Pages

Wednesday 6 November 2013

Card Shop Advertisement


Stolen Card Shops Advertisement on a Underground forum.











Wednesday 11 September 2013

Chinese Threat Actor Part 7

According to the HTRAN report published by Dell, gxdet.com is one the command control domains used by threat actor.

http://www.secureworks.com/cyber-threat-intelligence/threats/htran/


conn.gxdet.com - 112.64.213.249:443

ddbb.gxdet.com - 112.64.213.249:443


Other subdomains associated with the domain gxdet.com

*.gxdet.com
bbs.gxdet.com
conn.gxdet.com
db.gxdet.com
ddbb.gxdet.com
home.gxdet.com
info.gxdet.com
mail.gxdet.com
mailsrv.gxdet.com
news.gxdet.com
soft.gxdet.com
sports.gxdet.com
tcp.gxdet.com
tech.gxdet.com
webmail.gxdet.com
www.gxdet.com

WHOIS


Domain:    gxdet.com - Whois History
Cache Date:    2010-02-11
Registrar:    ENOM, INC.
Server:    whois.enom.com
Created:    2008-07-14
Updated:    2008-07-18
Expires:    2010-07-14

Reverse Whois:    Click on an email address we found in this whois record
to see which other domains the registrant is associated with:
xixipai@hotmail.com 20051xue@sina.com

Registration Service Provided By: Chinese DQ Network Tech Corp.
Contact: xixipai@hotmail.com
   
Domain name: gxdet.com

Registrant Contact:
   Zhang san
   Zhang San ()
      Fax:
   beijing
   beijing, Beijing 100000
   CN

Administrative Contact:
   Zhang san
   Zhang San (20051xue@sina.com)
   +86.1033333333
   Fax: +86.1044444444
   beijing
   beijing, Beijing 100000
   CN

Technical Contact:
   Zhang san
   Zhang San (20051xue@sina.com)
   +86.1033333333
   Fax: +86.1044444444
   beijing
   beijing, Beijing 100000
   CN

Status: Locked

Name Servers:

   dns1.name-services.com
   dns2.name-services.com
   dns3.name-services.com
   dns4.name-services.com
   dns5.name-services.com


In the month of March 2010, Threat actor noticed his mistake that he used his personal email for domain registration. He then changed the registrant email to henfinder@gmail.com.

July 2008 - Feb 2010  Zhang San (20051xue@sina.com) 

Mar 2010 - July 2010   Tom Hanson (henfinder@gmail.com)



Actor Attribution

The Sina email "20051xue@sina.com" is the registrant email of Sina community where the registrant posted on a tech forum, Video, Astrology forum and finally a Micro blog where he posted his picture.

http://blog.sina.com.cn/u/1145193935






http://club.tech.sina.com.cn/default.php?s=user&a=profile&uid=1145193935



Sina Video




http://club.astro.sina.com.cn/thread-171861-1-1.html



20051xue   Newbie    Posted :2005 -07-26 11:31    Show author
Post 39 Posts: 0 Joined :2005-3-8    PM       
Large in small
4

Of course!
sign this thing is not allowed, but every time I look up, never really had. Anyway, my wife is a lion (818), I am Capricorn (107), the two married four years, and loving too are almost never fight, I live in the compound who recognized that we are the most loving couple.

The most interesting part is his Weibo personal blog where he mentions that he is Alumni of Tsinghua University and follow them, born on Jan 7, 1974 Capricorn and lives in Haidian District, Beijing.



http://weibo.com/1145193935/

Basic information

Nickname - Riding a white deer visit mountains

Location - Haidian District, Beijing

Gender - Male

Birthday - January 7, 1974, Capricorn

Job Information

Education Information -  Tsinghua University








200051Xue is using Samsung Galaxy S III android phone and he posted one of the picture of his daughter. The geo location listed in the pic was Han Jiachuan Road, Beijing, Haidan District.


He posted his personal picture in the album.




Saturday 20 April 2013

Sakura Exploit Pack

(Cross posted from Underground Forum)

Intro: Можно сказать что связка прошла успешное испытание временем, доказала свою конкурентноспособность и право на существование.
Я уверен что она придется по вкусу многим. Добро пожаловать в проект Sakura!

Текущая версия 1.1

В связку на данный момент входят:
- Java Rhino
- Java Obe
- Pdf Libtiff

Изменения:
- Внедрены дополнительные механизмы защиты эксплоитов
- Добавлен модуль проверки домена/ip по блеклистам
- Добавлен список юзерагентов основных ботов
- Добавлена возможность установки беклинка(по умолчанию 404 ошибка) для непробитого траффа
- Mac, Linux траффик и браузер Google Сhrome по умолчанию считаются неуникальным траффиком.


