CN110765455A - Malicious document detection method, device and system based on attribute domain abnormal calling - Google Patents

Malicious document detection method, device and system based on attribute domain abnormal calling Download PDF

Info

Publication number
CN110765455A
CN110765455A CN201811025289.7A CN201811025289A CN110765455A CN 110765455 A CN110765455 A CN 110765455A CN 201811025289 A CN201811025289 A CN 201811025289A CN 110765455 A CN110765455 A CN 110765455A
Authority
CN
China
Prior art keywords
script file
document
embedded
attribute domain
extracting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811025289.7A
Other languages
Chinese (zh)
Inventor
佟勇
黄磊
童志明
何公道
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Antiy Technology Group Co Ltd
Original Assignee
Harbin Antiy Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Antiy Technology Group Co Ltd filed Critical Harbin Antiy Technology Group Co Ltd
Priority to CN201811025289.7A priority Critical patent/CN110765455A/en
Publication of CN110765455A publication Critical patent/CN110765455A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a malicious document detection method, a malicious document detection device and a malicious document detection system based on attribute domain abnormal calling, wherein the method comprises the following steps: extracting a document embedded script file, and carrying out normalization processing on the embedded script; extracting document attribute domain information; preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted document attribute domain information into a corresponding position of a code of the attribute domain information read by the embedded script file; and detecting the preprocessed script file and outputting a detection result. The invention also provides a corresponding device, a system and a storage medium, and the method can restore the information in the document attribute domain to the embedded script and can effectively detect the document attack based on the abnormal calling of the attribute.

