Chinese-Speaking Group Manipulates SEO with BadIIS
Feb. 17, 2025, 11:29 a.m.
Description
A Chinese-speaking group is conducting an SEO manipulation campaign in Asia using BadIIS malware. The campaign targets vulnerable Internet Information Services (IIS) servers, compromising them to redirect users to illegal gambling sites or malicious servers. Affected regions include India, Thailand, Vietnam, and others, with government, universities, and tech sectors being targeted. The malware can alter HTTP responses, inject suspicious JavaScript, and perform SEO fraud. This campaign highlights the need for organizations to update and patch IIS systems, monitor for abnormal installations, restrict administrative access, and implement strong security measures to mitigate risks.
Tags
Date
- Created: Feb. 17, 2025, 11:17 a.m.
- Published: Feb. 17, 2025, 11:17 a.m.
- Modified: Feb. 17, 2025, 11:29 a.m.
Indicators
- ffceed66dd9935c92ff7922bd5fdfde08e9a2ff78dd3a76dc65a200305779b9c
- fe14c579308d356c64bd3be9365014de805a17abab8cb741e2817b8451a92f64
- fec618c4f832d8a182fc1d3b9e58a0bff1a62241a1d17108e84ed1f0c4bb7845
- fbd3d1828592a2c1f154ebe2283643e24dee1db9f8989ce32e54b00d470a0096
- facfea68fe95fc81e3b6e04f79fbcba738c79b4de2d0238e4e5a8ba095a2516d
- f9017361349421728fc1ac1bc1549b3d23b35bd795f0a83be2e9e517bccaccdc
- f1dcd2809a001a0d0ea3221939f7afd2ef9e5bf468709bd91abd70c902c42d45
- ed3882a77cdc372f647e647b66979525a50054a580b43499ce5a97864d772730
- eda7a7edc01392706a872a5a275940b4a4b9471dc562eb70128ee672872d1407
- e927d6ea1fdc27c0ae9eb55254bbbd4f501f14ae02e499d7d20cdd83af479b20
- e8201b4a0f2619224e0720034dfc19a75f77582531bd98a2465a58bbf4a9f8c6
- e645ee394546db818350adfb2c55bffea78f405ac0ebb3fb1486e7d2f042c46f
- e3c73f76f7b08ab6e223918a5b961201f60934ec95e5362529a42c1655395443
- e3197285c98965ca0522d3683c0d656e4ab1f8335ca322e1ae8c06b79dfd9b9c
- e09067e3e134e620b69117caf5bee54c1066b7259b74ddf2399afc64116690c9
- df75b0b8ea1f75f0039c158c89e413ed6c4352309cc2cfa282afd1857676a88c
- cc67b50d746b23b9bc6fc12dde8c64d72c7f856521787b964598672d83525915
- c75a9a104e340473b72140127f3039a08f99a334887afc100d09cffa3c4c8e24
- c732067b3d8763c248051366ab7beeae0d7fbe105884d4d3f8647e3427f36daf
- bf45c48b209e5004520b5d541e406c183bccb2fe81f3974c2c53be48017f74ca
- bbf9d7dafba979ef9c1e8531a20d3bea1adcdbb628816ce8781d7eeb6292f265
- bb9b0b20d239b2f5fe6da31fc2d13ec4ba6083238df68befd33d7521570d334e
- b6844533bb887e870eb88fba88ed4d616ea8a9573b673faf927846c802f7817c
- a68d83fd210b8ca21370a0f38da8fc0dd20b081e69beef911060924aa708a280
- a4906b40232726948f6a5357ad0ee9445512b422ae510d2ef08bd9cf516852bd
- a383c13bbe949d0b6dff23e3243c7bbac1813d2ce9d99149cd5b984f051005d0
- a35f810ed9ffd884d0599aa391d0043ad955e821f8144089116b15f01b8a932b
- a2a9dcdfc6f0aab577bc0f2750ff44050034c0f1c2f8b325a246f4dfe5f33219
- a0bb95eafc9913633c7e27f0f1e6c81eb4c138a809c109ad3abae5fcc47c2cbd
- a01ae86a356373f0d3e1b843f50243394308a96bd01978b33e4a91c0f0b19cce
- 9fbae4ed1de2b09af9a246a021f2a7fc8667492d459ac346eba6719509c41c5a
- 92e8076a59831156af5dc7058356cc0ad3dbd3c32cd84b08c3c8541ccc32d1c0
- 8fee015ae0e978e39af2cd1ca74b29202e702d296c110f3a7a90dfadce28d4a6
- 8eb51f51eea27de8b976bdbcc84f4cf386256dfd9dc3702df8f839490699e173
- 8ae43e6bd2cf0f8ced8f888226a4d6d06a7b03552e9af3d3cde35bb1d9724867
- 8a49966eb90acc5c05a6bba523f1dd0d58127ab731d44c7304204fa02bf61186
- 89169f480810198a2cbb28fab15e0dfc8d1ee53981a9834cb84a84d077db3d17
- 7ccdd8966adf04ddd9b24dac0d1b8642968598a88ec3f5048b279843bffefb84
- 7b190719c3fb9c0bde074981adaf5b04356c9c48fa2fccdb334c4ae218f66fc0
- 79b7fe6db452edd3077fb55906beea64c19087a19e5fb35211dd80975db74f9e
- 7321d599e777088356d7549e638b6b67fc43fc5c9f0c8846ee5aa7f47e35c2eb