Возможности:
- Статистика по странам/источникам/браузерам/версиям ОС
- Поддержка потоков с разными настройками
- Ребилд связки на новый ip/домен через админку

Цена:
- 2000$/месяц при потоках <100к траффика в сутки. При больших потоках цена обговаривается отдельно.
- За 30% траффа US,CA,UK,AU при потоках >50к сутки.
Связка предоставляется бесплатно! Вы не покупаете лицензию.

За что вы платите:
1)Чистки - Постоянные чистки. Моя основная задача - поддерживать постоянную чистоту.
Вам не придется беспокоится об этом, я сам проверяю несколько раз в день и при палеве автоматически заливаю на ваш сервер.
2)Обновления
3)Написание любых нужных вам модулей, функционала

Особенности связки:
Связка ставится на Ваш сервер.

Время работы:
- пн-пт 10.00-19.00(мск)
- выходные - суббота,воскресение.

Screens





Detailed Screens

http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html

Styx Exploit Pack



(Cross posted from Underground forum )

Styx Sploit Pack

Gentlemen, it's a time to announce a new next generation product for your viewing pleasure: Styx Vulnerability Browser Stress Test Platform 2.0.

Our team worked hardly around three years to make a quality product which will be trustful for any person. Also we made a deep testing so this product already tested with our crypt.

Possibilities:

Updating via GIT from the master-server twice a day with any detect of any sploit;
No domains binding: you can specify any number of domains without rebuild;
There are no restrictions on traffic. Flow as many traffic as your channels and its hardware server can handle; Traffic must flow.
Speed. The product is able to handle as many connections as your MIPS processor.
Working with sub accounts: you can split any traffic flows to different sub accounts, share files and watch for the most quality traffic;
Flexible statistics: we use MongoDB (NoSQL-stores) on each sub account, browsers, country, operating system, time;
Two variants of rent: use can use the product on your servers or on our server;
Package. Deployment on your server with one script will take around two minutes.
Dynamic URL Flow link generation. Each link on which traffic flows is unique. This way makes a lack of possibility to detect the URL by the signature. Only domain.
Support for downloading files from a remote host. You can upload files to your sub account remotely.
Having a flexible API for all types of operations: each operation, which is available through the administrative interface is a command, and it's repeated by the API;
Checking the IP / Domain to the presence of black-lists through friendly service GhostBusters;
Quiet operation: like falling from a tree sakura flower, all the product is quiet;

Frequently asked questions:

Q: WTF Styx Sploit Pack?

A: This is a modern new generation exploit pack written by Styx team from scratch. It has been tested on huge traffic: 500К - 2КК in last 1,5 years.

Q: What's the differences between Styx Sploit Pack and BH, Phoenix, Sakura?

A: Our product is much more professional then other products: we written all exploits from scratch, we don't need rebuilds, we have really rapid product cleaning on demand, we have good support, also we have ticket system and 'All inclusive' package which includes everything: setup, cleaning, support, consulting.

We don't have a term 'rebuild for a new domain', 'how much is FUD', and 'when it will be FUD?' Paid once a month you will have stable and professional work all time you use the product and it will fully satisfy you.

Q: What exploits are included to package?

A: Java, PDF, Abobe Flash and their derivatives.

Q: What's the % hit, where can I see stats?

A: Stats really depends on traffic. This means that all people showing stats are cheaters and cheating all newbies because it's no way to make real life stats like that on pictures.

We will not fool you with stats pictures and huge numbers but the truth is out there (: -- our % hit and stats is better than any product which is available in market at this time. We have from 1 to 10% more but it only depends on traffic.

Q: What's the guaranteed support time and reaction?

A: Support is available in two modes: ticket system and realtime (jabber, online). You will have full 24x7 support all paid time.

Q: What will I get for this money?

A: You will get the product, installed to your server, setup to work with TDS and consulting and cleaning for 1 month. We don't have to 'rebuild for a new domain', our product works fine without any rebuilds, you just have to specify paths in settings. Guaranteed clean time is two hours from alert. In this way you will have a full freedom: you don't need to wait for anybody to rebuild or clean, exploit pack works with any your domains and server demands are low.

We think these arguments are enough to explain quality and price for private customers.

Q: How much does it cost?

A: $3000 per month.

Q: Can I buy sources?

A: No. (=

Q: What are hardware requirements?

A: They are fully democratic: we need only 512Mb RAM and 100Mbit channel to work comfortably. We also demand good OS installed to server: we don't support Windows or any *BSD.

Q: What about domains? How can I see if it's in stop-list?

A: We recommend you to use Ghost Busters or CHK4ME services for that, write a simple script and setup it up to cron to 1/2 hour.

Q: TDS? What TDS do you support and what TDS are compatible?

A: Any adequate TDS. We recommend you to use Sutra.

Q: Are your sploits packed?

A: Each exploit is cyphered and obfuscated from AVs at our service Styx Crypt.

Q: Is there browser fall down?

A: We have a small % of browser fall down so it can be ignored at all because it only depends on user's OS and browser version installed, so just ignore them.

