银狐IOC情报 批次#20260603055021
摘要
银狐恶意软件IOC情报新增: 6个IP, 2个域名, 30个样本, 43个路径。数据时间: 2026-06-02 21:02 UTC
正文
# 银狐恶意软件 IOC 情报(新增) ## 基本信息 - **批次ID**: 20260603055021 - **数据更新时间**: 2026-06-02 21:02:24 UTC - **采集时间**: 2026-06-02 21:50:50 UTC ## 本批次新增统计 | 类型 | 新增数量 | |------|----------| | 恶意IP | 6 | | 恶意域名 | 2 | | 恶意样本 | 30 | | 释放路径 | 43 | ## 新增恶意 IP 地址 | # | IP 地址 | |---|---------| | 1 | `134.122.133.45` | | 2 | `192.252.181.96` | | 3 | `47.237.105.38` | | 4 | `13.208.73.208` | | 5 | `137.220.136.168` | | 6 | `15.197.64.127` | ## 新增恶意域名 | # | 域名 | |---|------| | 1 | `symptomatic.quest` | | 2 | `www.damaix9k.com` | ## 新增恶意样本哈希 | # | SHA256 | MD5 | SHA1 | |---|--------|-----|------| | 1 | `f5411986560250d7...a5029f9e` | - | - | | 2 | `0941b796ea1bfef2...3f02639a` | - | - | | 3 | `3a9359929f8c225f...5244c845` | - | - | | 4 | `79cfaff8ff943e59...bc523001` | - | - | | 5 | `cf841c30e471306a...4c01080a` | - | - | | 6 | `c8ae3144de29b71c...424a8e0d` | - | - | | 7 | `ce09a69d7e3d462a...e63ce22d` | - | - | | 8 | `455a750612c4680a...8a16ff7c` | - | - | | 9 | `30beb3ce6f17996c...dbc1bc25` | - | - | | 10 | `2ce126b25566e2ed...af676a87` | - | - | | 11 | `a162a88a02b23fb6...f602f8d2` | - | - | | 12 | `818302490ea19ac1...12119bfc` | - | - | | 13 | `8aa9fe0f14b784e9...945ba123` | - | - | | 14 | `06479469f25d5ebc...8a49b1d0` | - | - | | 15 | `f3ecb8700cd569d2...dd9d5434` | - | - | | 16 | `f3f4ede47345d8f2...6a50c6bf` | - | - | | 17 | `59aeafdbf225765b...bab859b9` | - | - | | 18 | `7027909a9e99369c...b31305e0` | - | - | | 19 | `75ff62d9b0c59b7f...d46f6622` | - | - | | 20 | `cc5c9e2d64b38761...89a4188f` | - | - | | 21 | `decef02315a40ae4...eb0ab892` | - | - | | 22 | `265faade8840dffe...58c21fb9` | - | - | | 23 | `770280d3daf38683...56b33b0d` | - | - | | 24 | `c2b08cb224c9d57d...080001be` | - | - | | 25 | `349174b1b0f6bef6...affd0e2f` | - | - | | 26 | `446c51d0e726cdac...3c861d0d` | - | - | | 27 | `ff4cd3eb4864451c...0f7c4674` | - | - | | 28 | `f2dd795bb569f1a7...68082a81` | - | - | | 29 | `a307878d76b89a50...369cd109` | - | - | | 30 | `76efcbef184a5667...61d1190a` | - | - | ## 新增释放文件路径 | # | 文件路径 | 文件名 | |---|----------|--------| | 1 | `c:\users\administrator\appdata\local\temp\e903.tmp` | `e903.tmp` | | 2 | `C:\Users\Administrator\AppData\Local\Temp\uwrfoe.exe` | `uwrfoe.exe` | | 3 | `C:\dell\Q8Y0Ta\e3SvQ4\fR9XsY\JP2KD\is-TE1DR.tmp` | `is-TE1DR.tmp` | | 4 | `C:\Users\Administrator\AppData\Local\Temp\wingktrg.exe` | `wingktrg.exe` | | 5 | `C:\Users\Administrator\AppData\Local\Temp\flnuwe.exe` | `flnuwe.exe` | | 6 | `C:\Users\Administrator\AppData\Local\Temp\pvqd.exe` | `pvqd.exe` | | 7 | `C:\Users\Administrator\AppData\Local\Temp\qmjvs.exe` | `qmjvs.exe` | | 8 | `C:\Users\Administrator\AppData\Local\Temp\winummata.exe` | `winummata.exe` | | 9 | `C:\msys64\dASQ\77Ka\JCUasO\is-Q4QG8.tmp` | `is-Q4QG8.tmp` | | 10 | `C:\Program Files (x86)\Microsoft\WaterMark.exe` | `WaterMark.exe` | | 11 | `C:\Users\Administrator\AppData\Local\Temp\tmp2D72.tmp` | `tmp2D72.tmp` | | 12 | `C:\Users\Administrator\AppData\Local\Temp\windbtgp.exe` | `windbtgp.exe` | | 13 | `C:\ProgramData\oemhr.exe` | `oemhr.exe` | | 14 | `C:\Users\Administrator\AppData\Local\Temp\winqymwq.exe` | `winqymwq.exe` | | 15 | `C:\Users\Administrator\AppData\Local\Temp\xrey.exe` | `xrey.exe` | | 16 | `C:\Users\Administrator\AppData\Local\Temp\ogndi.exe` | `ogndi.exe` | | 