Scribd
Upload
66 views9 pages

China-Linked TA413 Group

The document discusses a China-linked threat group called TA413 that targets Tibetans using a malicious Firefox browser extension called FriarFox. Once installed, FriarFox gains access to users' Gmail accounts and browser data. The document provides technical details on FriarFox including URLs and domains it connects to, IP addresses, and hashes. It is recommended to keep all systems updated with the latest patches to protect against this threat.

Uploaded by

Viren Choudhari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
66 views9 pages

China-Linked TA413 Group

The document discusses a China-linked threat group called TA413 that targets Tibetans using a malicious Firefox browser extension called FriarFox. Once installed, FriarFox gains access to users' Gmail accounts and browser data. The document provides technical details on FriarFox including URLs and domains it connects to, IP addresses, and hashes. It is recommended to keep all systems updated with the latest patches to protect against this threat.

Uploaded by

Viren Choudhari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Type of Cyber Intel

Threat Name
Source of Information
Severity
Internet Exposure
Impacted Organization(s)
Description of Threat
CVE
Mode Of Infection(s)
ATT&CK IDS:
Recommended Actions
References

# Sensitivity: Internal Restricted


Malware
China-linked TA413 Group
Multiple Online Blogs
High
Exposed to Internet
NA
Once installed the FriarFox browser extension, attackers gained access to the users Gmail account and FireFox browser da

NA
T1123
4. Keep- all
Audio
the Capture, T1189 - Drive-by
systems (irrespective Compromise,
if criticality) T1566
updated with- latest
Phishing, T1176 - Browser Extensions
patches

https://securityaffairs.co/wordpress/115030/apt/china-ta413-targets-tibet.html
https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accoun

# Sensitivity: Internal Restricted


Below the the Gmail account functionality and FireFox browser attributes FriarFox attempts to collect.

# Sensitivity: Internal Restricted


# Sensitivity: Internal Restricted
# Sensitivity: Internal Restricted
URLs
https://you-tube.tv 
https://you-tube.tv/download.php 
https://vaccine-icmr.org/ 
https://vaccine-icmr.net/ 
http://accounts.youtube.comhttps://accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/jserror?script=h
https://indiatrustdalailama.com:443/file/i?5 
https://indiatrustdalailama.com/file/i/recv.php 
https://indiatrustdalailama.com/file/i/s.php?seed=<value>=&alivetime=<vaue>==&r=<value> 
http://www.nangsihistory.vip/doc/Protect%20yourself%20and%20others%20from%20COVID-19(Masks).doc 
http://www.nangsihistory.vip/doc/Self%20Immolations%20inside%20Tibet.doc 
https://167.179.99.136/Fw9f 

Domain
you-tube.tv 
vaccine-icmr.org 
vaccine-icmr.net 
indiatrustdalailama.com 
www.nangsihistory.vip 

IP Address
115.126.6.47 
118.99.9.47 
167.179.99.136 

# Sensitivity: Internal Restricted


onnectionHttp/jserror?script=https%3A%2F%2Findiatrustdalailama.com%2Ffile%2Fi%2F%3F5&error=Permission%20denied%20to%20get%

9(Masks).doc 

# Sensitivity: Internal Restricted


sion%20denied%20to%20get%20property%20%22href%22%20on%20cross-origin%20object&line=61  

# Sensitivity: Internal Restricted


Hash
d4bca797b5d40618dcf72ff471b325860bd1830cbd74012e9d643512f93c5778 
b918318506cffe468bbe8bf57aacbe035fe1242dafc14696682c42656ffb2582 
5adce130e28cfac30253f0532ffff0f80280af2f236234825a5954267e2fdc06 
555ec25f872108af2daab488d8ec62c4e6a8c43c43a92cb572b0d2a7dc891bd1  
e1501a0297a3d7fc326d3923fdc8f9156ed954602ba34e6b435158d39956dce4 
91d19b7b44d4e286a40bd28e269e4d172b642ea792c018551bcc5ca8efceb54c 
0469df3f6a8d3e05927f0739e8af9c84e995e3813ad78e18c78a333cf086ef08  
00099b0c4b664ed872ad4db5d28f2a0a1875a86c756f497562be825a7074757d 

# Sensitivity: Internal Restricted

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy