网安资讯详情 - SecLens 情报雷达

银狐IOC情报 批次#20260605055034

来源： threatbook_silverfox_ioc · 发布时间 2026-06-05 05:03 (UTC+08:00) · 抓取时间 2026-06-05 05:51 (UTC+08:00)

原文链接

摘要

银狐恶意软件IOC情报新增: 7个IP, 3个域名, 30个样本, 46个路径。数据时间: 2026-06-04 21:03 UTC

正文

# 银狐恶意软件 IOC 情报(新增) ## 基本信息 - **批次ID**: 20260605055034 - **数据更新时间**: 2026-06-04 21:03:38 UTC - **采集时间**: 2026-06-04 21:51:03 UTC ## 本批次新增统计 | 类型 | 新增数量 | |------|----------| | 恶意IP | 7 | | 恶意域名 | 3 | | 恶意样本 | 30 | | 释放路径 | 46 | ## 新增恶意 IP 地址 | # | IP 地址 | |---|---------| | 1 | `154.23.184.137` | | 2 | `47.242.238.212` | | 3 | `206.119.191.106` | | 4 | `137.220.155.153` | | 5 | `43.163.26.62` | | 6 | `143.92.62.61` | | 7 | `45.192.169.97` | ## 新增恶意域名 | # | 域名 | |---|------| | 1 | `lngothvvceon.ru` | | 2 | `ysrqibuwxpxx.com` | | 3 | `yxjsibeugmmj.ru` | ## 新增恶意样本哈希 | # | SHA256 | MD5 | SHA1 | |---|--------|-----|------| | 1 | `52ade94c2ba0e4a5...f00297a6` | - | - | | 2 | `690b68d775bab500...0bc8845e` | - | - | | 3 | `9845225e3893f79b...d3a59c1c` | - | - | | 4 | `b9eac1128372f449...51b80353` | - | - | | 5 | `e5aedce49998b3ef...1d4fee8b` | - | - | | 6 | `afc46986e4feb6ca...7faa91f4` | - | - | | 7 | `51861ee83a72b208...a96aa77d` | - | - | | 8 | `fe341765eaaa1a5d...c90f405d` | - | - | | 9 | `43f23437705b9c2a...d8625ab6` | - | - | | 10 | `65563b0f0b5616d2...7e95f149` | - | - | | 11 | `ec17e8a3013e50ef...af84c039` | - | - | | 12 | `f1e9d26aab908f9e...8c868ba6` | - | - | | 13 | `ad3664faf2dd2c7a...2f766471` | - | - | | 14 | `3c7da94de5c8eb84...38b3a2cf` | - | - | | 15 | `3971e08d32ca8a89...52e9b175` | - | - | | 16 | `a3402303d5eef05b...df348a53` | - | - | | 17 | `2c599ce8e5951c54...7bec1f39` | - | - | | 18 | `4e6b0924a3c222e8...7b5d4c29` | - | - | | 19 | `208a378c794efa5e...b50f03c2` | - | - | | 20 | `28857161fbe3e157...009e4e7a` | - | - | | 21 | `7cff31f275a29473...57db061c` | - | - | | 22 | `cdc8732c51e1efa0...623fa66f` | - | - | | 23 | `b9d4b2aa11161dd5...83a2d7f1` | - | - | | 24 | `2d1360a1638ff544...f6fd78c3` | - | - | | 25 | `25bf2d7f2d6722bb...7a425b84` | - | - | | 26 | `83ced703b0c5c28f...3e8b3a33` | - | - | | 27 | `dc999cf63dc35c10...35a31c09` | - | - | | 28 | `bd4d6f266ae8f46c...b80d903a` | - | - | | 29 | `22ed12104f7988c1...05d39588` | - | - | | 30 | `0e6491a490db08d3...aeb672c4` | - | - | ## 新增释放文件路径 | # | 文件路径 | 文件名 | |---|----------|--------| | 1 | `C:\Users\Administrator\AppData\Local\Temp\ysjy.exe` | `ysjy.exe` | | 2 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\fixmapi.exe` | `fixmapi.exe` | | 3 | `C:\Users\Administrator\AppData\Local\Temp\tmp880.tmp` | `tmp880.tmp` | | 4 | `C:\Users\Public\Pictures\ConsysFun.png` | `ConsysFun.png` | | 5 | `C:\Program Files (x86)\向日葵远程控制\向日葵远程控制\user.dat` | `user.dat` | | 6 | `C:\Program Files (x86)\BANDIZIP\BANDIZIP\Utility.dll` | `Utility.dll` | | 7 | `C:\Program Files (x86)\向日葵远程控制\向日葵远程控制\Utility.dll` | `Utility.dll` | | 8 | `C:\Users\Administrator\AppData\Local\Temp\winhswl.exe` | `winhswl.exe` | | 9 | `C:\Users\Administrator\AppData\Local\Temp\jvsrp.exe` | `jvsrp.exe` | | 10 | `C:\Users\Administrator\AppData\Local\Temp\mnsr.exe` | `mnsr.exe` | | 11 | `C:\Users\Administrator\AppData\Local\Temp\winyiuebi.exe` | `winyiuebi.exe` | | 12 | `C:\Users\Administrator\AppData\Local\Temp\rghps.exe` | `rghps.exe` | | 13 | `C:\ProgramData\mpqxuf.exe` | `mpqxuf.exe` | | 14 | `C:\Users\Administrator\AppData\Local\Temp\winahkb.exe` | `winahkb.exe` | | 15 | `C:\Users\Administrator\AppData\Local\Temp\winsvyry.exe` | `winsvyry.exe` | | 16 | `C:\Users\Administrator\AppData\Local\Temp\libexpat.dll` | `libexpat.dll` | | 17 | `C:\Drivers\OrBR2a\X2kH\FzWmJK\4o8G9s\is-I5LS4.tmp` | `is-I5LS4.tmp` | | 18 | `C:\Users\Administrator\AppData\Local\Temp\winruic.exe` | `winruic.exe` | | 19 | `C:\Users\Administrator\AppData\Local\Temp\tjnu.exe` | `tjnu.exe` | | 20 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\forfiles.exe` | `forfiles.exe` | | 21 | `C:\ProgramData\dx.vbs` | `dx.vbs` | | 22 | `C:\Users\Administrator\AppData\Local\Temp\tmp498.tmp` | `tmp498.tmp` | | 23 | `C:\Users\Administrator\AppData\Local\Temp\winigus.exe` | `winigus.exe` | | 24 | `C:\Users\Administrator\AppData\Local\Temp\hehwbr.exe` | `hehwbr.exe` | | 25 | `C:\Users\Administrator\AppData\Local\Temp\tmp9C5D.tmp` | `tmp9C5D.tmp` | | 26 | `C:\Users\Administrator\AppData\Local\Temp\tmp2294.tmp` | `tmp2294.tmp` | | 27 | `C:\Users\Administrator\AppData\Local\Temp\tmpAE1.tmp` | `tmpAE1.tmp` | | 28 | `C:\Users\Administrator\AppData\Local\Temp\winrectb.exe` | `winrectb.exe` | | 29 | `C:\Drivers\OrBR2a\X2kH\FzWmJK\4o8G9s\is-UDKGG.tmp` | `is-UDKGG.tmp` | | 30 | `C:\Users\Administrator\AppData\Local\Temp\tmp7217.tmp` | `tmp7217.tmp` | | 31 | `C:\Users\Administrator\AppData\Local\Temp\qecep.exe` | `qecep.exe` | | 32 | `C:\Users\Administrator\AppData\Roaming\向日葵远程控制\向日葵远程控制 7.1.3\install\2026052330向日葵远程控制1.cab` | `2026052330向日葵远程控制1.cab` | | 33 | `C:\Users\Administrator\AppData\Local\Temp\asmoi.exe` | `asmoi.exe` | | 34 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\fc.exe` | `fc.exe` | | 35 | `C:\Users\Administrator\Documents\17805809111648aCpevI8.exe` | `17805809111648aCpevI8.exe` | | 36 | `C:\Users\Administrator\AppData\Local\Temp\winmmea.exe` | `winmmea.exe` | | 37 | `C:\Users\Administrator\AppData\Local\Temp\wintonctf.exe` | `wintonctf.exe` | | 38 | `C:\Users\Administrator\AppData\Local\Temp\tmp92C8.tmp` | `tmp92C8.tmp` | | 39 | `C:\Users\Administrator\AppData\Roaming\BANDIZIP\BANDIZIP 7.1.3\install\2026052336-BANDIZIP1.cab` | `2026052336-BANDIZIP1.cab` | | 40 | `C:\Program Files (x86)\BANDIZIP\BANDIZIP\user.dat` | `user.dat` | | 41 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\HOSTNAME.EXE` | `HOSTNAME.EXE` | | 42 | `C:\Users\Administrator\AppData\Local\Temp\ltlmmr.exe` | `ltlmmr.exe` | | 43 | `C:\Users\Administrator\AppData\Local\Temp\winxorspu.exe` | `winxorspu.exe` | | 44 | `C:\Users\Administrator\AppData\Local\Temp\tmp6DF.tmp` | `tmp6DF.tmp` | | 45 | `C:\Users\Administrator\AppData\Local\Temp\najyn.exe` | `najyn.exe` | | 46 | `C:\Users\Administrator\AppData\Local\Temp\winjfkjuf.exe` | `winjfkjuf.exe` |

