GotoHTTP
AlienVault
· Published 29/01/2026 17:47 · Modified 29/01/2026 17:47
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 29/01/2026 17:47
- Modified
- 29/01/2026 17:47
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 31 attack patterns (mitre), 2 intrusion sets (apt), 2 sectors, 5 countries, 98 indicators, 1 vulnerabilities (cve), 2 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (31)
-
T1036 usesMasquerading
-
T1059.007 usesJavaScript
-
T1505.003 usesWeb Shell
-
T1016 usesSystem Network Configuration Discovery
-
T1012 usesQuery Registry
-
T1056.004 usesCredential API Hooking
-
T1055 usesProcess Injection
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1027 usesObfuscated Files or Information
-
T1486 usesData Encrypted for Impact
-
T1190 usesExploit Public-Facing Application
-
T1070 usesIndicator Removal
-
T1059 usesCommand and Scripting Interpreter
-
T1082 usesSystem Information Discovery
-
T1112 usesModify Registry
-
T1078 usesValid Accounts
-
T1136 usesCreate Account
-
T1068 usesExploitation for Privilege Escalation
-
T1547 usesBoot or Logon Autostart Execution
-
T1059.005 usesVisual Basic
-
T1083 usesFile and Directory Discovery
-
T1059.001 usesPowerShell
-
T1566 usesPhishing
-
T1070.001 usesClear Windows Event Logs
-
T1133 usesExternal Remote Services
-
T1543 usesCreate or Modify System Process
-
T1057 usesProcess Discovery
-
T1204 usesUser Execution
-
T1562 usesImpair Defenses
-
T1027.002 usesSoftware Packing
-
T1505 usesServer Software Component
Intrusion sets (APT) (2)
Sectors (2)
- Government targets
- Technology targets
Countries (5)
- Japan targets
- British Indian Ocean Territory targets
- Thailand targets
- India targets
- Pakistan targets
Indicators (98)
-
e448557d26cf2917efded8e30c67db8094ce1f6db78801742988ea21f3429d7cindicates -
http://tz.ohtcm.com/jump/json.jsindicates -
https://bxphp.westooo.com/58z.jsindicates -
ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bcindicates -
a781581baf6e1e335f22c9ffbb2656a2d9c8e51f463e3a48068210425df1c205indicates -
4bc189af91779582a1d29cfe187aa233e7ba50d223261fb9fbe31df5b06dff96indicates -
5213706ae67a7bf9fa2c0ea5800a4c358b0eaf3fe8481be13422d57a0f192379indicates -
3710817d7f6ddd39e1ce2dfb687d634768a3b672b9baf8134b695d51699defdbindicates -
33d3ccf82279d94a8e8e772a0c4963d65a1f3576dbd6ed7b4ab8a0ee4869f97findicates -
6bd8a0291b268d32422139387864f15924e1db05dbef8cc75a6677f8263fa11dindicates -
https://fql.jmfwy.com/tdks.php?domain=%s\u0026path=%sindicates -
c7a22f5c55ac1373a5964a6598da2a9afd8a61b9d729b9bf52a93c967a7f0edaindicates -
http://tz.jmfwy.com/jump/tiger.jsindicates -
9a2fd34e22c5f3d3d5fb96e3cd514dad7b03ed7bf53a87e7d8d9b73987d02eceindicates -
http://tz.ohtcm.com/jump/ov.jsindicates -
672ffdf1e9d4848015d29a68111266ef55fc6702dfe7b2053ce677882648dd5dindicates -
tz.ohtcm.comindicates -
w3c.sneaws.comindicates -
https://api.githubcopilot.comindicates -
https://404.imxzq.com/tdks.php?domain=%s\u0026path=%sindicates -
1ece4d8603f5e28a7b0f6a8c83963a57cf23e5d2fadfc138419c3a051a75c93aindicates -
tz.jmfwy.comindicates -
google.sneaws.comindicates -
bf6686858109d695ccdabce78c873d07fa740f025c45241b0122cecbdd76b54eindicates -
11ea6aa2b31677f8a36627d4af709e70cff4a033b0975f63c19b28945e6226b7indicates -
660ccb6dcfad97bfaddc667c61b1904e99a06eab981d44119092624d42912d68indicates -
383ac5ccf706a0d980c0805a892361b7be68e1b3fd9236336fdc2b239d96842cindicates -
21a43568025709b66240454fc92d4f09335a96863f8ab1c46b4a07f6a5b67102indicates -
187e1417fd9d4f4a44e4f7b7172aef056e9d0ab5d7a7addf61c2cfa893f74fd1indicates -
a5899f6dfde0ea5a79be562ca8ca01e11673c1d36a037847396db0c949014259indicates -
e09686fde44ae5a804d9546105ebf5d2832917df25d6888aefa36a1769fe4eb4indicates -
bxphp.westooo.comindicates -
https://thov.hunanduodao.com/tdks.php?domain=%s\u0026path=%sindicates -
https://7070-ppxcx-a1-3gg5ufwp666ee644-1300076834.tcb.qcloud.la/test/zcgo/go.exeindicates -
ab03a7caed279fc6411ec19386faff3b65be34c91c3f0550eaef84a663720d0dindicates -
931b3abcd3ebc82be7d24dbe196928ec7113e0562eaf3f8d18bcf64253bb9d1eindicates -
7eed3e20c41f6c464df945b1f353a52c450ca1653f4697d4ebcc58c2adc5868aindicates -
