银狐IOC情报 批次#20260604055025
摘要
银狐恶意软件IOC情报新增: 5个IP, 3个域名, 30个样本, 47个路径。数据时间: 2026-06-03 21:03 UTC
正文
# 银狐恶意软件 IOC 情报(新增) ## 基本信息 - **批次ID**: 20260604055025 - **数据更新时间**: 2026-06-03 21:03:27 UTC - **采集时间**: 2026-06-03 21:50:54 UTC ## 本批次新增统计 | 类型 | 新增数量 | |------|----------| | 恶意IP | 5 | | 恶意域名 | 3 | | 恶意样本 | 30 | | 释放路径 | 47 | ## 新增恶意 IP 地址 | # | IP 地址 | |---|---------| | 1 | `185.203.39.134` | | 2 | `43.99.56.192` | | 3 | `31.57.65.118` | | 4 | `8.218.252.45` | | 5 | `27.124.44.140` | ## 新增恶意域名 | # | 域名 | |---|------| | 1 | `qweaap.icu` | | 2 | `yvhphtmdwvmt.net` | | 3 | `recdataoneveter.cc` | ## 新增恶意样本哈希 | # | SHA256 | MD5 | SHA1 | |---|--------|-----|------| | 1 | `40937a89dfdee3eb...d94732f4` | - | - | | 2 | `3ae3e15b8b55f83d...920ed98a` | - | - | | 3 | `01e3eae81b157722...e53982b4` | - | - | | 4 | `6ba9494d37a814e0...b0cac417` | - | - | | 5 | `79613f5ea0dc406c...00a6cf5e` | - | - | | 6 | `be57b064edeb18b2...3d83214a` | - | - | | 7 | `8e9434ed8e0f08ad...e9e6cd21` | - | - | | 8 | `d56990f71a46b4de...6323c130` | - | - | | 9 | `36e089d04f566b86...6af073fc` | - | - | | 10 | `fcd848e99670cef7...f6b08dda` | - | - | | 11 | `3da5d2be709886e9...679143b9` | - | - | | 12 | `487b05cf51dbb11c...744a8115` | - | - | | 13 | `750c76d801281c81...f642f117` | - | - | | 14 | `e5c5873347fc6bcd...64626651` | - | - | | 15 | `660a5494cc6232d4...f392c130` | - | - | | 16 | `b6c470dfefa5b2a7...53e9d316` | - | - | | 17 | `490f027c658e0609...cf3dfd27` | - | - | | 18 | `dbcfdf7a243f0f33...2a0d9209` | - | - | | 19 | `0541980d6dce0bc0...f982f61f` | - | - | | 20 | `f8e250362ada375f...1bdfb90a` | - | - | | 21 | `e3cb70f83edd2904...ac662a3a` | - | - | | 22 | `565c8d1496ecf75c...1a956266` | - | - | | 23 | `ba46f420a51c21ce...01b24050` | - | - | | 24 | `833d78df4af2c9c0...79b2ac02` | - | - | | 25 | `b2970a91be73b144...bbd7fc97` | - | - | | 26 | `75626543dcce6a38...114035c6` | - | - | | 27 | `3606c7f375a4fe67...a53a7a85` | - | - | | 28 | `b112d6d2fa2f3330...67c4734f` | - | - | | 29 | `3abc086320a3a0f7...e70b760d` | - | - | | 30 | `cab58605080deda1...3b7b2b6d` | - | - | ## 新增释放文件路径 | # | 文件路径 | 文件名 | |---|----------|--------| | 1 | `C:\Users\Administrator\AppData\Roaming\Paint.exe` | `Paint.exe` | | 2 | `C:\Users\Administrator\AppData\Local\Temp\winieehi.exe` | `winieehi.exe` | | 3 | `C:\Users\Administrator\AppData\Local\Temp\tmp2AAE.tmp` | `tmp2AAE.tmp` | | 4 | `C:\Users\Administrator\AppData\Local\Temp\owxyw.exe` | `owxyw.exe` | | 5 | `C:\Users\Administrator\AppData\Local\Temp\winuhadvh.exe` | `winuhadvh.exe` | | 6 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\wecutil.exe` | `wecutil.exe` | | 7 | `C:\Users\Administrator\AppData\Local\Temp\oloxym.exe` | `oloxym.exe` | | 8 | `C:\Users\Administrator\AppData\Local\Temp\tmp1E1B.tmp` | `tmp1E1B.tmp` | | 9 | `C:\Users\Administrator\AppData\Local\Temp\winlawm.exe` | `winlawm.exe` | | 10 | `C:\Users\Administrator\AppData\Local\Temp\winsoel.exe` | `winsoel.exe` | | 11 | `C:\Users\Administrator\AppData\Local\Temp\winqtnoo.exe` | `winqtnoo.exe` | | 12 | `C:\Users\Administrator\AppData\Local\Temp\xtbmpv.exe` | `xtbmpv.exe` | | 13 | `C:\Users\Administrator\AppData\Local\Temp\wintdls.exe` | `wintdls.exe` | | 14 | `C:\Users\Administrator\AppData\Local\Temp\winsgxrp.exe` | `winsgxrp.exe` | | 15 | `C:\Users\Administrator\AppData\Local\Temp\tmp66D.tmp` | `tmp66D.tmp` | | 16 | `C:\Users\Administrator\AppData\Local\Temp\winlejtp.exe` | `winlejtp.exe` | | 17 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\net.exe` | `net.exe` | | 18 | `C:\Users\Administrator\AppData\Local\Temp\tmp4B94.tmp` | `tmp4B94.tmp` | | 19 | `C:\Users\Administrator\AppData\Local\Temp\rnckrn.exe` | `rnckrn.exe` | | 20 | `C:\Users\Administrator\AppData\Local\Temp\rinv.exe` | `rinv.exe` | | 21 | `C:\Users\Admin\AppData\Local\Microsoft\Windows\UPPS\icsvcext.dll` | `icsvcext.dll` | | 22 | `C:\Users\Administrator\AppData\Local\Temp\tmp7340.tmp` | `tmp7340.tmp` | | 23 | `C:\Users\Administrator\AppData\Local\Temp\winwulid.exe` | `winwulid.exe` | | 24 | `C:\Users\Administrator\AppData\Local\Temp\tmp58E2.tmp` | `tmp58E2.tmp` | | 25 | `C:\Users\Administrator\AppData\Local\Temp\oulg.exe` | `oulg.exe` | | 26 | `C:\Users\Administrator\AppData\Local\Temp\bqtwdr.exe` | `bqtwdr.exe` | | 27 | `C:\Users\Administrator\AppData\Local\Temp\winknlh.exe` | `winknlh.exe` | | 28 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\typeperf.exe` | `typeperf.exe` | | 29 | `C:\Users\Administrator\AppData\Local\Temp\tmp74F5.tmp` | `tmp74F5.tmp` | | 30 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\verclsid.exe` | `verclsid.exe` | | 31 | `C:\Users\Administrator\AppData\Local\Temp\tmpE24B.tmp` | `tmpE24B.tmp` | | 32 | `C:\Users\Administrator\AppData\Local\Temp\winaqcg.exe` | `winaqcg.exe` | | 33 | `C:\Users\Administrator\AppData\Local\Temp\winswqa.exe` | `winswqa.exe` | | 34 | `C:\Users\Administrator\AppData\Local\Temp\winnqmpnh.exe` | `winnqmpnh.exe` | | 35 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\InputSwitchToastHandler.exe` | `InputSwitchToastHandler.exe` | | 36 | `C:\Users\Administrator\AppData\Local\Temp\winsrlyxi.exe` | `winsrlyxi.exe` | | 37 | `C:\Users\Administrator\AppData\Local\Temp\XYZABCDE\3kkeqsn1j18w.tmp` | `3kkeqsn1j18w.tmp` | | 38 | `C:\Users\Administrator\AppData\Local\Temp\winrcuhc.exe` | `winrcuhc.exe` | | 39 | `C:\Users\Administrator\AppData\Local\Temp\winxqtdbj.exe` | `winxqtdbj.exe` | | 40 | `C:\Users\Administrator\AppData\Local\Temp\winnbmly.exe` | `winnbmly.exe` | | 41 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\netsh.exe` | `netsh.exe` | | 42 | `C:\Users\Administrator\AppData\Local\Temp\aspb.exe` | `aspb.exe` | | 43 | `C:\Users\Administrator\AppData\Local\Temp\winvskqc.exe` | `winvskqc.exe` | | 44 | `C:\Program Files (x86)\Microsoft\DesktopLayer.exe` | `DesktopLayer.exe` | | 45 | `C:\Users\Administrator\AppData\Local\Temp\tmp4BE2.tmp` | `tmp4BE2.tmp` | | 46 | `C:\ProgramData\Manten\Combo_52729650.exe` | `Combo_52729650.exe` | | 47 | `C:\Users\Administrator\AppData\Local\Temp\winwosv.exe` | `winwosv.exe` |
标签
- ioc
- ioc:domain
- ioc:filepath
- ioc:hash
- ioc:ip
- silverfox
- threatbook
- threat_intelligence
扩展字段
{
"batch_id": "20260604055025",
"domains": [
{
"value": "qweaap.icu"
},
{
"value": "yvhphtmdwvmt.net"
},
{
"value": "recdataoneveter.cc"
}
],
"file_paths": [
{
"file_name": "Paint.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Paint.exe"
},
{
"file_name": "winieehi.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winieehi.exe"
},
{
"file_name": "tmp2AAE.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp2AAE.tmp"
},
{
"file_name": "owxyw.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\owxyw.exe"
},
{
"file_name": "winuhadvh.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winuhadvh.exe"
},
{
"file_name": "wecutil.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\wecutil.exe"
},
{
"file_name": "oloxym.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\oloxym.exe"
},
{
"file_name": "tmp1E1B.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp1E1B.tmp"
},
{
"file_name": "winlawm.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winlawm.exe"
},
{
"file_name": "winsoel.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winsoel.exe"
