bc4cf79e` | - | - | | 6 | `e95571665a003304...aaaa4970` | - | - | | 7 | `8892bd310c265fb5...0a299e5f` | - | - | | 8 | `2dba245a9a21007c...876eda3d` | - | - | | 9 | `c86f2748212b93df...78ddad4b` | - | - | | 10 | `3fd3914e5d6cfebc...fbf91f50` | - | - | | 11 | `73535e8eaa653699...a6182825` | - | - | | 12 | `c7735fbf5314b871...d15d0624` | - | - | | 13 | `874c4ceddba78679...650a2173` | - | - | | 14 | `df3f9ad9b1a6a097...2170c177` | - | - | | 15 | `3cf15aab2dd28a83...d475b537` | - | - | | 16 | `1825da7b60e1d96f...5b565726` | - | - | | 17 | `b3e942f4e00f9a49...b448b47f` | - | - | | 18 | `a7ecfe6bf413bf04...a64b1889` | - | - | | 19 | `b2b1a6b580d9b775...2bae1c9d` | - | - | | 20 | `d24dafb66d7555c3...6af2e41e` | - | - | | 21 | `78c22cf3ef232b75...d7e70a98` | - | - | | 22 | `7c30f33aa12108db...0457e5ac` | - | - | | 23 | `40f5d6f7d18f57f4...73f72207` | - | - | | 24 | `336f39b3a3bb1a36...5e7951e3` | - | - | | 25 | `735e6977f4367a89...642110f9` | - | - | | 26 | `d56867554012ff1d...6d598c7b` | - | - | | 27 | `6f8db0a12874364e...bd52012c` | - | - | | 28 | `0f26890f5c424cce...238113fd` | - | - | | 29 | `12b73dfc4b0d557d...ae140695` | - | - | | 30 | `95eecd77b0f32116...b306517d` | - | - | ## 新增释放文件路径 | # | 文件路径 | 文件名 | |---|----------|--------| | 1 | `C:\Users\Administrator\AppData\Local\Temp\winejijn.exe` | `winejijn.exe` | | 2 | `C:\inetpub\lat\R5Mkvimr\is-2Q0VH.tmp` | `is-2Q0VH.tmp` | | 3 | `c:\!!!!WFARQsxyBmNuR .exe` | `!!!!WFARQsxyBmNuR .exe` | | 4 | `C:\Users\Administrator\AppData\Local\Temp\winptxrq.exe` | `winptxrq.exe` | | 5 | `C:\Users\Administrator\AppData\Local\Temp\ceao.exe` | `ceao.exe` | | 6 | `C:\Users\Administrator\AppData\Local\Temp\winficx.exe` | `winficx.exe` | | 7 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\TCPSVCS.EXE` | `TCPSVCS.EXE` | | 8 | `C:\Users\Administrator\AppData\Local\Temp\winupkdn.exe` | `winupkdn.exe` | | 9 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\ndadmin.exe` | `ndadmin.exe` | | 10 | `C:\Users\Administrator\AppData\Local\Temp\winfnjsk.exe` | `winfnjsk.exe` | | 11 | `C:\Users\Administrator\AppData\Local\Temp\winoadm.exe` | `winoadm.exe` | | 12 | `C:\Users\Administrator\AppData\Local\Temp\sjne.exe` | `sjne.exe` | | 13 | `C:\Users\Administrator\AppData\Local\Temp\winuiyvb.exe` | `winuiyvb.exe` | | 14 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\edpnotify.exe` | `edpnotify.exe` | | 15 | `C:\inetpub\lat\R5Mkvimr\is-LKFIC.tmp` | `is-LKFIC.tmp` | | 16 | `C:\Users\Administrator\AppData\Local\Temp\tmp18D0.tmp` | `tmp18D0.tmp` | | 17 | `C:\Users\Administrator\AppData\Local\Temp\winwijufo.exe` | `winwijufo.exe` | | 18 | `C:\Users\Administrator\AppData\Local\Temp\nmln.exe` | `nmln.exe` | | 19 | `C:\Users\Administrator\AppData\Local\Temp\tmp4520.tmp` | `tmp4520.tmp` | | 20 | `C:\Users\Administrator\AppData\Local\Temp\windnymag.exe` | `windnymag.exe` | | 21 | `C:\Users\Administrator\AppData\Local\Temp\nlfer.exe` | `nlfer.exe` | | 22 | `C:\Users\Administrator\AppData\Local\Temp\winjvibk.exe` | `winjvibk.exe` | | 23 | `C:\Users\Administrator\AppData\Local\Temp\1043D946_Rar\@AE90E.tmp.exe` | `@AE90E.tmp.exe` | | 24 | `C:\Users\Administrator\AppData\Local\Temp\winhbppfl.exe` | `winhbppfl.exe` | | 25 | `C:\Users\Administrator\AppData\Local\Temp\ltgenp.exe` | `ltgenp.exe` | | 26 | `C:\Users\Administrator\AppData\Local\Temp\tmpF3E3.tmp` | `tmpF3E3.tmp` | | 27 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\RdpSa.exe` | `RdpSa.exe` | | 28 | `C:\Users\Administrator\AppData\Local\Temp\wingvlu.exe` | `wingvlu.exe` | | 29 | `C:\Users\Administrator\AppData\Local\Temp\winubnbcr.exe` | `winubnbcr.exe` | | 30 | `C:\Users\Administrator\AppData\Local\Temp\cpavc.exe` | `cpavc.exe` | | 31 | `C:\Users\Administrator\AppData\Local\Temp\xvrtsh.exe` | `xvrtsh.exe` | | 32 | `C:\Users\Administrator\AppData\Local\Temp\winmsceu.exe` | `winmsceu.exe` | | 33 | `C:\ProgramData\vaxokt.exe` | `vaxokt.exe` | | 34 | `C:\Users\Administrator\AppData\Local\Temp\winkxmg.exe` | `winkxmg.exe` | | 35 | `C:\Users\Administrator\AppData\Local\Temp\tmp9321.tmp` | `tmp9321.tmp` | | 36 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\systray.exe` | `systray.exe` | | 37 | `D:\Updates.exe` | `Updates.exe` | | 38 | `C:\Users\Administrator\AppData\Local\Temp\1043F3A9_Rar\@AE90E.tmp.exe` | `@AE90E.tmp.exe` | | 39 | `C:\Users\Administrator\AppData\Local\Temp\winsstsi.exe` | `winsstsi.exe` | | 40 | `C:\Users\Administrator\AppData\Local\Temp\winomtjp.exe` | `winomtjp.exe` | | 41 | `C:\Users\Administrator\AppData\Local\Temp\maquu.exe` | `maquu.exe` | | 42 | `C:\Users\Administrator\AppData\Local\Temp\tmp3A0F.tmp` | `tmp3A0F.tmp` | | 43 | `C:\Users\Administrator\AppData\Local\Temp\ghqeso.exe` | `ghqeso.exe` | | 44 | `C:\Users\Public\maB4yS\UxEnhance64.dll` | `UxEnhance64.dll` | | 45 | `C:\Users\Administrator\AppData\Local\Temp\tmp8163.tmp` | `tmp8163.tmp` | | 46 | `C:\ProgramData\wmukuf.exe` | `wmukuf.exe` | | 47 | `C:\Users\Administrator\AppData\Local\Temp\anpq.exe` | `anpq.exe` | | 48 | `C:\Users\Administrator\AppData\Local\Temp\ounjhc.exe` | `ounjhc.exe` | | 49 | `C:\Users\Administrator\AppData\Local\Temp\winolmt.exe` | `winolmt.exe` | | 50 | `C:\Users\Administrator\AppData\Local\Temp\winwcfjii.exe` | `winwcfjii.exe` | | 51 | `C:\Users\Administrator\AppData\Local\Temp\fwxudf.exe` | `fwxudf.exe` | | 52 | `C:\Users\Administrator\AppData\Local\Temp\kpkwat.exe` | `kpkwat.exe` |
标签
- ioc
- ioc:domain
- ioc:filepath
- ioc:hash
- ioc:ip
- silverfox
- threatbook
- threat_intelligence
扩展字段
{
"batch_id": "20260602055023",
"domains": [
{
"value": "fymomo.bing.hk.cn"
},
{
"value": "mm.mcpklyd.com"
},
{
"value": "knjghuig.biz"
},
{
"value": "cvgrf.biz"
},
{
"value": "npukfztj.biz"
},
{
"value": "anpmnmxo.biz"
}
],
"file_paths": [
{
"file_name": "winejijn.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winejijn.exe"
},
{
"file_name": "is-2Q0VH.tmp",
"path": "C:\\inetpub\\lat\\R5Mkvimr\\is-2Q0VH.tmp"
},
{
"file_name": "!!!!WFARQsxyBmNuR .exe",
"path": "c:\\!!!!WFARQsxyBmNuR .exe"
},
{
"file_name": "winptxrq.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winptxrq.exe"
},
{
"file_name": "ceao.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ceao.exe"
},
{
"file_name": "winficx.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winficx.exe"
},
{
"file_name": "TCPSVCS.EXE",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\TCPSVCS.EXE"
},
{
"file_name": "winupkdn.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winupkdn.exe"
},
{
"file_name": "ndadmin.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\ndadmin.exe"
},
{
"file_name": "winfnjsk.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winfnjsk.exe"
},
{
"file_name": "winoadm.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winoadm.exe"
},
{
"file_name": "sjne.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\sjne.exe"
},
{
"file_name": "winuiyvb.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winuiyvb.exe"
},
{
"file_name": "edpnotify.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\edpnotify.exe"
},
{
"file_name": "is-LKFIC.tmp",
"path": "C:\\inetpub\\lat\\R5Mkvimr\\is-LKFIC.tmp"