Description

Malicious document detection method, device and system based on attribute domain abnormal calling
Technical Field
The invention relates to the technical field of network security, in particular to a malicious document detection method, device and system based on attribute domain abnormal calling.
Background
Traditional document-class malicious programs generally contain malicious script programs, such as VBA, and the malicious programs implement attacks by triggering system vulnerabilities to execute the malicious scripts. And the novel document malicious program realizes the attack through the abnormal calling of the attribute domain, wherein the abnormal calling of the attribute domain refers to that information necessary for executing some malicious behaviors is placed in the attribute field of the document, and then the information in the attribute domain is read and executed through a non-malicious macro or script embedded in the document to complete the malicious attack. Since the conventional detection method usually detects based on a script or macro in a document, effective detection cannot be realized for a novel document-class malicious program.
Disclosure of Invention
Based on the problems, the application provides a malicious document detection method, a malicious document detection device and a malicious document detection system based on abnormal calling of an attribute domain.
Firstly, the application provides a malicious document detection method based on attribute domain abnormal calling, which comprises the following steps:
extracting a document embedded script file, and carrying out normalization processing on the embedded script;
extracting document attribute domain information, and respectively marking original information and additional information of the attribute domain;
preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and detecting the preprocessed script file and outputting a detection result.
In the method, the extracting the document embedded script file specifically comprises the following steps: analyzing the document structure, confirming whether the document is embedded with the script, and if so, extracting the embedded script.
In the method, the normalization processing is performed on the embedded script, specifically: and decoding the embedded script file, splicing a plurality of embedded scripts and unifying the format of the embedded scripts.
In the method, the detecting the preprocessed script file specifically comprises: and performing static characteristic or heuristic detection on the preprocessed script file.
Correspondingly, the invention provides a malicious document detection device based on attribute domain abnormal calling, which comprises: a memory and a processor;
the memory may store a computer program running on the processor;
when the processor runs the computer program, the following steps are realized:
extracting a document embedded script file, and carrying out normalization processing on the embedded script;
extracting document attribute domain information, and respectively marking original information and additional information of the attribute domain;
preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and detecting the preprocessed script file and outputting a detection result.
In the device, the extracting the document embedded script file specifically comprises: analyzing the document structure, confirming whether the document is embedded with the script, and if so, extracting the embedded script.
In the device, the normalization processing is performed on the embedded script, which specifically includes: and decoding the embedded script file, splicing a plurality of embedded scripts and unifying the format of the embedded scripts.
In the device, the detecting the preprocessed script file specifically includes: and performing static characteristic or heuristic detection on the preprocessed script file.
The invention also provides a malicious document detection system based on the attribute domain abnormal calling, which comprises the following steps:
the embedded script extraction module is used for extracting the embedded script file of the document and carrying out normalization processing on the embedded script;
the document attribute domain information extraction module is used for extracting document attribute domain information and respectively marking original information and additional information of an attribute domain;
the preprocessing module is used for preprocessing the script file, analyzing the embedded script file and acquiring a code for reading the attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and the abnormal calling detection module is used for detecting the preprocessed script file and outputting a detection result.
A non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a malicious document detection method invoked based on a property domain exception as described in any one of the above.
The invention has the advantages that the novel document attack detection method for the abnormal calling of the attribute domain is provided, the malicious code does not need to be dynamically and virtually executed, the detection result can be output by extracting and restoring the embedded script and the document attribute domain information and then carrying out static characteristic detection or heuristic detection on the restored script, and the problem that the novel document attack cannot be effectively detected in the traditional document detection mode is effectively solved.
The invention provides a malicious document detection method, a device, a system and a storage medium based on attribute domain abnormal calling, wherein the method comprises the following steps: extracting a document embedded script file, and carrying out normalization processing on the embedded script; extracting document attribute domain information; preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted document attribute domain information into a corresponding position of a code of the attribute domain information read by the embedded script file; and detecting the preprocessed script file and outputting a detection result. The invention also provides a corresponding device, a system and a storage medium, and the method can restore the information in the document attribute domain to the embedded script and can effectively detect the document type attack based on the abnormal calling of the attribute.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart of an embodiment of a malicious document detection method based on an abnormal invocation of an attribute domain according to the present invention;
FIG. 2 is a schematic structural diagram of a malicious document detection device based on an attribute domain abnormal call according to the present invention;
FIG. 3 is a schematic structural diagram of a malicious document detection system based on an attribute domain exception call according to the present invention.
Detailed Description