Q: Is Chrome hit?

A: No.

Q: Can I make a test?

A: Yes.

Q: What are test demands for me?

A: You should provide us abuse-immunity server with root access with OS Linux installed (Debian is preferred), installed TDS (to filter unused traffic: mobile useragents, Mac, Linux, Chrome), you should provide us FUD EXE to be loaded from pack (no detections at all with size < 4Mb) and a clean domain.

Q: What shoud I get from test?

A: We will provide a full URL (from your domain) to allow you to 'make the spice flow (:' - to put there traffic. Two hours will be enough to let you to see % hit. EXE you provided will be loaded and you can check knoks from it. It's clear to understand that % hit fully depends on traffic quality so we will not accept any complain about it.

Q: Which language is sploit-pack written?

A: Usermode is written on PHP5, but exploit coge and generator — is no matter for you.

Q: What database do you use?

A: We use last MySQL version.

Q: So what is real hit percentage?

A: You can see it by yourself by requesting a test. We will not fool you by specifying huge numbers in «35%» and / or «right 2% higher then BH». Anoone who once tried to compare sploit packs knows what the hellish job this is: you need to have perfectly ideal traffic, same servers must work absolutely in same mode and so on. In real life quality can be determined by only one parameter: by testing. Of course this depends on your traffic.

Q: So why are you better? For what do I pay money?

A: For the first, by hit percentage. For the second, by flexible integrated system which can be used in any huge infrastucture. Our product is flexible and scalable and these features are used some times by different partnership programs. This flexibility allows you to work with more clients on same server then BH due to reduced file sizes and due to no PHP obfuscation. For the third, updates, support and cleaning. You don't have to pay for «domain switching / rebuilding» and «cleaning». We will just update pack on server. For the fourth, all new sploits are always included to pack first right after all tests passed on all browsers and OSes with all SPs. We don't search for any public sploits we research my ourselves and in some cases we buy technologies. So you see that this is - Perpetuum Mobile, but in same cases is Perfectum Mobile.

Wednesday 6 March 2013

Chinese Threat Actor Part 6


APT Malware reported on 2012-05-24

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PWS-BXJ/detailed-analysis.aspx

www.wmicrosoftw3.com

Whois

Domain Name ..................... WMICROSOFTW3.COM
Name Server ..................... dns27.hichina.com
                                            dns28.hichina.com
Registrant ID ................... hc354172142-cn
Registrant Name ................. li gang
Registrant Organization ......... ligang
Registrant Address .............. beijingchaiyangshuangjing
Registrant City ................. bei jing shi
Registrant Province/State ....... bei jing
Registrant Postal Code .......... 100001
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.01052636523 -
Registrant Fax .................. +86.01095236325 -
Registrant Email ................  pksslxc@gmail.com

pksslxc@gmail.com is also registrant of many other espionage domains


Actor Attribution


pksslxc@gmail.com is the registrant email of many chinese boards. On his baidu profile he mentioned that he is into Computers / Network Military but after the Bloomberg and Mandiant report, he removed that information.


6Sanya

http://www.6sanya.com/show.php?t_766_72_82125




http://www.tianya.cn/techforum/content/766/72/82125.shtml  ( Cache)

7140#作者:pksslxc   回复日期:2012-3-19 23:12:00    pksslxc@gmail.com


http://www.baidu.com/p/pksslxc

http://www.baidu.com/p/pksslxc/detail

擅长领域: 电脑/网络 军事

Male,  Area of expertise - Computer / Network Military

(Now the profile details are changed)



CSDN Profile

http://blog.csdn.net/pksslxc



 51CTO Blog

http://3239647.blog.51cto.com




Tianya Board

http://www.tianya.cn/65799758


Wednesday 20 February 2013

Chinese Threat Actor Part 5

Follow up on Mandiant report

http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

Mandiant Report

"Once again, in tracking SH we are fortunate to have access to the accounts disclosed from rootkit.com. The rootkit. com account “SuperHard_M” was originally registered from the IP address 58.247.237.4, within one of the known APT1 egress ranges, and using the email address “mei_qiang_82@sohu.com”. We have observed the DOTA persona emailing someone with the username mei_qiang_82. The name “Mei Qiang” (梅强) is a reasonably common Chinese last/first name combination. Additionally, it is a common practice for Chinese netizens to append the last two digits of their birth year, suggesting that SuperHard is in fact Mei Qiang and was born in 1982. Unfortunately, there are several “Mei Qiang” identities online that claim a birth year of 1982, making attribution to an individual difficult."