},
{
"file_name": "winqtnoo.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winqtnoo.exe"
},
{
"file_name": "xtbmpv.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\xtbmpv.exe"
},
{
"file_name": "wintdls.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\wintdls.exe"
},
{
"file_name": "winsgxrp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winsgxrp.exe"
},
{
"file_name": "tmp66D.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp66D.tmp"
},
{
"file_name": "winlejtp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winlejtp.exe"
},
{
"file_name": "net.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\net.exe"
},
{
"file_name": "tmp4B94.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp4B94.tmp"
},
{
"file_name": "rnckrn.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\rnckrn.exe"
},
{
"file_name": "rinv.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\rinv.exe"
},
{
"file_name": "icsvcext.dll",
"path": "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\UPPS\\icsvcext.dll"
},
{
"file_name": "tmp7340.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp7340.tmp"
},
{
"file_name": "winwulid.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winwulid.exe"
},
{
"file_name": "tmp58E2.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp58E2.tmp"
},
{
"file_name": "oulg.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\oulg.exe"
},
{
"file_name": "bqtwdr.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\bqtwdr.exe"
},
{
"file_name": "winknlh.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winknlh.exe"
},
{
"file_name": "typeperf.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\typeperf.exe"
},
{
"file_name": "tmp74F5.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp74F5.tmp"
},
{
"file_name": "verclsid.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\verclsid.exe"
},
{
"file_name": "tmpE24B.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmpE24B.tmp"
},
{
"file_name": "winaqcg.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winaqcg.exe"
},
{
"file_name": "winswqa.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winswqa.exe"
},
{
"file_name": "winnqmpnh.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winnqmpnh.exe"
},
{
"file_name": "InputSwitchToastHandler.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\InputSwitchToastHandler.exe"
},
{
"file_name": "winsrlyxi.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winsrlyxi.exe"
},
{
"file_name": "3kkeqsn1j18w.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\XYZABCDE\\3kkeqsn1j18w.tmp"
},
{
"file_name": "winrcuhc.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winrcuhc.exe"
},
{
"file_name": "winxqtdbj.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winxqtdbj.exe"
},
{
"file_name": "winnbmly.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winnbmly.exe"
},
{
"file_name": "netsh.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\netsh.exe"
},
{
"file_name": "aspb.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\aspb.exe"
},
{
"file_name": "winvskqc.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winvskqc.exe"
},
{
"file_name": "DesktopLayer.exe",
"path": "C:\\Program Files (x86)\\Microsoft\\DesktopLayer.exe"
},
{
"file_name": "tmp4BE2.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp4BE2.tmp"
},
{
"file_name": "Combo_52729650.exe",
"path": "C:\\ProgramData\\Manten\\Combo_52729650.exe"
},
{
"file_name": "winwosv.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winwosv.exe"
}
],
"hashes": [
{
"md5": null,
"sha1": null,