In order to make the technical solutions in the embodiments of the present invention better understood and make the above objects, features and advantages of the present invention more comprehensible, the technical solutions of the present invention are described in further detail below with reference to the accompanying drawings.
First, the present application provides a malicious document detection method based on an attribute domain abnormal call, as shown in fig. 1, including:
s101: extracting a document embedded script file, and carrying out normalization processing on the embedded script;
s102: extracting document attribute domain information, and respectively marking original information and additional information of the attribute domain;
s103: preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information;
s104: embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
s105: and detecting the preprocessed script file and outputting a detection result.
In the method, the extracting the document embedded script file specifically comprises the following steps: analyzing the document structure, confirming whether the document is embedded with the script, and if so, extracting the embedded script.
In the method, the normalization processing is performed on the embedded script, specifically: and decoding the embedded script file, splicing a plurality of embedded scripts and unifying the format of the embedded scripts. Wherein decoding the embedded script can be realized by an encryption algorithm defined by Microsoft;
in the method, the detecting the preprocessed script file specifically comprises: performing static characteristic or heuristic detection on the preprocessed script file; the detection method may include keyword matching, feature matching, API call sequence detection, and the like.
Based on the method, a novel document type attack solution is enumerated: if a malicious document places a download address of a malicious program in an attribute field, a traditional detection method usually detects the document only based on a script, but reads the document attribute, and the script executing the download behavior has no obvious malicious behavior, so that the detection is easy to escape. By the method, the information in the attribute domain of the document is read, the download address embedded into the attribute domain field is found, the download address is restored into the embedded script by acquiring the download address code of the attribute domain read from the embedded script, and the restored embedded script is detected, so that the malicious behavior can be found.
Correspondingly, the present invention provides a malicious document detection apparatus based on attribute domain abnormal call, as shown in fig. 2, including: a memory 201 and a processor 202;
the memory may store a computer program running on the processor;
when the processor runs the computer program, the following steps are realized:
extracting a document embedded script file, and carrying out normalization processing on the embedded script;
extracting document attribute domain information, and respectively marking original information and additional information of the attribute domain;
preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and detecting the preprocessed script file and outputting a detection result.
In the device, the extracting the document embedded script file specifically comprises: analyzing the document structure, confirming whether the document is embedded with the script, and if so, extracting the embedded script.
In the device, the normalization processing is performed on the embedded script, which specifically includes: and decoding the embedded script file, splicing a plurality of embedded scripts and unifying the format of the embedded scripts.
In the device, the detecting the preprocessed script file specifically includes: and performing static characteristic or heuristic detection on the preprocessed script file.
The invention also provides a malicious document detection system based on the attribute domain abnormal call, as shown in fig. 3, which includes:
the embedded script extraction module 301 is used for extracting a document embedded script file and carrying out normalization processing on the embedded script;
the document attribute domain information extraction module 302 is used for extracting document attribute domain information and respectively marking original information and additional information of an attribute domain;
the preprocessing module 303 is used for preprocessing the script file, analyzing the embedded script file and acquiring a code for reading the attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and the abnormal call detection module 304 is used for detecting the preprocessed script file and outputting a detection result.
A non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a malicious document detection method invoked based on a property domain exception as described in any one of the above.
The invention has the advantages that the novel document attack detection method for the abnormal calling of the attribute domain is provided, the malicious code does not need to be dynamically and virtually executed, the detection result can be output by extracting and restoring the embedded script and the document attribute domain information and then carrying out static characteristic detection or heuristic detection on the restored script, and the problem that the novel document attack cannot be effectively detected in the traditional document detection mode is effectively solved.
The invention provides a malicious document detection method, a device, a system and a storage medium based on attribute domain abnormal calling, wherein the method comprises the following steps: extracting a document embedded script file, and carrying out normalization processing on the embedded script; extracting document attribute domain information; preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted document attribute domain information into a corresponding position of a code of the attribute domain information read by the embedded script file; and detecting the preprocessed script file and outputting a detection result. The invention also provides a corresponding device, a system and a storage medium, and the method can restore the information in the document attribute domain to the embedded script and can effectively detect the document type attack based on the abnormal calling of the attribute.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on this understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium and executes the methods according to the embodiments or some parts of the embodiments.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
While the present invention has been described with respect to the embodiments, those skilled in the art will appreciate that there are numerous variations and permutations of the present invention without departing from the spirit of the invention, and it is intended that the appended claims cover such variations and modifications as fall within the true spirit of the invention.

