银狐IOC情报 批次#20260606055024
摘要
银狐恶意软件IOC情报新增: 5个IP, 30个样本, 47个路径。数据时间: 2026-06-05 21:03 UTC
正文
# 银狐恶意软件 IOC 情报(新增) ## 基本信息 - **批次ID**: 20260606055024 - **数据更新时间**: 2026-06-05 21:03:09 UTC - **采集时间**: 2026-06-05 21:50:53 UTC ## 本批次新增统计 | 类型 | 新增数量 | |------|----------| | 恶意IP | 5 | | 恶意域名 | 0 | | 恶意样本 | 30 | | 释放路径 | 47 | ## 新增恶意 IP 地址 | # | IP 地址 | |---|---------| | 1 | `84.17.37.55` | | 2 | `108.187.43.242` | | 3 | `18.163.61.3` | | 4 | `95.40.160.192` | | 5 | `202.95.16.13` | ## 新增恶意样本哈希 | # | SHA256 | MD5 | SHA1 | |---|--------|-----|------| | 1 | `6b972134dcafdf98...4daa8e12` | - | - | | 2 | `ab972052b5cda244...2fe90cd7` | - | - | | 3 | `e70ddf4868a62d31...6b521fd6` | - | - | | 4 | `8207af45bc962394...b769e1a3` | - | - | | 5 | `19fdfeedf6b18d4e...e8e6ab0d` | - | - | | 6 | `45f4febeeb5f5e16...dc712cfe` | - | - | | 7 | `f6a4bff5aefc0d72...bf81d7c8` | - | - | | 8 | `833a0ac72b7532ae...f4985274` | - | - | | 9 | `c23663f393aa8a72...b6ccc22c` | - | - | | 10 | `1b911d4ee3209b09...80c8233e` | - | - | | 11 | `797d89db39d80ef8...742c39eb` | - | - | | 12 | `60514fd71bf597fd...73f723b1` | - | - | | 13 | `0303d0a07253ca52...6230136b` | - | - | | 14 | `81a82e1e70d84628...bacecfb9` | - | - | | 15 | `55ab565ceb7d5f5d...8396f00d` | - | - | | 16 | `cae029a61776b786...0d2cd626` | - | - | | 17 | `66cc4849fba7abc2...de9c296e` | - | - | | 18 | `fca998c2a85d2e8c...cac99f49` | - | - | | 19 | `f3e7816eef06b60b...fab411d5` | - | - | | 20 | `5f86f3c1b6a66851...26e6162f` | - | - | | 21 | `858b2647462d5cac...cbe02852` | - | - | | 22 | `5771308f330efd07...9c159ffb` | - | - | | 23 | `793481921dca3150...5b10892b` | - | - | | 24 | `b5d3120957897288...aa742846` | - | - | | 25 | `7e49bcad8466a6e7...c22cfb56` | - | - | | 26 | `17a9890b29deb092...76340b73` | - | - | | 27 | `f0ba3b8b07e2a279...4e06e3b9` | - | - | | 28 | `febf6a4d21678d86...e8f74239` | - | - | | 29 | `9f6f8edb8bad8847...34d75215` | - | - | | 30 | `a5e7bc72b77546bc...4b856a25` | - | - | ## 新增释放文件路径 | # | 文件路径 | 文件名 | |---|----------|--------| | 1 | `C:\Users\Administrator\AppData\Local\Temp\wvcgxr.exe` | `wvcgxr.exe` | | 2 | `C:\Users\Administrator\AppData\Local\Temp\tmpC87.tmp` | `tmpC87.tmp` | | 3 | `C:\tmpcbu0tk\bin\monitor-x86.dll.tmp` | `monitor-x86.dll.tmp` | | 4 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\chkdsk.exe` | `chkdsk.exe` | | 5 | `C:\Users\Administrator\AppData\Local\Temp\tmpF27.tmp` | `tmpF27.tmp` | | 6 | `c:\!!!!aZEyFWgnyjnkm .exe` | `!!!!aZEyFWgnyjnkm .exe` | | 7 | `C:\Users\Administrator\AppData\Local\Temp\tmp1A33.tmp` | `tmp1A33.tmp` | | 8 | `C:\Users\Administrator\AppData\Local\Temp\bjspbg.exe` | `bjspbg.exe` | | 9 | `C:\Users\Administrator\AppData\Local\Temp\winmviuwu.exe` | `winmviuwu.exe` | | 10 | `C:\Users\Administrator\AppData\Local\Temp\ljfso.exe` | `ljfso.exe` | | 11 | `c:\users\administrator\appdata\local\temp\7395.tmp` | `7395.tmp` | | 12 | `C:\Program Files\Common Files\nvml.bin` | `nvml.bin` | | 13 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\PATHPING.EXE` | `PATHPING.EXE` | | 14 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\tar.exe` | `tar.exe` | | 15 | `c:\windows\tbdumpedmemory\2412_115418754754135562026` | `2412_115418754754135562026` | | 16 | `C:\Users\Administrator\AppData\Local\Temp\vwgsf.exe` | `vwgsf.exe` | | 17 | `C:\Users\Administrator\AppData\Local\Temp\winjfhgaf.exe` | `winjfhgaf.exe` | | 18 | `C:\Users\Administrator\AppData\Local\Temp\tmp5794.tmp` | `tmp5794.tmp` | | 19 | `C:\Program Files\NoteOrganizer\Utility.dll` | `Utility.dll` | | 20 | `C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\msedgeupdate.dll.tmp` | `msedgeupdate.dll.tmp` | | 21 | `C:\Users\Administrator\AppData\Local\Temp\ukwb.exe` | `ukwb.exe` | | 22 | `c:\users\administrator\appdata\local\temp\6ad1.tmp` | `6ad1.tmp` | | 23 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\fontdrvhost.exe` | `fontdrvhost.exe` | | 24 | `C:\Users\Administrator\AppData\Local\Temp\jauemr.exe` | `jauemr.exe` | | 25 | `C:\Users\Administrator\AppData\Local\Temp\winraxkpf.exe` | `winraxkpf.exe` | | 26 | `C:\Users\Administrator\AppData\Local\Temp\tmp520C.tmp` | `tmp520C.tmp` | | 27 | `C:\Program Files\Common Files\nvml.dll` | `nvml.dll` | | 28 | `C:\Program Files (x86)\NoteOrganizer\Utility.dll` | `Utility.dll` | | 29 | `C:\Users\Administrator\AppData\Local\Temp\winpvrah.exe` | `winpvrah.exe` | | 30 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\stordiag.exe` | `stordiag.exe` | | 31 | `C:\ProgramData\goyydj.exe` | `goyydj.exe` | | 32 | `C:\Users\Administrator\AppData\Local\Temp\bebmb.exe` | `bebmb.exe` | | 33 | `C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\dllcache\DevicePairingWizard.exe` | `DevicePairingWizard.exe` | | 34 | `C:\Users\Administrator\AppData\Local\Temp\winxsbp.exe` | `winxsbp.exe` | | 35 | `C:\Users\Public\TXZWj2\UxEnhance64.dll` | `UxEnhance64.dll` | | 36 | `C:\Users\Administrator\AppData\Local\Temp\juecxt.exe` | `juecxt.exe` | | 37 | `C:\Users\Administrator\AppData\Local\Programs\Python\Launcher\pyw.exe.tmp` | `pyw.exe.tmp` | | 38 | `C:\Users\Administrator\AppData\Local\Temp\keygen.exe` | `keygen.exe` | | 39 | `C:\Users\Administrator\AppData\Local\Temp\winkgpejo.exe` | `winkgpejo.exe` | | 40 | `C:\Users\Administrator\AppData\Local\Temp\winktekm.exe` | `winktekm.exe` | | 41 | `C:\Users\Administrator\AppData\Local\Temp\tmp71A4.tmp` | `tmp71A4.tmp` | | 42 | `C:\Users\Administrator\AppData\Local\Temp\winmyqlf.exe` | `winmyqlf.exe` | | 43 | `C:\ProgramData\tkkfom.exe` | `tkkfom.exe` | | 44 | `C:\Users\Administrator\AppData\Local\Temp\tmp573.tmp` | `tmp573.tmp` | | 45 | `C:\Users\Administrator\AppData\Local\Temp\tmpE6B.tmp` | `tmpE6B.tmp` | | 46 | `c:\users\administrator\appdata\local\temp\del5049.tmp` | `del5049.tmp` | | 47 | `C:\Users\Administrator\AppData\Local\Temp\A1D26E2\9C131B441AF4.tmp` | `9C131B441AF4.tmp` |
标签
- ioc
- ioc:filepath
- ioc:hash
- ioc:ip
- silverfox
- threatbook
- threat_intelligence
扩展字段
{
"batch_id": "20260606055024",
"domains": [],
"file_paths": [
{
"file_name": "wvcgxr.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\wvcgxr.exe"
},
{
"file_name": "tmpC87.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmpC87.tmp"
},
{
"file_name": "monitor-x86.dll.tmp",
"path": "C:\\tmpcbu0tk\\bin\\monitor-x86.dll.tmp"
},
{
"file_name": "chkdsk.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\chkdsk.exe"
},
{
"file_name": "tmpF27.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmpF27.tmp"
},
{
"file_name": "!!!!aZEyFWgnyjnkm .exe",
"path": "c:\\!!!!aZEyFWgnyjnkm .exe"
},
{
"file_name": "tmp1A33.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp1A33.tmp"
},
{
"file_name": "bjspbg.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\bjspbg.exe"
},
{
"file_name": "winmviuwu.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winmviuwu.exe"
},
{
"file_name": "ljfso.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ljfso.exe"
},
{
"file_name": "7395.tmp",
"path": "c:\\users\\administrator\\appdata\\local\\temp\\7395.tmp"
},
{
"file_name": "nvml.bin",
"path": "C:\\Program Files\\Common Files\\nvml.bin"
