IoC extracted from volexity.com blog post Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs

gistfile1.txt

Date
  2019-09-02
  
References
  https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/

Artifacts
  Filesystem
    /data/data/com.android.browser/loader
    /data/data/com.android.browser/loader.log
    
  Network
    Host|IP
       getip.name|150.109.120.186
       ajax.cloudflarestatic.tk
       app.msap.services|144.202.59.23
       arkinixik.ezua.com|149.248.57.231
       emailgroup.uyghurmedia.top|45.32.190.160
       d.scanvpn.com|142.4.50.213
       182.61.184.33
       182.61.171.167
       182.61.173.209
       182.61.176.128
       45.76.209.90
       45.77.64.23
    HTTP
      GET
        http://103.43.18.243:5634/WU95IhiPIMsg.html
        http://182.61.171.167:9321/8fmtCI2j2Xk0.html
        http://182.61.173.209:8372/uxwrR64eZz0Y.html
        http://45.76.209.90:8352/reA4iy3gl2.html
        http://45.77.64.23/2
        https://www.google-analysis.info/UxiZIwIcsta2.html
        https://www.google-analysis.info/NsyXHDkBR2yK.html
        https://turkistantlmes.com/aNQBEaMX2Bc4.html
        https://turkistantlmes.com/7GbMYn8ldTRK.html
        https://stats.uyghurmedia.top:443/i/?
        https://akademlye.org/t5UPArzQAjd2.html
        https://akademlye.org/ztTXvf
        http?://149.28.207.244:8080/dev/loader
      POST
        https://stats.uyghurmedia.top:443/i/recv.php
        http?://149.28.207.244:1998/link/detail
      Headers
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101Firefox/65.0
        Accept-Language: zh-CN