17 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\MuiUnattend.exe` | `MuiUnattend.exe` | | 18 | `C:\Users\Administrator\Documents\Adobe\Google\Internet Explorer.exe` | `Internet Explorer.exe` | | 19 | `C:\Users\Administrator\AppData\Local\Temp\tmp88B6.tmp` | `tmp88B6.tmp` | | 20 | `C:\Windows\winhelp.ini` | `winhelp.ini` | | 21 | `c:\!!!!zjlBUpmwKM .exe` | `!!!!zjlBUpmwKM .exe` | | 22 | `C:\ProgramData\uewfsh.exe` | `uewfsh.exe` | | 23 | `C:\Users\Public\Documents\VGHyOkUQKnOBFio.zip` | `VGHyOkUQKnOBFio.zip` | | 24 | `C:\Users\Administrator\AppData\Local\Temp\winqwwqu.exe` | `winqwwqu.exe` | | 25 | `C:\Users\Administrator\AppData\Local\Temp\winjatm.exe` | `winjatm.exe` | | 26 | `C:\Users\Administrator\AppData\Local\Temp\winpgmoa.exe` | `winpgmoa.exe` | | 27 | `C:\Users\Administrator\AppData\Local\Temp\tmp23FC.tmp` | `tmp23FC.tmp` | | 28 | `C:\dell\Q8Y0Ta\e3SvQ4\fR9XsY\JP2KD\is-JAJ48.tmp` | `is-JAJ48.tmp` | | 29 | `c:\!!!!yfrgTc .exe` | `!!!!yfrgTc .exe` | | 30 | `C:\Users\Administrator\AppData\Local\Temp\winrbuy.exe` | `winrbuy.exe` | | 31 | `C:\Users\Administrator\AppData\Local\Temp\winqqfj.exe` | `winqqfj.exe` | | 32 | `C:\ProgramData\r962aG\VC_radist.x64.exe` | `VC_radist.x64.exe` | | 33 | `C:\Users\Administrator\AppData\Local\Temp\winrtfma.exe` | `winrtfma.exe` | | 34 | `C:\Users\Administrator\AppData\Local\Temp\hsioal.exe` | `hsioal.exe` | | 35 | `C:\Users\Administrator\AppData\Roaming\Ground.exe` | `Ground.exe` | | 36 | `C:\Users\Administrator\AppData\Local\Temp\nrmsun.exe` | `nrmsun.exe` | | 37 | `C:\Users\Administrator\AppData\Local\Temp\wintdwwlo.exe` | `wintdwwlo.exe` | | 38 | `C:\Users\Administrator\AppData\Local\Temp\windclv.exe` | `windclv.exe` | | 39 | `C:\ProgramData\JkW31Cc0\SxETCQ\is-65V33.tmp` | `is-65V33.tmp` | | 40 | `C:\Users\Administrator\AppData\Roaming\is-G74AJG4PJN.tmp` | `is-G74AJG4PJN.tmp` | | 41 | `C:\Users\Administrator\AppData\Local\Temp\supcu.exe` | `supcu.exe` | | 42 | `C:\Windows\Installer\ea7773e.msi` | `ea7773e.msi` | | 43 | `C:\Users\Administrator\AppData\Local\Temp\winorut.exe` | `winorut.exe` |
标签
- ioc
- ioc:domain
- ioc:filepath
- ioc:hash
- ioc:ip
- silverfox
- threatbook
- threat_intelligence
扩展字段
{
"batch_id": "20260603055021",
"domains": [
{
"value": "symptomatic.quest"
},
{
"value": "www.damaix9k.com"
}
],
"file_paths": [
{
"file_name": "e903.tmp",
"path": "c:\\users\\administrator\\appdata\\local\\temp\\e903.tmp"
},
{
"file_name": "uwrfoe.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\uwrfoe.exe"
},
{
"file_name": "is-TE1DR.tmp",
"path": "C:\\dell\\Q8Y0Ta\\e3SvQ4\\fR9XsY\\JP2KD\\is-TE1DR.tmp"
},
{
"file_name": "wingktrg.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\wingktrg.exe"
},
{
"file_name": "flnuwe.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\flnuwe.exe"
},
{
"file_name": "pvqd.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\pvqd.exe"
},
{
"file_name": "qmjvs.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\qmjvs.exe"
},
{
"file_name": "winummata.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winummata.exe"
},
{
"file_name": "is-Q4QG8.tmp",
"path": "C:\\msys64\\dASQ\\77Ka\\JCUasO\\is-Q4QG8.tmp"
},
{
"file_name": "WaterMark.exe",
"path": "C:\\Program Files (x86)\\Microsoft\\WaterMark.exe"
},
{