},
{
"file_name": "tmp18D0.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp18D0.tmp"
},
{
"file_name": "winwijufo.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winwijufo.exe"
},
{
"file_name": "nmln.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\nmln.exe"
},
{
"file_name": "tmp4520.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp4520.tmp"
},
{
"file_name": "windnymag.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\windnymag.exe"
},
{
"file_name": "nlfer.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\nlfer.exe"
},
{
"file_name": "winjvibk.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winjvibk.exe"
},
{
"file_name": "@AE90E.tmp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\1043D946_Rar\\@AE90E.tmp.exe"
},
{
"file_name": "winhbppfl.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winhbppfl.exe"
},
{
"file_name": "ltgenp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ltgenp.exe"
},
{
"file_name": "tmpF3E3.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmpF3E3.tmp"
},
{
"file_name": "RdpSa.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\RdpSa.exe"
},
{
"file_name": "wingvlu.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\wingvlu.exe"
},
{
"file_name": "winubnbcr.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winubnbcr.exe"
},
{
"file_name": "cpavc.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\cpavc.exe"
},
{
"file_name": "xvrtsh.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\xvrtsh.exe"
},
{
"file_name": "winmsceu.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winmsceu.exe"
},
{
"file_name": "vaxokt.exe",
"path": "C:\\ProgramData\\vaxokt.exe"
},
{
"file_name": "winkxmg.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winkxmg.exe"
},
{
"file_name": "tmp9321.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp9321.tmp"
},
{
"file_name": "systray.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\systray.exe"
},
{
"file_name": "Updates.exe",
"path": "D:\\Updates.exe"
},
{
"file_name": "@AE90E.tmp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\1043F3A9_Rar\\@AE90E.tmp.exe"
},
{
"file_name": "winsstsi.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winsstsi.exe"
},
{
"file_name": "winomtjp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winomtjp.exe"
},
{
"file_name": "maquu.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\maquu.exe"
},
{
"file_name": "tmp3A0F.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp3A0F.tmp"
},
{
"file_name": "ghqeso.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ghqeso.exe"
},
{
"file_name": "UxEnhance64.dll",
"path": "C:\\Users\\Public\\maB4yS\\UxEnhance64.dll"
},
{
"file_name": "tmp8163.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp8163.tmp"
},
{
"file_name": "wmukuf.exe",
"path": "C:\\ProgramData\\wmukuf.exe"
},
{
"file_name": "anpq.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\anpq.exe"
},
{
"file_name": "ounjhc.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ounjhc.exe"
},
{
"file_name": "winolmt.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winolmt.exe"
},
{
"file_name": "winwcfjii.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winwcfjii.exe"
},
{
"file_name": "fwxudf.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\fwxudf.exe"
},
{
"file_name": "kpkwat.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\kpkwat.exe"
}
],
"hashes": [
{
"md5": null,
"sha1": null,
"sha256": "b8c2703705b500befaedc4901b5be23474cbca7940624ab8512419d4aea61a56"
},
{
"md5": null,
"sha1": null,