One of the threat actor identified by Mandiant is "SuperHard_M". His name is Mei Qiang and email is "mei_qiang_82@sohu.com"

Attribution

Rootkit database

(32261,'SuperHard_M','bf787577ff656cde5b5d1f8236a75d2a','mei','mei_qiang_82@sohu.com',1,1130405749,'',''
,'','','','',1,'','',1267772902,'58.247.237.4',0,0,0,1267772654,0,0,0,'','','','','',800,'')

IP Address 58.247.237.4 -  CHINA, SHANGHAI, SHANGHAI

This email is the registrant email at kaixin001 social network

http://www.kaixin001.com/home/13874928.html

Full Name -  Mei Xiao Qiang ( 梅小强 ), Living in Shanghai




Tianya Chinese Board

meo_qiang_82@sohu.com is also the registrant email at Tianya chinese board but the name linked to this email address is "2005_9_24" and profile information says he is a Male, living in city of ZhengZhou, Henan Province with Date of Birth September 12th 1982, Virgo and this profile is registered on 24 Sep 2005 suggesting that he was in Zhengzhou at this time.

http://www.tianya.cn/3963856




Interesting enough, there is another account on Tianya with the handle "SuperHard_M" which is registered with email address "mei_qiang_82@hotmail.com"

http://www.tianya.cn/5685768



"mei_qiang_82@hotmail.com" is also the registrant email at kaixin social network but the profile is deleted now and we know why :)

Search on mei_qiang_82@hotmail.com reveals he is aged 24 in 2005, that means he is 31 years old now.
He was living in Zhengzhou, Henan province during 2005. In a Job profile, he mentions that his interests are network security and developing hacking tools.

http://www.sxsoft.com/index.php/it/employee/show/2331

Name: SuperHard_M
Gender: Male
Age: 24
Education: Masters
Tel: 13503456644
Contact Address: Henan Zhengzhou 1001 mailbox 774
PostalCode: 450002
E-mail: mei_qiang_82@hotmail.com
Date: 2005-11-28 08:50:40
Published Username:  SuperHard_M


The mailbox address 1001 mailbox 774, Zhengzhou city, Henan Province belongs to the famous PLA Information Engineering University that implies he was a student at PLAIEU.

Mei Qiang published two journals along with Zhu Yue-Fei related to HTTP Session Hijacking on Switch LAN, Man In The Middle (MITM), ARP Spoof. It is important to note that Zhu Yue-Fei also published articles with Zhang Chang-he

 http://www.cdblp.cn/namedisambiguation/%E6%A2%85%E5%BC%BA/%E4%BF%A1%E6%81%AF%E5%B7%A5%E7%A8%8B%E5%A4%A7%E5%AD%A6/32123.html



(Credit goes to Tommy for the Journal link)

Read online

http://www.docin.com/p-53977513.html


SuperHard_M profiles on chinese boards


Weibo Profile 

Lives in Shanghai Pudong area



T QQ Profile

Lives in Shanghai Pudong area and Virgo




http://www.douban.com/people/SuperHard_M/




Wolf's World

http://superhard.blog.sohu.com




http://www.pinglunjuhe.com/pinglun/1009858.aspx?bt=3



One of the other possible email of SuperHard is mei_qiang_82@163.com

Update

After few hours of this blog post, Mei Qiang's Kaixin profile is deleted and sxsoft profile details are changed.


Saturday 16 February 2013

PLAIEU


People's Liberation Army - Information Engineering University (PLAIEU)



(Content is translated using Google)

Profile

Chinese People's Liberation Army Information Engineering University (The PLA Information Engineering University), former PLA Information Engineering University , PLA Institute of Surveying and Mapping, PLA Institute of Electronic Technology merged to form from directly under the General Staff leadership is a key national science and engineering higher military academies. The whole army one of the five comprehensive universities (the other four are: the National University of Defense Technology , PLA University of Science , Air Force Engineering University , Naval Engineering University ). Seeking, innovation and dedication is the motto of the University.

PLA Information Engineering University

Training, Department of Political Affairs, the school, the four organs of the Ministry of the Ministry of Scientific Research, under the Information Systems Engineering, College of geospatial information, password Engineering, College of cyberspace security navigation and air and space targets Engineering University now compiled, the rationale College, commanding officer basic education College letter seven colleges and the Institute of Information Technology. Has three postdoctoral programs, 24 doctoral degree programs (including six one discipline Doctorate), 53 master degree programs. Has three national key disciplines (including one of a national key disciplines), the five army key disciplines, 10 disciplines field is listed as the field of army " 211 Project "key construction disciplines. In addition, the school also has a National Engineering Research Center (National Digital Switching System Engineering Technology Research Center), five Army Key Laboratory of 2 provincial key laboratories, as well as 43 basic and specialized laboratories.

The University has a high-quality teaching and research ability, structured teaching team. It has a large number of countries to the the Professor Gao Jun, the Chinese Academy of Sciences, the Chinese Academy of Engineering, Professor Wang Jiayao Wu Professor Jiang Xing, Professor Xu Qifeng, young experts with outstanding contributions by the army and the experts and professors enjoy special government allowances. Existing teaching and research and engineering and technical personnel, with more than 600 senior professional and technical positions. My school's existing National Science and Technology Award Committee, the State Council Academic Appraisal Group, the National Informatization specifically Advisory Committee members, the National 863 Program information field of the Expert Team 3, Lunar Exploration Science Applications experts 2 Committee experts, the national teachers teaching, outstanding teachers, outstanding scientific and technological workers, one person was "New Century Female Inventors of the Fourth National Innovation Award, a teaching team was named national teaching team 22 enjoy special government allowances, 23 were rated as outstanding teachers, 211 people were army outstanding professional and technical personnel post allowance, 259 people were Yucai Award of the military academies.

Students elegance




Since the establishment of the University, close to the force requirements, closely around the central task of personnel training, and promote the development strategy for education transformation and strong school, level of education and teaching, and improve quality of personnel training, and has won two National Teaching Achievement Award three second prize, army-level teaching achievement award 32; 6 tutorial was named national quality courses, 12 courses were rated as high quality courses in the military, army excellent network courses; 11 achievements have been awarded the National Grand Prix of multimedia educational software. etc. Award; published textbook 200 for more than 16 textbooks as the "Eleventh Five-Year" project national planning materials; College English curriculum reform identified by the Ministry of Education for the whole army's only teaching reform demonstration sites; school assessment The collective work of art for the National Academic Degrees and Graduate Education Management.

University academic atmosphere active research strength, fruitful, is a base for research and innovation in the field of military information. Has undertaken a national army 3000 a number of key issues, including more than 400 of the 863 Program, 973 Program, National Natural Science Foundation of China, and defense major research projects. University since its formation in 1999, has won first prize in three national scientific and technological progress second prize of National Science and Technology Progress (State Technological Invention) 24, 65 armed forces (provincial and ministerial level) first prize for scientific and technological progress. At present, universities in program-controlled exchange, the third-generation mobile communication technology, information security, core router, signal analysis and processing, satellite and microwave communications, computer networks, network communication protocols, spatial positioning, satellite navigation, space remote sensing, digital photogrammetry, strong research strengths and strength in the direction of the simulation engineering, digital cartography, geographic information systems, and some in the international advanced level. Independently successfully developed China's first large-scale digital program-controlled switches HJD-04 exchange system and China's first all core technology with independent intellectual property rights of high-performance IPv6 router, and presided build a national high-speed information demonstration network, the next generation of broadcast networks ( NGB) technology leader. In addition, the development of the Shenzhou series of spacecraft, the successful to simulate landing field three-dimensional terrain contributed to write a new history of China Aerospace brilliant.

The University actively updating educational ideas, closely tracking the development of information science and technology, comprehensive deepen the educational reform, accelerate instantiate teaching, quality of personnel training has been significantly improved, the army now of building transport three thousand much-needed information class talent. University graduate students writing a thesis, was named National Excellent Doctoral Dissertation 5, 16 was named military Excellent Doctoral Dissertation the 33 named army Hits; cadets participated nationwide disciplines reward of more than 170 above the competition won the first prize; trainees Zhao Jing was named "the army's top ten of learning to become pacesetters"; students the Xie Kangmin was the first National Youth Century Talent Competition Gold Award; Meng Xiangbin, Wu Wenbin, graduate trainees has been named " Moving China "Person of the Year, and Meng Xiangbin Central Military Commission awarded the honorary title of sacrificed their lives to save a model officer, Wu Wenbin Central Military Commission awarded the honorary title of the earthquake relief heroic warrior.



The school occupies a total area of ​​nearly 5,000 acres, total construction area of ​​more than 110 million square meters, tidy campus wide, tree-lined, with a good learning environment, headquarters named "garden-style barracks. Schools built GPS experimental field, satellite ground stations, satellites, observatories, Observatory, computing center, swimming pool, shooting range, track and field stadium, indoor sports hall, multi-media classrooms, academic lecture hall, fully supporting the teaching, research and living facilities . The Library is a collection of more than 100 million copies digital literature resources 280TB. Campus built broadband high-speed campus network, dedicated access Internet Education and Research Network INTERNET.

Information Engineering

Located in the Yellow Sea, the northern foot of the Songshan of the Chinese People's Liberation Army Information Engineering University Information Engineering Institute, shoulder the important task of training project of the modernization of national defense technology and scientific research personnel, is a the army key building colleges.

Information Engineering University College of Information Engineering, Higher College of Science and Technology for the the defense modernization cultivation engineering and scientific researchers, and its predecessor, the PLA Information Engineering University, is approved by the State Council, the national key institutions of higher learning. Seven professional Institute jurisdiction of Computer Science and Technology, communications engineering, information science, information studies, command and management of Electronic Science and Technology, Network Engineering Department and the Information Technology Institute, Beijing graduate professional training center. Has two post-doctoral research stations , two one discipline Doctorate seven secondary discipline Doctorate programs, 15 master degree programs, 2 national key disciplines , two Army, one of the key disciplines army Key Laboratory 1 Key Laboratory of Henan Province, five army key construction disciplines areas of expertise, a national engineering centers (National Digital Switching System Engineering Technology Center). Existing School of Computer Science and Technology, network engineering, communications engineering, automation, information engineering, information research and security, electronic engineering, electronics and information engineering , eight four-year undergraduate students nationwide, according to local priorities score merit.