Claims (10)

1. A malicious document detection method based on attribute domain abnormal calling is characterized by comprising the following steps:
extracting a document embedded script file, and carrying out normalization processing on the embedded script;
extracting document attribute domain information, and respectively marking original information and additional information of the attribute domain;
preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and detecting the preprocessed script file and outputting a detection result.
2. The method of claim 1, wherein the extracting the document embedded script file specifically comprises: analyzing the document structure, determining whether the document is embedded with the script file, and if so, extracting the embedded script file.
3. The method of claim 1, wherein the normalization of the embedded script is performed by: and decoding the embedded script file, splicing a plurality of embedded scripts and unifying the format of the embedded scripts.
4. The method according to claim 1, wherein the detecting the preprocessed script file is specifically: and performing static characteristic or heuristic detection on the preprocessed script file.
5. A malicious document detection device based on attribute domain abnormal calling is characterized by comprising: a memory and a processor;
the memory may store a computer program running on the processor;
when the processor runs the computer program, the following steps are realized:
extracting a document embedded script file, and carrying out normalization processing on the embedded script;
extracting document attribute domain information, and respectively marking original information and additional information of the attribute domain;
preprocessing the script file, analyzing the embedded script file, and acquiring a code for reading attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and detecting the preprocessed script file and outputting a detection result.
6. The apparatus according to claim 5, wherein the extracting the document embedded script file specifically comprises: analyzing the document structure, determining whether the document is embedded with the script file, and if so, extracting the embedded script file.
7. The apparatus of claim 5, wherein the normalization processing of the embedded script is specifically: and decoding the embedded script file, splicing a plurality of embedded scripts and unifying the format of the embedded scripts.
8. The apparatus according to claim 5, wherein the detecting the preprocessed script file is specifically: and performing static characteristic or heuristic detection on the preprocessed script file.
9. A malicious document detection system based on attribute domain abnormal calling is characterized by comprising:
the embedded script extraction module is used for extracting the embedded script file of the document and carrying out normalization processing on the embedded script;
the document attribute domain information extraction module is used for extracting document attribute domain information and respectively marking original information and additional information of an attribute domain;
the preprocessing module is used for preprocessing the script file, analyzing the embedded script file and acquiring a code for reading the attribute domain information; embedding the extracted additional information of the document attribute domain into a corresponding position of a code of the attribute domain information read by the embedded script file;
and the abnormal calling detection module is used for detecting the preprocessed script file and outputting a detection result.
10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the malicious document detection method based on attribute domain exception invocation of any of claims 1-4.
CN201811025289.7A 2018-09-04 2018-09-04 Malicious document detection method, device and system based on attribute domain abnormal calling Pending CN110765455A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811025289.7A CN110765455A (en) 2018-09-04 2018-09-04 Malicious document detection method, device and system based on attribute domain abnormal calling

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811025289.7A CN110765455A (en) 2018-09-04 2018-09-04 Malicious document detection method, device and system based on attribute domain abnormal calling

Publications (1)

Publication Number Publication Date
CN110765455A true CN110765455A (en) 2020-02-07

Family

ID=69328939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811025289.7A Pending CN110765455A (en) 2018-09-04 2018-09-04 Malicious document detection method, device and system based on attribute domain abnormal calling

Country Status (1)

Country Link
CN (1) CN110765455A (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101816148A (en) * 2007-08-06 2010-08-25 伯纳德·德莫森纳特 Be used to verify, data transmit and the system and method for protection against phishing
CN101901221A (en) * 2009-05-27 2010-12-01 北京启明星辰信息技术股份有限公司 Method and device for detecting cross site scripting
CN103164331A (en) * 2011-12-15 2013-06-19 阿里巴巴集团控股有限公司 Vulnerability detecting method and device of application program
CN103425930A (en) * 2012-12-27 2013-12-04 北京安天电子设备有限公司 Online real-time script detecting method and online real-time script detecting system
CN103577755A (en) * 2013-11-01 2014-02-12 浙江工业大学 Malicious script static detection method based on SVM (support vector machine)
CN104021084A (en) * 2014-06-19 2014-09-03 国家电网公司 Method and device for detecting defects of Java source codes
CN104583949A (en) * 2012-08-16 2015-04-29 高通股份有限公司 Pre-processing of scripts in web browsers
CN104978525A (en) * 2014-11-18 2015-10-14 哈尔滨安天科技股份有限公司 Heuristic script detection method and system based on structured exception
CN105072045A (en) * 2015-08-10 2015-11-18 济南大学 Wireless router capable of discovering malicious software network behaviors
CN105468972A (en) * 2015-11-17 2016-04-06 四川神琥科技有限公司 Mobile terminal file detection method
CN106650450A (en) * 2016-12-29 2017-05-10 哈尔滨安天科技股份有限公司 Malicious script heuristic detection method and system based on code fingerprint identification
CN106778278A (en) * 2017-02-15 2017-05-31 中国科学院信息工程研究所 A kind of malice document detection method and device
CN106845227A (en) * 2016-12-27 2017-06-13 哈尔滨安天科技股份有限公司 A kind of malicious script detection method and system based on ragel state machines
CN106911814A (en) * 2017-05-11 2017-06-30 成都四象联创科技有限公司 Large-scale data distributed storage method