"sha256": "40937a89dfdee3ebe55917a801d399833cd1943904962ee56be7f823d94732f4"
},
{
"md5": null,
"sha1": null,
"sha256": "3ae3e15b8b55f83d702e686a0bbd7c13c1684830cde4eeb90a36669f920ed98a"
},
{
"md5": null,
"sha1": null,
"sha256": "01e3eae81b157722840ce4616c6978cc3e6ba94642498032e36712c5e53982b4"
},
{
"md5": null,
"sha1": null,
"sha256": "6ba9494d37a814e08fe1b102dbdf1fa7797e38b92810f7bcdbe176b8b0cac417"
},
{
"md5": null,
"sha1": null,
"sha256": "79613f5ea0dc406c7f8f72d4943860b1c69b31287e98e23547f098a400a6cf5e"
},
{
"md5": null,
"sha1": null,
"sha256": "be57b064edeb18b2ddd66097e89ee61e563107482769dcdcf5cc220b3d83214a"
},
{
"md5": null,
"sha1": null,
"sha256": "8e9434ed8e0f08ad94d49fe0f482c34e3ba2183556bb66c5dcc94dcee9e6cd21"
},
{
"md5": null,
"sha1": null,
"sha256": "d56990f71a46b4de6a83151d425c9684f5d51dabffb494cb4fabd64a6323c130"
},
{
"md5": null,
"sha1": null,
"sha256": "36e089d04f566b866925af2e120d48c9fd5ecaa5245204bfb96914966af073fc"
},
{
"md5": null,
"sha1": null,
"sha256": "fcd848e99670cef7a51bf0386be83b58c00d7a6586acfabe334bbf03f6b08dda"
},
{
"md5": null,
"sha1": null,
"sha256": "3da5d2be709886e9471ad0d383f0e11ecab27b4cad64b5d66295e35f679143b9"
},
{
"md5": null,
"sha1": null,
"sha256": "487b05cf51dbb11cee298ea02b6340dd88c95aab4d8829669b2efd00744a8115"
},
{
"md5": null,
"sha1": null,
"sha256": "750c76d801281c8129556c188bc83180d97369b446f29b1677dc6539f642f117"
},
{
"md5": null,
"sha1": null,
"sha256": "e5c5873347fc6bcd3f73c9908e0d71211e7f889ca118217482cc0b5d64626651"
},
{
"md5": null,
"sha1": null,
"sha256": "660a5494cc6232d4fec9b5e2a592cedc4d9cf5007feb5d209cc996a0f392c130"
},
{
"md5": null,
"sha1": null,
"sha256": "b6c470dfefa5b2a790fd93533be78d226846db31ab8c51a04610e6d553e9d316"
},
{
"md5": null,
"sha1": null,
"sha256": "490f027c658e0609b266360ba1e8bae2191da93e05bf11c04e0b2311cf3dfd27"
},
{
"md5": null,
"sha1": null,
"sha256": "dbcfdf7a243f0f33f8ca50927738bd380607fafef248879360c0fbf52a0d9209"
},
{
"md5": null,
"sha1": null,
"sha256": "0541980d6dce0bc093a95497348ec206efab98f248e8508ae4361e1af982f61f"
},
{
"md5": null,
"sha1": null,
"sha256": "f8e250362ada375fbaeb0970ae8f8106816130611d90ea3eb707f5f31bdfb90a"
},
{
"md5": null,
"sha1": null,
"sha256": "e3cb70f83edd290419cd5db20322f6dc3305e364c47e8f2fdb1a12daac662a3a"
},
{
"md5": null,
"sha1": null,
"sha256": "565c8d1496ecf75c79736bcf86725f455b4c3498ff2b360bc39afa941a956266"
},
{
"md5": null,
"sha1": null,
"sha256": "ba46f420a51c21ced4a9d3088426888e9266f8a16ca087405d6f6c7801b24050"
},
{
"md5": null,
"sha1": null,
"sha256": "833d78df4af2c9c058219f7ec03df614ef2cbf1d1f54ae76f1e6737c79b2ac02"
},
{
"md5": null,
"sha1": null,
"sha256": "b2970a91be73b144ccb6b1d298b02693e69fc0198a0f52fac37d0bc5bbd7fc97"
},
{
"md5": null,
"sha1": null,
"sha256": "75626543dcce6a384e79373081a48e2a0375810a7d676b97fb16b238114035c6"
},
{
"md5": null,
"sha1": null,
"sha256": "3606c7f375a4fe6721aeb2f90241510383bc8d09e7667b7760812bc2a53a7a85"
},
{
"md5": null,
"sha1": null,
"sha256": "b112d6d2fa2f3330bfe15a5692eb01f3038e5b96571c9a32626e8f2a67c4734f"
},
{
"md5": null,
"sha1": null,
"sha256": "3abc086320a3a0f7b9121024aa64330ce4530a5e57a8fb3efb2bdca4e70b760d"
},
{
"md5": null,
"sha1": null,
"sha256": "cab58605080deda1ee16b980a2894300afb3fb0ffa25852700d7f5153b7b2b6d"
}
],
"ips": [
{
"value": "185.203.39.134"
},
{
"value": "43.99.56.192"
},
{
"value": "31.57.65.118"
},
{
"value": "8.218.252.45"
},
{
"value": "27.124.44.140"
}
],
"stats": {
"new_domains": 3,
"new_file_paths": 47,
"new_hashes": 30,
"new_ips": 5,
"total_new": 85
},
"update_time": "2026-06-03T21:03:27.441000+00:00",
"update_time_ms": 1780520607441
}