},
{
"file_name": "PATHPING.EXE",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\PATHPING.EXE"
},
{
"file_name": "tar.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\tar.exe"
},
{
"file_name": "2412_115418754754135562026",
"path": "c:\\windows\\tbdumpedmemory\\2412_115418754754135562026"
},
{
"file_name": "vwgsf.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\vwgsf.exe"
},
{
"file_name": "winjfhgaf.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winjfhgaf.exe"
},
{
"file_name": "tmp5794.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp5794.tmp"
},
{
"file_name": "Utility.dll",
"path": "C:\\Program Files\\NoteOrganizer\\Utility.dll"
},
{
"file_name": "msedgeupdate.dll.tmp",
"path": "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\msedgeupdate.dll.tmp"
},
{
"file_name": "ukwb.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\ukwb.exe"
},
{
"file_name": "6ad1.tmp",
"path": "c:\\users\\administrator\\appdata\\local\\temp\\6ad1.tmp"
},
{
"file_name": "fontdrvhost.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\fontdrvhost.exe"
},
{
"file_name": "jauemr.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\jauemr.exe"
},
{
"file_name": "winraxkpf.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winraxkpf.exe"
},
{
"file_name": "tmp520C.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp520C.tmp"
},
{
"file_name": "nvml.dll",
"path": "C:\\Program Files\\Common Files\\nvml.dll"
},
{
"file_name": "Utility.dll",
"path": "C:\\Program Files (x86)\\NoteOrganizer\\Utility.dll"
},
{
"file_name": "winpvrah.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winpvrah.exe"
},
{
"file_name": "stordiag.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\stordiag.exe"
},
{
"file_name": "goyydj.exe",
"path": "C:\\ProgramData\\goyydj.exe"
},
{
"file_name": "bebmb.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\bebmb.exe"
},
{
"file_name": "DevicePairingWizard.exe",
"path": "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\dllcache\\DevicePairingWizard.exe"
},
{
"file_name": "winxsbp.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winxsbp.exe"
},
{
"file_name": "UxEnhance64.dll",
"path": "C:\\Users\\Public\\TXZWj2\\UxEnhance64.dll"
},
{
"file_name": "juecxt.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\juecxt.exe"
},
{
"file_name": "pyw.exe.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Programs\\Python\\Launcher\\pyw.exe.tmp"
},
{
"file_name": "keygen.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\keygen.exe"
},
{
"file_name": "winkgpejo.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winkgpejo.exe"
},
{
"file_name": "winktekm.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winktekm.exe"
},
{
"file_name": "tmp71A4.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp71A4.tmp"
},
{
"file_name": "winmyqlf.exe",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\winmyqlf.exe"
},
{
"file_name": "tkkfom.exe",
"path": "C:\\ProgramData\\tkkfom.exe"
},
{
"file_name": "tmp573.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmp573.tmp"
},
{
"file_name": "tmpE6B.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\tmpE6B.tmp"
},
{
"file_name": "del5049.tmp",
"path": "c:\\users\\administrator\\appdata\\local\\temp\\del5049.tmp"
},
{
"file_name": "9C131B441AF4.tmp",
"path": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\A1D26E2\\9C131B441AF4.tmp"
}
],
"hashes": [
{
"md5": null,
"sha1": null,
"sha256": "6b972134dcafdf98f2ca8221668db8df32eec09844671e8fdbf4a73a4daa8e12"