- 6edb1fd609c7e011cd42656af67baf5271d8212933a8c964604d138306b9565f
- 6606d6e6424f7c25b922905095ba8cbff83357430bf1ef0ce0553a411fed1748
- 65967f471440449d2f1b615ff1338b8082b0481b617eda4d9f21a9f102b98859
- 6503770b34c53025793f1674af87d80a8f6ed44b5780490796012a2b771b8f84
- 61913e0a38282a42b26aff578da17dab60ac0fbee819fa42db5497cc5cf55760
- 5d838c0dbf164b26c4c5dc20f96d3bf48a5f9fde88bbc1dd02c08007bb184d86
- 5d0b2015998a8a5a2a60ebdd2f3d6a398e533d198b9157c1558e6913330c24ba
- 5b497b4205427198fc922c74cad8275b4256579f8bb5a1f1dbad7151630288a0
- 521869f9ee6066c33fb1615cbcad66de157876bd08cec05597e4d3a0405efac8
- 59b416efff07208dc8b1c98a6f754e3abc14e55d71971ddc5581f6bc7ca45837
- 44bfb9f0e13dd72ed111b5b5600b80b305ab153a0ee2224957e76391b28ac037
- 42906ac10d053eec10c05e2eeebcb06a7d6b307dc0d18083151dff3e0ac70022
- 4091ddc3560fb60bd3ef071367fd833d67c3c6e3e81165aa3d93519b93959658
- 3d331e6c5c1b22377b3b4aba9f71d65a10a77df6d8ee64c3a0d7d7de3d1f1565
- 3b8adf88b10e0c66d97b4909a17d4436a043ded5cf29c85ead22b58917e9ac7b
- 381dc36504e1b319fde9bbae0a580da9f239b8af8066638f9a4203e58dc16087
- 33e5e5e773d1909004d4b38a0e4e3e97e46cbdb7b17f94b28fce2c9ad0a375d3
- 2e20ce7bc1e653737f05c910759fd2e420fe28f77f80a6d8e7c9346809e4dce7
- 24aafe0a2033e2e5ca231ebca0e3c56740754a97ca1f5062305e6b30222fc0ee
- 2496bfe15e283affdfcd7f1de9134227671e2cddfb726b46829fa966abb9ac96
- 22cebb4f0fe6f4377e91b1e19204eff0f744d316b8c900377d8db4aa4f457801
- 21a61777b0f725dd0dbdb2ecd0dd66e952012e94894e71c306059990c2afe377
- 1cb60c7a121187978661b4bda84279f2324a5779b3f58bac11470a73fe544f6a
- 1bb1187daff9610a0c142b48bc04d3e883344ca0eca8fe915d6a02fb3e7571ff
- 18939c40dd601550da9f07d8115f4b19bec422df4ada9358bac9bd9e9ac94e94
- 12e4817abc69918b8556a4f18371c803db3d5191031cb56f835ec33cdb12f0d9
- 13f094d3eebe9d700360868006ac022a622ec606628adcc3782123d5092224d1
- 03bc0ddfa59cfa290c426396f1c5fff45bd2c3ef90152cafc7c662c075dfc7d8
- 08f965f640a3ec1c3aa9c31033455fad02550485d0d5b6fe33553d374775f18a
- 02e98650e89146f0bddf29dd73165b9993d52f966d6194d375b6f0fcf737c38a
- 02dba6f34480eac1d27c83a4ff06e3ba03fc63fcf3067e0957375bfd182ed39b
- 01577f5b0869154fb678bcf86eef50afceb5fc189c87b2085fe5fcdf74cd6ff0
- 2ec893440e04de55bc6bbe4b1db76df532aa42d3140a15dc5365ef520a1d4247
- 0f7df7ac22957da6a793f641cda611c2c2a294355d4d19b29b6920853a012d98
- 45.120.81.62
- 38.207.248.230
- 185.106.178.76
- 156.229.134.13
- 154.7.64.81
- www.xxxx.vip
- www.xiagao886.com
- www.m2313.com
- www.jumpiis8.com
- yyds.tmpdrsh.com
- wailian.zavinac.net
- wailian.eglotanygfa.vip
- wailian.vn6789sky.com
- wailian.brcknkblue.com
- vnfll22.keeploong.com
- vn.coronavg99.com
- th.ntxx.cn
- tdkgpt.yyds6686.com
- sitemap1.bet277.vip
- tdk.798love.com
- sitemap.bet277.vip
- site.toptopkm88.com
- se2.ggseocdn2.com
- se2.ggseocdn.com
- phpmap.googlecache.cc
- newthmap.googlecache.cc
- newth.googlecache.cc
- lucky.668823.com
- link.vdfskis888.com
- link.toptoplm88.com
- link.topck008.com
- ldy.vdfskis888.com
- jsc.bet277.vip
- js.targetedtrafficcrew.com
- js.officefonts-clo.com
- html.aafd.tv
- js.cloudflare.cyou
- br.zmdesf.cn
- br.ruicaisiwang.com
- bb.vdfskis888.com
- all.targetedtrafficcrew.com
- 798.toptopkm88.com
- zavinac.net
- yitongmingde.com
- vn6789sky.com
- topck008.com
- vg9920.store
- six2fc.com
- s995.vip
- qiqiguaiguai2.xyz
- jumpsexxx.com
- googleseo.life
- eglotanygfa.vip
- coronavg99.xyz
- chem-db.com
- bryyds.com
- brcknkblue.com
- aafd.tv
- 89vq.me
- 668th.com
- ll.olacityviet.com
- jsc.olacityviet.com
Additional Informations
- Technology
- Education
- Telecommunications
- Government
- British Indian Ocean Territory
- Singapore
- Bangladesh
- India
- Taiwan
- Thailand
- Japan
- Philippines
- Brazil