原文链接: https://mp.weixin.qq.com/s?__biz=MzIyNDg2MDQ4Ng==&mid=2247487379&idx=1&sn=ce4b51d6f5bde1eb21c21261933e49fc

07-11-攻防演练之请防守方重点关注威胁情报样本信息

原创 微步在线 攻防SRC 2025-07-11 10:00

【今日情报】微步情报局确认以下IP有攻击行为，建议加强关注或采取封禁措施🚫

39.105.125.47 
59.110.162.44 
101.200.229.238 
123.169.27.121
121.236.114.67 
39.96.179.239 
114.80.59.229 
39.96.178.169 
114.66.61.121 
116.129.124.179 
101.42.35.164 
120.55.82.31 
39.96.179.137 
47.117.137.67 
134.175.98.109 
114.80.59.238 
39.99.136.177 
123.56.201.19 
117.143.169.251 
123.57.69.140 

请防守方重点关注 微步情报局已捕获下列样本：

❗❗❗样本主题：商城苏智能电饭煲损坏投诉-2025070801751943917519439017519.exe

🔴SHA256: 48f13577179d177c4198b150ea7382939de547e2f578f453af1f110978bf6857

🔴MD5: 4b2390d0b80000f142adbdcb0e5edb98

🔴C2：1317148038-0fwmj32no0.ap-beijing.tencentscf.com

🔴分析结论：CobaltStrike木马

❗❗❗样本主题：北京**制药集团-企业闲置资金投资需求明细[email protected]

🔴SHA256: c1505d84c30128ae64db95eb24509fb74de19485b2d8acce4bced976b429c38f

🔴MD5: e0966b7fe62d8b1ab23850130139bb8d

🔴C2：8.152.101.123:443

🔴分析结论：CobaltStrike木马

❗❗❗样本主题：西安**机场停车开票证明截图-20250630175124962617512496261751249626.doc[1].exe

🔴SHA256: d6b5e3f41aae9137a3280c006782c08bdf867ab7918d21f3c2ee2df3eedc0692

🔴MD5: eb418569ba1de196e8bf38511fa1289e

🔴C2：1317148038-42nowyv1ug.ap-beijing.tencentscf.com、154.8.197.28:8080

🔴分析结论：CobaltStrike木马