Pages

Wednesday, 6 March 2013

Chinese Threat Actor Part 6


APT Malware reported on 2012-05-24

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PWS-BXJ/detailed-analysis.aspx

www.wmicrosoftw3.com

Whois

Domain Name ..................... WMICROSOFTW3.COM
Name Server ..................... dns27.hichina.com
                                            dns28.hichina.com
Registrant ID ................... hc354172142-cn
Registrant Name ................. li gang
Registrant Organization ......... ligang
Registrant Address .............. beijingchaiyangshuangjing
Registrant City ................. bei jing shi
Registrant Province/State ....... bei jing
Registrant Postal Code .......... 100001
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.01052636523 -
Registrant Fax .................. +86.01095236325 -
Registrant Email ................  pksslxc@gmail.com

pksslxc@gmail.com is also registrant of many other espionage domains


Actor Attribution


pksslxc@gmail.com is the registrant email of many chinese boards. On his baidu profile he mentioned that he is into Computers / Network Military but after the Bloomberg and Mandiant report, he removed that information.


6Sanya

http://www.6sanya.com/show.php?t_766_72_82125




http://www.tianya.cn/techforum/content/766/72/82125.shtml  ( Cache)

7140#作者:pksslxc   回复日期:2012-3-19 23:12:00    pksslxc@gmail.com


http://www.baidu.com/p/pksslxc

http://www.baidu.com/p/pksslxc/detail

擅长领域: 电脑/网络 军事

Male,  Area of expertise - Computer / Network Military

(Now the profile details are changed)



CSDN Profile

http://blog.csdn.net/pksslxc



 51CTO Blog

http://3239647.blog.51cto.com




Tianya Board

http://www.tianya.cn/65799758