College to inherit and carry forward the fine tradition of the original Information Engineering College 50 years, has a strong school strength and rich experience in education, and the formation of a unique educational advantages in the field of information technology and information security. College adhere to educational policy "toward modernization, the world and the future", focus on updating educational philosophy, extensive application of modern educational technology , continue to deepen the reform of teaching methods and means,

Students elegance



Attaches great importance to the students to innovative thinking and creative ability and improve. In recent years, a number of achievements of the state and the army high-grade teaching achievement awards in International, National Mathematical Modeling, Electronic Design Contest and radio direction finding, since 2002 to 154 won the National Award Championship academic competitions, including a top award , 60 first prize. The trainees Xie Kangmin won the gold medal in 2002, the first national youth century style TV contest. Zhengzhou Jianyuanyilai co-culture of all kinds at all levels more than 20,000 graduates of graduates in short supply, praised by the employer, played an important role in the construction of our military information, and many graduates have become the state-of-the-art technology pillars of the field.

College faculty quality, reasonable structure. 42% of senior professional and technical positions in the Teacher, faculty with doctoral and master's degrees accounted for 89%, with the Chinese Academy of Engineering, Professor Wu Jiangxing represented by a group of renowned experts and scholars in and outside the military. 47 existing doctoral tutor , Master Instructor 147. Dozens of teachers were rated as the young and middle of the country and the army, the country, the military, and Henan Province, outstanding teachers, 61 excellent professional and technical personnel post allowance enjoy special government allowances and the military , 67 military academies Yucai Award. The College also hired 18 academicians from outside the hospital as a part-time professor.

Academic research environment, excellent strength, and fruitful. A National Engineering Center - National Digital Switching System Engineering Technology Research Center, in joint research, scientific and technological achievements into out of the new road. Following since the advent of the 1990s, the college has independently developed China's first large-scale digital program-controlled switches HJD-04 exchange system, a major breakthrough in packet switching, information security, 3G technology and routing technology research areas, there are more than 100 innovative achievements countries, the armed forces or the Provincial Science and Technology Progress Award, which from 2001 to 2004, the fourth consecutive year the National Science and Technology Progress Award, the National Science and Technology Progress Award in 2006, created a new glory of the Institute of Scientific Research.

Institute of Surveying and Mapping

PLA Information Engineering University is a military operational command of the high culture of military training and scientific research, the intermediate military mapping professionals higher engineering professional and technical colleges, formerly known as the 60 years of establishment of the hospital the history of the People's Liberation Army Institute of Surveying and Mapping, by approved by the State Council, one of the national key universities. Existing measurement and navigation of the College of Engineering, Department of Remote Sensing and Information Engineering, Cartography and Geographic Information Engineering, the operational environment and Simulation Engineering, Surveying Engineering and Equipment Department of Measurement and Control Technology and Management, joint schools and the local Health Department and other seven departments and Surveying Engineering Research Institute, has a post-doctoral research stations, six doctoral degree programs, 11 master's degree programs. With a national key disciplines, two army key disciplines, 4 army key construction disciplines field, an army Key Laboratory and one provincial engineering technology center.

With a high-quality, reasonable structure and faculty. Total teaching, research, engineering and technical staff of more than 260 people, including more than 90 people positive vocational staff of 47 people, 82 Fu Gaozhi, doctoral, Master Instructor. Gao Jun Academician of the Chinese Academy of Sciences , the Chinese Academy of Engineering academician Wang Jiayao SURVEYING Academy of Sciences, Fellow of the International Eurasian Academy of money Zeng Bo is a group of well-known scholars, experts and professors. Equipment state-of-the-art educational technology center, satellite observation station, GPS experimental field, the center of the Observatory, remote sensing satellite ground stations, remote sensing image processing , spatial information, data processing centers, teaching facilities. The campus network to achieve hospital-wide sharing of information resources and online teaching. In recent years, the college has a positive commitment to the past more than 500 major research projects of the state and the army, there are more than 120 achievements have been awarded the National Invention Award and the Science and Technology Progress Award, and other awards. Academic teaching and research fully equipped, state-of-the-art facilities, the basic realization of modernization of teaching methods.

The College has more than 60 years of school history, is one of the institutions of our military earliest foreign academic exchanges. Has received the military mapping the delegation of the United States , the United Kingdom, Germany , Canada, Switzerland , Russia, Romania , France, North Korea and other countries, and the famous experts, scholars visit, lecture, study abroad each year of experts, scholars, studies, lectures and participate in International Conference. The distinctive characteristics of school running strong academic atmosphere, elegant campus environment, the country, "the party's ideological and political work of advanced institutions of higher learning" the General Staff "personnel building advanced units" and "Army Class A health units".