},
{
"md5": null,
"sha1": null,
"sha256": "ab972052b5cda24411502de2b347855af98ffbf6f1b87cb96a1cc30b2fe90cd7"
},
{
"md5": null,
"sha1": null,
"sha256": "e70ddf4868a62d31126dedcc890bfc4c57a6f9d78d3a0599a2b62cc46b521fd6"
},
{
"md5": null,
"sha1": null,
"sha256": "8207af45bc96239402f17d4769e0f5561c9a3b0e2a7d83b75a1fa262b769e1a3"
},
{
"md5": null,
"sha1": null,
"sha256": "19fdfeedf6b18d4e3c19b18356a5053a35f2d948b234eb27b87c49d9e8e6ab0d"
},
{
"md5": null,
"sha1": null,
"sha256": "45f4febeeb5f5e167fd1afe187944bcddf1e43e89166c7d377faf348dc712cfe"
},
{
"md5": null,
"sha1": null,
"sha256": "f6a4bff5aefc0d72c01e7e60e8661c8c8bde9293689f39888e2d5eb6bf81d7c8"
},
{
"md5": null,
"sha1": null,
"sha256": "833a0ac72b7532aec7970fa6e2e4aef5e336ed58ad89e5065a16b9aef4985274"
},
{
"md5": null,
"sha1": null,
"sha256": "c23663f393aa8a72af18e5c12088f8a447364c5d232250f6f46b24e8b6ccc22c"
},
{
"md5": null,
"sha1": null,
"sha256": "1b911d4ee3209b09e265dbb774e6c4ef8afa2063d32125cdfe57e6f680c8233e"
},
{
"md5": null,
"sha1": null,
"sha256": "797d89db39d80ef81ed1e93d4249373a6e7ded3354553dee72d8bf8e742c39eb"
},
{
"md5": null,
"sha1": null,
"sha256": "60514fd71bf597fdb89ccfb31b68ffc9c91654835980e855f6e03f8573f723b1"
},
{
"md5": null,
"sha1": null,
"sha256": "0303d0a07253ca5233f833d91105675d23531a0a17ccda2ab7793f2f6230136b"
},
{
"md5": null,
"sha1": null,
"sha256": "81a82e1e70d846286c29013d1436a8450684bd9075d477f81f809c95bacecfb9"
},
{
"md5": null,
"sha1": null,
"sha256": "55ab565ceb7d5f5d6517d8833590e7efb1834f739bc713dd122cdd348396f00d"
},
{
"md5": null,
"sha1": null,
"sha256": "cae029a61776b78664d0dbafb297058961bee83c8210066be4ac8ae00d2cd626"
},
{
"md5": null,
"sha1": null,
"sha256": "66cc4849fba7abc24cf8aaf2bd71be2dd215634f27994fdccff8c2c7de9c296e"
},
{
"md5": null,
"sha1": null,
"sha256": "fca998c2a85d2e8c1156e04ad8b4f258bc4d7cc634b3222ebd88a427cac99f49"
},
{
"md5": null,
"sha1": null,
"sha256": "f3e7816eef06b60ba567d6b9b64e4cdbd6ab2ce49eb37cd6095bfc30fab411d5"
},
{
"md5": null,
"sha1": null,
"sha256": "5f86f3c1b6a668517523323a38aa316732140d4e46e18a63e36c032326e6162f"
},
{
"md5": null,
"sha1": null,
"sha256": "858b2647462d5cacb95f7a731806f1bda429712bbb1ec951942d780acbe02852"
},
{
"md5": null,
"sha1": null,
"sha256": "5771308f330efd07c7b8ea51c2dd1917711e099e748521b45f08e55b9c159ffb"
},
{
"md5": null,
"sha1": null,
"sha256": "793481921dca3150bb2689ed84925e9d050f3cebe645491e48276d3f5b10892b"
},
{
"md5": null,
"sha1": null,
"sha256": "b5d3120957897288e1eac3efb03edee3682590c4bd1da5e4658ac366aa742846"
},
{
"md5": null,
"sha1": null,
"sha256": "7e49bcad8466a6e7ea9382348890e3d3aed6f85ce0d9fc3c1e3da39ac22cfb56"
},
{
"md5": null,
"sha1": null,
"sha256": "17a9890b29deb092dbb0bdc7230fc60ab89e6bddc6b6a2b73471b19c76340b73"
},
{
"md5": null,
"sha1": null,
"sha256": "f0ba3b8b07e2a2799d4dd524b359547c9e8196a1a1f30fcb3e3bb94b4e06e3b9"
},
{
"md5": null,
"sha1": null,
"sha256": "febf6a4d21678d863c054608a3538322e0d5bd2d0c8b6012c464eeb8e8f74239"
},
{
"md5": null,
"sha1": null,
"sha256": "9f6f8edb8bad88475ebafc1bc41f914c965f02587939d119227936ec34d75215"
},
{
"md5": null,
"sha1": null,
"sha256": "a5e7bc72b77546bc5aaf46e6b99c945fdfe278c7e0f666c7bcce164f4b856a25"
}
],
"ips": [
{
"value": "84.17.37.55"
},
{
"value": "108.187.43.242"
},
{
"value": "18.163.61.3"
},
{
"value": "95.40.160.192"
},
{
"value": "202.95.16.13"
}
],
"stats": {
"new_domains": 0,
"new_file_paths": 47,
"new_hashes": 30,
"new_ips": 5,
"total_new": 82
},
"update_time": "2026-06-05T21:03:09.856000+00:00",
"update_time_ms": 1780693389856
}