标签

• ioc
• ioc:domain
• ioc:filepath
• ioc:hash
• ioc:ip
• silverfox
• threatbook
• threat_intelligence

扩展字段

{
  "batch_id": "20260605055034",
  "domains": [
    {
      "value": "lngothvvceon.ru"
    },
    {
      "value": "ysrqibuwxpxx.com"
    },
    {
      "value": "yxjsibeugmmj.ru"
    }
  ],
  "file_paths": [
    {
      "file_name": "ysjy.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ysjy.exe"
    },
    {
      "file_name": "fixmapi.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\fixmapi.exe"
    },
    {
      "file_name": "tmp880.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp880.tmp"
    },
    {
      "file_name": "ConsysFun.png",
      "path": "C:\\Users\\Public\\Pictures\\ConsysFun.png"
    },
    {
      "file_name": "user.dat",
      "path": "C:\\Program Files (x86)\\向日葵远程控制\\向日葵远程控制\\user.dat"
    },
    {
      "file_name": "Utility.dll",
      "path": "C:\\Program Files (x86)\\BANDIZIP\\BANDIZIP\\Utility.dll"
    },
    {
      "file_name": "Utility.dll",
      "path": "C:\\Program Files (x86)\\向日葵远程控制\\向日葵远程控制\\Utility.dll"
    },
    {
      "file_name": "winhswl.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winhswl.exe"
    },
    {
      "file_name": "jvsrp.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\jvsrp.exe"
    },
    {
      "file_name": "mnsr.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\mnsr.exe"
    },
    {
      "file_name": "winyiuebi.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winyiuebi.exe"
    },
    {
      "file_name": "rghps.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\rghps.exe"
    },
    {
      "file_name": "mpqxuf.exe",
      "path": "C:\\ProgramData\\mpqxuf.exe"
    },
    {
      "file_name": "winahkb.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winahkb.exe"
    },
    {
      "file_name": "winsvyry.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winsvyry.exe"
    },
    {
      "file_name": "libexpat.dll",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\libexpat.dll"
    },
    {
      "file_name": "is-I5LS4.tmp",
      "path": "C:\\Drivers\\OrBR2a\\X2kH\\FzWmJK\\4o8G9s\\is-I5LS4.tmp"
    },
    {
      "file_name": "winruic.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winruic.exe"
    },
    {
      "file_name": "tjnu.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tjnu.exe"
    },
    {
      "file_name": "forfiles.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\forfiles.exe"
    },
    {
      "file_name": "dx.vbs",
      "path": "C:\\ProgramData\\dx.vbs"
    },
    {
      "file_name": "tmp498.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp498.tmp"
    },
    {
      "file_name": "winigus.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winigus.exe"
    },
    {
      "file_name": "hehwbr.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\hehwbr.exe"
    },
    {
      "file_name": "tmp9C5D.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp9C5D.tmp"
    },
    {
      "file_name": "tmp2294.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp2294.tmp"
    },
    {
      "file_name": "tmpAE1.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmpAE1.tmp"
    },
    {
      "file_name": "winrectb.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winrectb.exe"
    },
    {
      "file_name": "is-UDKGG.tmp",
      "path": "C:\\Drivers\\OrBR2a\\X2kH\\FzWmJK\\4o8G9s\\is-UDKGG.tmp"
    },
    {
      "file_name": "tmp7217.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp7217.tmp"
    },
    {
      "file_name": "qecep.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\qecep.exe"
    },
    {
      "file_name": "2026052330向日葵远程控制1.cab",
      "path": "C:\\Users\\Administrator\\AppData\\Roaming\\向日葵远程控制\\向日葵远程控制 7.1.3\\install\\2026052330向日葵远程控制1.cab"
    },
    {
      "file_name": "asmoi.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\asmoi.exe"
    },
    {
      "file_name": "fc.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\fc.exe"
    },
    {
      "file_name": "17805809111648aCpevI8.exe",
      "path": "C:\\Users\\Administrator\\Documents\\17805809111648aCpevI8.exe"
    },
    {
      "file_name": "winmmea.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winmmea.exe"
    },
    {
      "file_name": "wintonctf.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\wintonctf.exe"
    },
    {
      "file_name": "tmp92C8.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp92C8.tmp"
    },
    {
      "file_name": "2026052336-BANDIZIP1.cab",
      "path": "C:\\Users\\Administrator\\AppData\\Roaming\\BANDIZIP\\BANDIZIP 7.1.3\\install\\2026052336-BANDIZIP1.cab"
    },
    {
      "file_name": "user.dat",
      "path": "C:\\Program Files (x86)\\BANDIZIP\\BANDIZIP\\user.dat"
    },
    {
      "file_name": "HOSTNAME.EXE",