"file_name": "tmp2D72.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp2D72.tmp"
},
{
"file_name": "windbtgp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\windbtgp.exe"
},
{
"file_name": "oemhr.exe",
"path": "C:\\ProgramData\\oemhr.exe"
},
{
"file_name": "winqymwq.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winqymwq.exe"
},
{
"file_name": "xrey.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\xrey.exe"
},
{
"file_name": "ogndi.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ogndi.exe"
},
{
"file_name": "MuiUnattend.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\MuiUnattend.exe"
},
{
"file_name": "Internet Explorer.exe",
"path": "C:\\Users\\Administrator\\Documents\\Adobe\\Google\\Internet Explorer.exe"
},
{
"file_name": "tmp88B6.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp88B6.tmp"
},
{
"file_name": "winhelp.ini",
"path": "C:\\Windows\\winhelp.ini"
},
{
"file_name": "!!!!zjlBUpmwKM .exe",
"path": "c:\\!!!!zjlBUpmwKM .exe"
},
{
"file_name": "uewfsh.exe",
"path": "C:\\ProgramData\\uewfsh.exe"
},
{
"file_name": "VGHyOkUQKnOBFio.zip",
"path": "C:\\Users\\Public\\Documents\\VGHyOkUQKnOBFio.zip"
},
{
"file_name": "winqwwqu.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winqwwqu.exe"
},
{
"file_name": "winjatm.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winjatm.exe"
},
{
"file_name": "winpgmoa.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winpgmoa.exe"
},
{
"file_name": "tmp23FC.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp23FC.tmp"
},
{
"file_name": "is-JAJ48.tmp",
"path": "C:\\dell\\Q8Y0Ta\\e3SvQ4\\fR9XsY\\JP2KD\\is-JAJ48.tmp"
},
{
"file_name": "!!!!yfrgTc .exe",
"path": "c:\\!!!!yfrgTc .exe"
},
{
"file_name": "winrbuy.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winrbuy.exe"
},
{
"file_name": "winqqfj.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winqqfj.exe"
},
{
"file_name": "VC_radist.x64.exe",
"path": "C:\\ProgramData\\r962aG\\VC_radist.x64.exe"
},
{
"file_name": "winrtfma.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winrtfma.exe"
},
{
"file_name": "hsioal.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\hsioal.exe"
},
{
"file_name": "Ground.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Ground.exe"
},
{
"file_name": "nrmsun.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\nrmsun.exe"
},
{
"file_name": "wintdwwlo.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\wintdwwlo.exe"
},
{
"file_name": "windclv.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\windclv.exe"
},
{
"file_name": "is-65V33.tmp",
"path": "C:\\ProgramData\\JkW31Cc0\\SxETCQ\\is-65V33.tmp"
},
{
"file_name": "is-G74AJG4PJN.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\is-G74AJG4PJN.tmp"
},
{
"file_name": "supcu.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\supcu.exe"
},
{
"file_name": "ea7773e.msi",
"path": "C:\\Windows\\Installer\\ea7773e.msi"
},
{
"file_name": "winorut.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winorut.exe"
}
],
"hashes": [
{
"md5": null,
"sha1": null,
"sha256": "f5411986560250d7a797b5cf9d56f0b44b767d9c376ff01f3cde6678a5029f9e"
},
{
"md5": null,
"sha1": null,
"sha256": "0941b796ea1bfef20161abbab36655973e8cd81084caccd30eca39503f02639a"
},
{
"md5": null,
"sha1": null,
"sha256": "3a9359929f8c225fbb8f5874108621424e7f4d6c2216ca70413c402c5244c845"
},
{
"md5": null,