Institute of Electronic Technology




 Information Engineering University, Institute of Electronic Technology Polytechnic Army information security technology based combination of command and technology combined with the multi-disciplinary institutions of higher learning. Formerly known as the 50 years of history of the People's Liberation Army Institute of Electronic Technology. The Institute existing command and management system, the Department of Information Research, Information Security, Information Equipment Engineering Department and an Information Security Institute of Technology, has a Key Laboratory of Information Security of Henan Province, a Henan Province Information Security Engineering Research center and a Henan e-commerce Engineering Research Center. A national key disciplines, three army key construction disciplines, three doctoral degree programs, eight master's degree authorization centers. Four four-year undergraduate programs of the existing College of Electronic Science and Technology, Information Engineering (Information Security), security, electronic engineering students nationwide, according to local priorities score merit.

The College has a strong school strength and rich experience in education, characteristics and advantages in cryptography, information security, network engineering, and computer application technology . Institute focus on updating the educational philosophy, the deepening education reform and innovation of the approach, the emphasis on the cultivation of students 'innovative thinking and ability to carry out the students' independent research and other rich classroom activities, numerous international, national college students, graduate students mathematical modeling, English won the first prize in the contest, information security competition, there have been two students have been named "the whole army 10 learning to become pacesetters.

The College has a reasonable structure, quality of teachers, accounting for 40% of the senior professional and technical positions in the faculty ranks, with doctoral and master's degrees accounted for 84%, with a number of disciplines with a solid foundation of theory and higher academic attainments academic leaders, including two "national young and middle," the General Staff outstanding young experts "7, 3 people enjoy special government allowances, seven teachers have been assessed to outstanding teachers in the military, 32 military academies "Yucai Awards. In recent years, the school has undertaken a national army, "863", "973", and the National Natural Science Fund and a number of major research projects by the national army and provincial-level teaching, research first, second and third prize hundred items.

College teaching, research and living facilities. Library, Academic Hall, Experimental Center, Military Sports Pavilion, standard athletics stadium, swimming pool, field training ground, comprehensive service building and other support facilities. Social security services complete living facilities, park CAPE through the hospital campus wide and tidy, rational layout, tree-lined, beautiful environment. The college has been named the "National and cherishing the model unit", "the General Staff learning to become advanced units," the whole army civilization Health barracks "," garden-style barracks, garden-style units ".


Journals published by PLA Information Engineering University

http://www.cqvip.com/qk/90290B/201201/



Page 57 of USCC Report provides more information about PLA Information Engineering University

http://www.scribd.com/doc/84582278/USCC-Report-Chinese-Capabilities-for-Computer-Network-Operations-and-Cyber-Espionage

Information Engineering University: The PLA Information Engineering University (PLAIEU), located in
Zhengzhou, Henan Province, is perhaps the military university with the most comprehensive involvement in information warfare and computer network operations training, planning, and possibly also execution.
According to a 2008 PLA Daily description, the school employs 800 professors and senior engineers and 100 part-time professors, serving 55 graduate degree programs.119 Published PLAIEU-sponsored research includes studies on worm propagation, network attack evaluation, kernel-mode rootkits, data hiding, malware behavior detection, and “emergency public opinion control.”

PLAIEU achieved worldwide notoriety in August, 2011 when the user ‘chinesecivilization2’ posted to YouTube a segment of the military-themed television documentary, “The Network Storm is Coming,” broadcast by CCTV-7 on July 16, 2011. The segment showed the live use of an apparent denial of service tool, bearing the title “PLA Information Engineering University” in Chinese, and offering the user a list of “attack destinations” including a Falun Gong website hosted at the University of Alabama in Birmingham (UAB). The broad exposure gained by the video’s YouTube distribution brought considerable attention to the PLAIEU, convincing many that the school sponsored hacking activity outright. However, staff at UAB later commented that the computer identified in the video had not been compromised, suggesting that the video only showed  a simulation. Nevertheless, the video strongly suggests that the PLAIEU is involved in developing software to assist network attack operations. The specificity of the example (a Falung Gong website at an Alabama university) reflects the detailed, real world network reconnaissance that Chinese network security researchers in both academia and government are conducting to further PRC security interests.

PLAIEU researchers are prolific publishers of information security-related material, having issued more than 300 articles in the past two years. Their recent collaborations include those with scholars at Zhengzhou University of Light Industry, PLA Unit 61365, Luohe Medical College, Public Security Marine Police Academy,  Xi’an University of Electronic Science and Technology, Hebei University of Science and Technology, Sichuan University, the National Digital Switching Engineering Center, Nanyang Normal College, and many others. The number and diversity of collaboration partners enjoyed by PLAIEU researchers suggests both aggressive partnership-building on the school’s part and a broad-based reputation for technical expertise.