      "path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\HOSTNAME.EXE"
    },
    {
      "file_name": "ltlmmr.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ltlmmr.exe"
    },
    {
      "file_name": "winxorspu.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winxorspu.exe"
    },
    {
      "file_name": "tmp6DF.tmp",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp6DF.tmp"
    },
    {
      "file_name": "najyn.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\najyn.exe"
    },
    {
      "file_name": "winjfkjuf.exe",
      "path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winjfkjuf.exe"
    }
  ],
  "hashes": [
    {
      "md5": null,
      "sha1": null,
      "sha256": "52ade94c2ba0e4a5b86ab694c17153751b852ec382f9537d9f0f8a4df00297a6"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "690b68d775bab500cb0294790077c8f2c8d5c957c865adf6cef537060bc8845e"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "9845225e3893f79bd90faa4668ecc73a4abe4a38196b11497f3dc8a9d3a59c1c"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "b9eac1128372f4495875b28bae63d61680d99ca19a3897979ccc3a6b51b80353"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "e5aedce49998b3ef64d3a1cf05944520d1577ae77b77bb61b9fafe1d1d4fee8b"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "afc46986e4feb6ca836976f0fac63aeec07a60a171fe3edffb39618c7faa91f4"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "51861ee83a72b2086bf07781d1591d49455d28fdd69c2aaccdd3061fa96aa77d"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "fe341765eaaa1a5d301ebb1585e1fc667803127ec4ba674b71e8d135c90f405d"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "43f23437705b9c2ad72b094017b22402ddd2a453679df1a31ab60688d8625ab6"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "65563b0f0b5616d2a890dcfeef9796d32e3f38da617400165fb5d4b97e95f149"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "ec17e8a3013e50eff36ae160425b3964582ef6b90a9256e4d49fd665af84c039"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "f1e9d26aab908f9e4a5831bf5ecfb1bd9431541edcaaa2e6324a98748c868ba6"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "ad3664faf2dd2c7a9ce5e8a169e19437fbbe02fd4b3e2ba20a4d9d7c2f766471"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "3c7da94de5c8eb84c5f7548ad2ca622189f750162ba89e07b07960c538b3a2cf"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "3971e08d32ca8a8945d74eaa37f4db71593068e792c2088c5fee503852e9b175"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "a3402303d5eef05bdc78eb0fab8fb6cd3a82db91cb32430e66814c2fdf348a53"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "2c599ce8e5951c5413e21dd3f60a5cdb74fe184afab7df15c5ff81497bec1f39"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "4e6b0924a3c222e8777db569679b172edad9f833f0ad950fd9ab07187b5d4c29"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "208a378c794efa5eec7228d8c7363418a0b02e7e06db7c85f4410d4bb50f03c2"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "28857161fbe3e1573efd59bf8e371445ed91301da025d0bc8be1bbee009e4e7a"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "7cff31f275a294732d20760defe00e9f57e68753487fca7c22d2bbef57db061c"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "cdc8732c51e1efa07b6389fdf772bb9217c7087a6a09ea58ebb2dfc9623fa66f"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "b9d4b2aa11161dd53381da7e0dfe04b2c3ccc7561a93b817cd0658f283a2d7f1"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "2d1360a1638ff54458c77023f5d0a189b03bf2c573c55fa9be2983b9f6fd78c3"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "25bf2d7f2d6722bbb209a41bacd27c6dd175bcd6e39a7ff05c75c25b7a425b84"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "83ced703b0c5c28f511126cf8386c6f2a6197fc90637e4f161f02e133e8b3a33"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "dc999cf63dc35c1034c6d3afb7b4b6af58688ad51ab4ade5924e9ce335a31c09"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "bd4d6f266ae8f46cb513ec3f5ac641be0dfcefac60a8b021cb8832cdb80d903a"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "22ed12104f7988c18c53de2ca7e9611e7d60c89bbc3c0e5af02544cd05d39588"
    },
    {
      "md5": null,
      "sha1": null,
      "sha256": "0e6491a490db08d3224aea993962bf76dc1d2faca5915890b9d80d10aeb672c4"
    }
  ],
  "ips": [
    {
      "value": "154.23.184.137"
    },
    {
      "value": "47.242.238.212"
    },
    {
      "value": "206.119.191.106"
    },
    {
      "value": "137.220.155.153"
    },
    {
      "value": "43.163.26.62"
    },
    {
      "value": "143.92.62.61"
    },
    {
      "value": "45.192.169.97"
    }
  ],
  "stats": {
    "new_domains": 3,
    "new_file_paths": 46,
    "new_hashes": 30,
    "new_ips": 7,
    "total_new": 86
  },
  "update_time": "2026-06-04T21:03:38.963000+00:00",
  "update_time_ms": 1780607018963
}