Pages

Wednesday 29 February 2012

Chinese Threat Actor Part 2

Follow up on Joe Stewart Investigation

http://www.secureworks.com/research/threats/sindigoo/

Chinese Threat Actor Part 1

http://cyb3rsleuth.blogspot.com/2011/08/chinese-threat-actor-identified.html

king_public@hotmail.com also owns another email king_public@163.com

RootKit Database

(23025,'king-rose','e211f11c0b28434bf7f1c8fb510fa9ae','Club tom','king_public@hotmail.com',1,1106582903,'','','','','','',0,'','',1106837367,'61.51.59.63',0,0,0,1106583113,0,0,0,'BH','19800126','','','',0,'')

IP - 61.51.59.63

Location     CHINA, BEIJING, BEIJING
Connection through    CHINA UNICOM BEIJING PROVINCE NETWORK

IP - 123.120.127.153

20446,'king-z','e211f11c0b28434bf7f1c8fb510fa9ae','k,z,y','wzy_100@hotmail.com',1,1097652186,'','','','','','',0,'','',1284013010,'123.120.127.153',0,0,0,1284013010,0,0,0,'','','','','',0,'')

Location     CHINA, BEIJING, BEIJING
Connection through    CHINA UNICOM BEIJING PROVINCE NETWORK



The Kaixin profile linked to king_public@hotmail.com reveals the name Wang Liang Chen (王亮晨 ) and his other email king_public@163.com is also linked to a Kaixin profile.

Wang Zhong Yun (王仲俊)

http://www.kaixin001.com/home/22655901.html

http://www.kaixin001.com/photo/logolist.php?uid=22655901



Gender: Male
Current residence: Beijing
Zodiac Sign: Pisces

The spacewalk picture is used as profile picture for king_public@hotmail.com kaixin. 

His social network got many friends and the profile appears genuine.











Further analysis reveals that king_public@163.com is linked to many tech and hacker forums with handles "W100", "King-W" and "King-Z"

Tianya Board


Male, Beijing, Pisces





http://topic.csdn.net/t/20031223/17/2594994.html



http://topic.csdn.net/t/20050926/19/4295450.html



51CTO Blog



8dragon










Known emails and handles of the actor

king_public@hotmail.com

wzy_100@hotmail.com

king_public@163.com

king_w100@163.com

Handles - King-Z, King-W, W100, King-rose


Chinese Threat Actor Part 3

No comments:

Post a Comment