50d60071257d18b32330d912202dc320d501c221ea1591db8fbf19715460d571indicates -
0ee9ae80ec4321e20bf8358d95741a79e88d8d82d6b509cda2468891aa00ecfdindicates -
78f68419d80dca0ce30874953545d47ddf21115dd0a51a5ae76223bd4a3abb09indicates -
https://bxphp.westooo.com/u.phpindicates -
56be91643dd8b86f347cc8d743c568f2d0169781ba999a2f708e503b59ecff76indicates -
https://th.gtwql.com/1018.php?domain=%s\u0026path=%sindicates -
http://404.imxzq.com/tdks.php?domain=%s\u0026path=%sindicates -
http://tdkfsdfa.cnmseo.com/jump/ll.jsindicates -
48ec6530470b295db455bf2c72dc4fbd18672725f45821304f966d436b428865indicates -
5d320b60d2f40c200e81eaeb67a86a04782bff84582c73e726255dba2dcb821eindicates -
6229437844e2cf3153e3b9efa2ea17ff3954d46eb1875813c22400fdf136be72indicates -
9458a75c1e24add9a48e0425e514a5f0cb46a826bff30ea7ea34e69099345f29indicates -
tdk.hunanduodao.comindicates -
https://tdk.jmfwy.com/tdk.php?domain=%s\u0026path=%sindicates -
go1.kmm5tn.ceye.ioindicates -
cdf454173bac13266e0f7db5de386439f197e2c480e1cc303dd7e806484645daindicates -
404.jmfwy.comindicates -
bcc393c1686a0f5d493041e98dcafe0098d952d5e93eb4d2ebdb63c0efd2de33indicates -
2cc87bd2ae25a5119cb950618850eddeb578954fa780b125c1f51d234fb405e3indicates -
th.gtwql.comindicates -
a34ea8fb565ac6f57eefc987c61159c1e6f1af6a8717ffb42f4b745db3bf9e31indicates -
9c6cea0ccc0906cdcef9e9ff6e9086b3111e76618e9a254121d152f123a539c5indicates -
565502d2454e4b65d3bd810fccf4b429264562fefa5cfff24c905b76b3b860a6indicates -
2fgithub.comindicates -
https://bxphp.westooo.com/?xhost=%s\u0026url=%s\u0026ua=Googlespider\u0026f=bdindicates -
91e1f4fc92f104ec8b29bb56df87f8e7d8b518c63997e2ea162d3f1cac3fcac1indicates -
http://tz.ohtcm.com/jump/ll.jsindicates -
5213eae389c10a1e1e59001c89a5baad76b54233989b95382178233fe15a039dindicates -
http://go1.kmm5tn.ceye.ioindicates -
99f2c4773560eb515cfcb0ad45cf8e47c46580ab19494463160f885e048ce830indicates -
8ae8fabe7c3d9f8aef24c4eda323ab8640a56d51deb88fe58e5baf648d9e06b6indicates -
4e4bf7bea9c29f1e3eec31fed088105fce2256503ae1bc0064d13a22655d5afcindicates -
tdk.jmfwy.comindicates -
http://tdk.hunanduodao.com/jump/ov.jsindicates -
e84a16c8e25a4e40926cbb4cc210a09830298b6f99d532035f5136d05ffc008cindicates -
http://tdkfsdfa.cnmseo.com/jump/fql.jsindicates -
799.cors5.vipindicates -
thov.hunanduodao.comindicates -
d8c0ef6dbf7d4572f92d3a492f32061ab8f3dd46beb9ff5a0bf9bf550935458cindicates -
265336511db98a4c40476455e2ae93aaf926abecd8f9b9d741f8d253abb80357indicates -
tdkfsdfa.cnmseo.comindicates -
http://tz.jmfwy.com/jump/json.jsindicates -
7070-ppxcx-a1-3gg5ufwp666ee644-1300076834.tcb.qcloud.laindicates -
http://tz.ohtcm.com/jump/fql.jsindicates -
404.imxzq.comindicates -
http://tz.suucx.com/jump/ov.jsindicates -
1ab98783a02ad9f127e776c435ef4e24a18ab93c4b4ee5ede722817d4b20771aindicates -
6be5c8882bc02cf4e86d2ab9d20aa3446b71dd12c73f9c6bf0faf9412d7d23baindicates -
https://404.jmfwy.com/tdks.php?domain=%s\u0026path=%sindicates -
9d4c15e9d3ac761940046614093cf8b50480d4d9004365d5f48bed0739320d2aindicates -
70d6bc89451e36889c045f30de22bc02e032788c8938baa0d5802e8f747c3e79indicates -
f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fbindicates -
fql.jmfwy.comindicates -
6b60b6df8a1a95f51ffe57255c05d26eb9e113857efac3b29d6ef080b8d414f3indicates -
3ecb54a6abbd0be974a513390f33039626c8cae39e1d51c18e298ff85311e68dindicates -
https://799.cors5.vip/1018.php?domain=%s\u0026path=%sindicates -
230b84398e873938bbcc7e4a1a358bde4345385d58eb45c1726cee22028026e9indicates -
http://tdk.hunanduodao.com/jump/fql.jsindicates -
tz.suucx.comindicates -
29ffb1d28f98582e81e78e6b2d5502da50c8ebdee0d40005a86b0dadece2923bindicates -
206f27ae820783b7755bca89f83a0fe096dbb510018dd65b63fc80bd20c03261indicates
Vulnerabilities (CVE) (1)
5.7
Medium
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and …
- Attack vector
- Local
- Published
- 13/01/2026
- Modified
- 05/02/2026
Reports (2)
-
1 CVE 2 Malwares 6 Observables 1 APTPublished 05/02/2026 20:21 · Modified 05/02/2026 20:40
-
2 Malwares 74 Observables 1 APTPublished 29/01/2026 17:20 · Modified 30/01/2026 08:19