"sha256": "4526ba009c4191dc724276b4c4293551e2a6865db6bf2e1e01e497f0d63130b6"
},
{
"md5": null,
"sha1": null,
"sha256": "c603975b4d51f9f44b4037a3137d3e4cb5fffda9b0366be59c625bcd82d4375d"
},
{
"md5": null,
"sha1": null,
"sha256": "437ec4416097063fc910d8b21dbfb0a74d160a62cc70b6540c46cc995f284945"
},
{
"md5": null,
"sha1": null,
"sha256": "bdc424249a3083a067ed729360faf2aac79663078cdcb1a843c336e0bc4cf79e"
},
{
"md5": null,
"sha1": null,
"sha256": "e95571665a003304909c571fbb3340e7a9163aea187b826468d46d39aaaa4970"
},
{
"md5": null,
"sha1": null,
"sha256": "8892bd310c265fb59a1d4e747e57001960ee9ecc504b8520d549a3d50a299e5f"
},
{
"md5": null,
"sha1": null,
"sha256": "2dba245a9a21007cd461f08461cdf9f479e051b9b486e689181af97e876eda3d"
},
{
"md5": null,
"sha1": null,
"sha256": "c86f2748212b93df1edec203994e2438e57ceab379925b0c1c74135c78ddad4b"
},
{
"md5": null,
"sha1": null,
"sha256": "3fd3914e5d6cfebc3b4436600b767b064dd5c15d4934c3501d993d9afbf91f50"
},
{
"md5": null,
"sha1": null,
"sha256": "73535e8eaa6536992510713a1530a72b6503a6da6ad5ebe432803a11a6182825"
},
{
"md5": null,
"sha1": null,
"sha256": "c7735fbf5314b871e634fd2b5382360c342e55eddc86b5d25191de10d15d0624"
},
{
"md5": null,
"sha1": null,
"sha256": "874c4ceddba78679f018869fdd33281496da300552a287dd119dec32650a2173"
},
{
"md5": null,
"sha1": null,
"sha256": "df3f9ad9b1a6a097f11dd986a686485ebab422e68eee2265107822692170c177"
},
{
"md5": null,
"sha1": null,
"sha256": "3cf15aab2dd28a83edb36596553354447884c374f6402176a67b948bd475b537"
},
{
"md5": null,
"sha1": null,
"sha256": "1825da7b60e1d96fe3fef2fa6cec79849dce98e4c12a3aa04b88a3f65b565726"
},
{
"md5": null,
"sha1": null,
"sha256": "b3e942f4e00f9a492617ff1367b82f6200d38a133bd36946d62d576bb448b47f"
},
{
"md5": null,
"sha1": null,
"sha256": "a7ecfe6bf413bf043ebfb2817f439b11e7f8e1e5a7df9fb3b4633ebea64b1889"
},
{
"md5": null,
"sha1": null,
"sha256": "b2b1a6b580d9b775c2c8c075b3e9c9e437ba64c13e65214548f076882bae1c9d"
},
{
"md5": null,
"sha1": null,
"sha256": "d24dafb66d7555c36dd565cb51d6dbdc30cc082fc0de83fad7def1cb6af2e41e"
},
{
"md5": null,
"sha1": null,
"sha256": "78c22cf3ef232b75d10304c1b493eda1ce804041d3009e742900e094d7e70a98"
},
{
"md5": null,
"sha1": null,
"sha256": "7c30f33aa12108db23c3fcaf0836b355f53b560728dc8bd6a719fe7a0457e5ac"
},
{
"md5": null,
"sha1": null,
"sha256": "40f5d6f7d18f57f44148361fe40b630f51728089948c98e8a668ced473f72207"
},
{
"md5": null,
"sha1": null,
"sha256": "336f39b3a3bb1a36259c994496e826b28df862b949e74241dfe77bc65e7951e3"
},
{
"md5": null,
"sha1": null,
"sha256": "735e6977f4367a8917b38307d43bc37c22e49e9f30568259f1f1ef98642110f9"
},
{
"md5": null,
"sha1": null,
"sha256": "d56867554012ff1dbff99de2d1646f006db083396179f5128152eda36d598c7b"
},
{
"md5": null,
"sha1": null,
"sha256": "6f8db0a12874364e1d3998f480119f02ab9e44cb903774ee128d69ebbd52012c"
},
{
"md5": null,
"sha1": null,
"sha256": "0f26890f5c424cced0f3d83e7b93416451be6b7c281b214665956866238113fd"
},
{
"md5": null,
"sha1": null,
"sha256": "12b73dfc4b0d557dc3b9097734792a851fc1fccd2c33b50a8384ad6cae140695"
},
{
"md5": null,
"sha1": null,
"sha256": "95eecd77b0f32116fcdd6d1b544abf112620072847491c5cd4e2ec22b306517d"
}
],
"ips": [
{
"value": "134.122.173.137"
},
{
"value": "55.33.22.11"
},
{
"value": "23.249.28.75"
},
{
"value": "178.16.54.109"
},
{
"value": "27.18.154.117"
},
{
"value": "192.238.134.233"
},
{
"value": "45.192.208.50"
}
],
"stats": {
"new_domains": 6,
"new_file_paths": 52,
"new_hashes": 30,
"new_ips": 7,
"total_new": 95
},
"update_time": "2026-06-01T21:04:04.767000+00:00",
"update_time_ms": 1780347844767
}