"sha1": null,
"sha256": "79cfaff8ff943e595e4d80fdd28462c4742afa101d5d901936c0ea28bc523001"
},
{
"md5": null,
"sha1": null,
"sha256": "cf841c30e471306addff5a14d61eaa194cb4d4fd5ba8ffb0cafef41b4c01080a"
},
{
"md5": null,
"sha1": null,
"sha256": "c8ae3144de29b71cb14c9d5fae6c44d6c8812f384bf1ec8d511d1287424a8e0d"
},
{
"md5": null,
"sha1": null,
"sha256": "ce09a69d7e3d462af45b5c96a58213dddb0f3e19c85c33f4d0594a1fe63ce22d"
},
{
"md5": null,
"sha1": null,
"sha256": "455a750612c4680a7421182b29414cbf3193dbee9f4f3fb5fd918db28a16ff7c"
},
{
"md5": null,
"sha1": null,
"sha256": "30beb3ce6f17996c95f3ccdaec6fa78131d0c24b4ddf918393567d1adbc1bc25"
},
{
"md5": null,
"sha1": null,
"sha256": "2ce126b25566e2ed42bf8084310c03c6acb12b7dc02fffea09976e05af676a87"
},
{
"md5": null,
"sha1": null,
"sha256": "a162a88a02b23fb69839faebe916b4fab8d106052313957d5301e74af602f8d2"
},
{
"md5": null,
"sha1": null,
"sha256": "818302490ea19ac1f82b272ee1785eeea4c0fe41aeece16b6de7fee012119bfc"
},
{
"md5": null,
"sha1": null,
"sha256": "8aa9fe0f14b784e943105d979801103174fb989c28cb4fcf5d92e093945ba123"
},
{
"md5": null,
"sha1": null,
"sha256": "06479469f25d5ebcf31ad8f52ec18621f5d1321cdbbd93066a01ba108a49b1d0"
},
{
"md5": null,
"sha1": null,
"sha256": "f3ecb8700cd569d2102a2502c1395f5246ddb063ee81987dba0c3a5fdd9d5434"
},
{
"md5": null,
"sha1": null,
"sha256": "f3f4ede47345d8f2ab60f8749905c52689629b2cf058dda9d0f5ea346a50c6bf"
},
{
"md5": null,
"sha1": null,
"sha256": "59aeafdbf225765bab3260666c176f7458e18fc62ff98016c4adcc67bab859b9"
},
{
"md5": null,
"sha1": null,
"sha256": "7027909a9e99369cc5178457919a71a9ec1f6b04c9c0b6ff04309ad0b31305e0"
},
{
"md5": null,
"sha1": null,
"sha256": "75ff62d9b0c59b7fef99b5125a4b3aaf95f63303d73f9665e6beec53d46f6622"
},
{
"md5": null,
"sha1": null,
"sha256": "cc5c9e2d64b3876101b0fcf39b9fd384b83c4d763f61455164b98d8589a4188f"
},
{
"md5": null,
"sha1": null,
"sha256": "decef02315a40ae4803ad0cd7fa5f4b643a9d6e41fa4d0a94ecf773eeb0ab892"
},
{
"md5": null,
"sha1": null,
"sha256": "265faade8840dffe414ff177391f1312e6a0090fa25092c0ffb141f958c21fb9"
},
{
"md5": null,
"sha1": null,
"sha256": "770280d3daf386839e54fd208b732d5f494c0af18b20d3b72fa70bf756b33b0d"
},
{
"md5": null,
"sha1": null,
"sha256": "c2b08cb224c9d57d6d0a1433489b75190d3e4e909a2aea65bab6b73b080001be"
},
{
"md5": null,
"sha1": null,
"sha256": "349174b1b0f6bef631b0d6998323b9803dcfc3cff3d79607ad546590affd0e2f"
},
{
"md5": null,
"sha1": null,
"sha256": "446c51d0e726cdacbe1c6885a69a614cf5374d0d6d6680c59284a8943c861d0d"
},
{
"md5": null,
"sha1": null,
"sha256": "ff4cd3eb4864451cd6aacc3c23dd171b9bd9192ecfec24b332f48fb40f7c4674"
},
{
"md5": null,
"sha1": null,
"sha256": "f2dd795bb569f1a7948c7d743a718cbd4840cda665d186151347f81768082a81"
},
{
"md5": null,
"sha1": null,
"sha256": "a307878d76b89a504c04efe8e13f3f17bf599f3285fd81dd1d94461d369cd109"
},
{
"md5": null,
"sha1": null,
"sha256": "76efcbef184a56676ceafdad77927185f7319fda8155e7e4699b7dac61d1190a"
}
],
"ips": [
{
"value": "134.122.133.45"
},
{
"value": "192.252.181.96"
},
{
"value": "47.237.105.38"
},
{
"value": "13.208.73.208"
},
{
"value": "137.220.136.168"
},
{
"value": "15.197.64.127"
}
],
"stats": {
"new_domains": 2,
"new_file_paths": 43,
"new_hashes": 30,
"new_ips": 6,
"total_new": 81
},
"update_time": "2026-06-02T21:02:24.951000+00:00",
"update_time_ms": 1780434144951
}