Although the above key military institutions play important roles in the development of China’s information warfare capabilities, the PLA’s development of new CNO and EW capabilities depends to a substantial degree on collaboration with civilian academic institutions for the modernization of military command and technical talent.

Epoch Times Article - DDOS Software


The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China’s People’s Liberation Army—direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group.


EXPOSED: A picture of the hacking software shown during the Chinese military program. The large writing at the top says 'Select Attack Target.' Next, the user choose an IP address to attack from (it belongs to an American university). The drop-down box is a list of Falun Gong websites, while the button on the left says 'Attack.' (CCTV)

Read Full article here

http://www.theepochtimes.com/n2/china-news/slip-up-in-chinese-military-tv-show-reveals-more-than-intended-60619.html
  

Monday 4 February 2013

Chinese Threat Actor Part 4

Hugesoft.org is an espionage domain which goes back several years connected to uglygorilla@163.com.

http://www.whoismind.com/whois/hugesoft.org.html

Domain ID:D105044855-LROR
Domain Name:HUGESOFT.ORG
Created On:25-Oct-2004 09:46:18 UTC
Last Updated On:10-Sep-2012 12:39:43 UTC
Expiration Date:25-Oct-2013 09:46:18 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Status:OK
Registrant ID:3D553CC3140BB142
Registrant Name:huge soft
Registrant Organization:hugesoft
Registrant Street1:shanghai
Registrant Street2:
Registrant Street3:
Registrant City:shanghai
Registrant State/Province:S
Registrant Postal Code:200001
Registrant Country:CN
Registrant Phone:+86.21000021
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:
Admin ID:3D553CC3140BB142

The "ug-" sub domains are connected to this guy.

email.hugesoft.org
leets.hugesoft.org
happy.hugesoft.org
ne.hugesoft.org
sllaw.hugesoft.org
slnoa.hugesoft.org
sw.hugesoft.org
cdc01.hugesoft.org
ug-aaon.hugesoft.org
ug-aeai.hugesoft.org
ug-ag.hugesoft.org
ug-asg.hugesoft.org
ug-ati.hugesoft.org
ug-bdai.hugesoft.org
ug-bdfa.hugesoft.org
ug-bpd.hugesoft.org
ug-cccc.hugesoft.org
ug-ccr.hugesoft.org
ug-co.hugesoft.org
ug-cono.hugesoft.org
ug-cti.hugesoft.org
ug-dfait.hugesoft.org
ug-enrc.hugesoft.org
ug-ga.hugesoft.org
ug-hst.hugesoft.org
ug-irpf.hugesoft.org
ug-kfc.hugesoft.org
ug-man.hugesoft.org
ug-mbi.hugesoft.org
ug-nema.hugesoft.org
ug-opm.hugesoft.org
ug-piec.hugesoft.org
ug-pmet.hugesoft.org
ug-pnl.hugesoft.org
ug-rev.hugesoft.org
ug-rj.hugesoft.org
ug-sbig.hugesoft.org
ug-tree.hugesoft.org
ug-tta.hugesoft.org
ug-volpe.hugesoft.org


Attribution

uglygorilla@163.com is the registrant email of rootkit.com. This database is leaked and available in public domain.

'WangJack','uglygorilla@163.com',1,1125921689,'','','','','','',0,'','',1148883119,'58.246.255.28',0,0,0,0,0,0,0,'','','','','',0,''


IP Address: 58.246.255.28
Location CHINA, SHANGHAI, SHANGHAI
Latitude, Longitude 31.22222, 121.45806 (31°13'20"N 121°27'29"E)
Connection through CHINA UNICOM SHANGHAI NETWORK


uglygorilla@163.com is also the registrant email of chinese social networks like renren.com, weibo.cn and tianya.cn


He is a member of many chinese boards.

http://bbs.chinamil.com.cn/forum/bbsui.jsp?id=(o)5681



http://www.verycd.com/i/1401285/



http://my.csdn.net/uglygorilla



http://www.chinaunix.net/old_jh/52/1036982.html



http://www.tianya.cn/19462717



http://bbs.sjtu.edu.cn/bbsanc?path=%2Fgroups%2FGROUP_0%2Fmessage%2FD4EFC2634%2FD7AC8E3A8%2FG.1092960050.A


uglygorilla (uglygorilla) on station 2 times, net age [ 17 ] days [ Leo ]
Last: [ August 3, 2004 10:23:38 Tuesday ] from [ 210.22.114.46 ] to the site a visit.

IP Address: 210.22.114.46
Location CHINA, SHANGHAI, SHANGHAI
Latitude, Longitude 31.22222, 121.45806 (31°13'20"N 121°27'29"E)

He appears to be a student of Shanghai Jiotang University (SJTU) in 2004

Previous Posts