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101816148A (en) * 2007-08-06 2010-08-25 伯纳德·德莫森纳特 Be used to verify, data transmit and the system and method for protection against phishing
CN101901221A (en) * 2009-05-27 2010-12-01 北京启明星辰信息技术股份有限公司 Method and device for detecting cross site scripting
CN103164331A (en) * 2011-12-15 2013-06-19 阿里巴巴集团控股有限公司 Vulnerability detecting method and device of application program
CN104583949A (en) * 2012-08-16 2015-04-29 高通股份有限公司 Pre-processing of scripts in web browsers
CN103425930A (en) * 2012-12-27 2013-12-04 北京安天电子设备有限公司 Online real-time script detecting method and online real-time script detecting system
CN103577755A (en) * 2013-11-01 2014-02-12 浙江工业大学 Malicious script static detection method based on SVM (support vector machine)
CN104021084A (en) * 2014-06-19 2014-09-03 国家电网公司 Method and device for detecting defects of Java source codes
CN104978525A (en) * 2014-11-18 2015-10-14 哈尔滨安天科技股份有限公司 Heuristic script detection method and system based on structured exception
CN105072045A (en) * 2015-08-10 2015-11-18 济南大学 Wireless router capable of discovering malicious software network behaviors
CN105468972A (en) * 2015-11-17 2016-04-06 四川神琥科技有限公司 Mobile terminal file detection method
CN106845227A (en) * 2016-12-27 2017-06-13 哈尔滨安天科技股份有限公司 A kind of malicious script detection method and system based on ragel state machines
CN106650450A (en) * 2016-12-29 2017-05-10 哈尔滨安天科技股份有限公司 Malicious script heuristic detection method and system based on code fingerprint identification
CN106778278A (en) * 2017-02-15 2017-05-31 中国科学院信息工程研究所 A kind of malice document detection method and device
CN106911814A (en) * 2017-05-11 2017-06-30 成都四象联创科技有限公司 Large-scale data distributed storage method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张慧琳: "基于分隔符的跨站脚本攻击防御方法", 《北京大学学报(自然科学版)》 *

Similar Documents

Publication Publication Date Title
KR101543237B1 (en) Apparatus, system and method for detecting and preventing a malicious script by static analysis using code pattern and dynamic analysis using API flow
US8499354B1 (en) Preventing malware from abusing application data
US9348998B2 (en) System and methods for detecting harmful files of different formats in virtual environments
US20180084003A1 (en) Method and system for injecting javascript into a web page
US20140053267A1 (en) Method for identifying malicious executables
TWI396995B (en) Method and system for cleaning malicious software and computer program product and storage medium
US20160070911A1 (en) Rapid malware inspection of mobile applications
US20120167120A1 (en) Detecting a return-oriented programming exploit
US10216934B2 (en) Inferential exploit attempt detection
US8176556B1 (en) Methods and systems for tracing web-based attacks
US8256000B1 (en) Method and system for identifying icons
KR20170068814A (en) Apparatus and Method for Recognizing Vicious Mobile App
CN103473346A (en) Android re-packed application detection method based on application programming interface
CN103778373A (en) Virus detection method and device
US9038161B2 (en) Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor
JP2012234401A (en) Application analysis device and program
CN108319850B (en) Sandbox detection method, sandbox system and sandbox equipment
CN105389508A (en) Detection method and apparatus for re-packaged Android application
CN105095759A (en) File detection method and device
CN107103243B (en) Vulnerability detection method and device
CN114091031A (en) Class loading protection method and device based on white rule
CN107180194B (en) Method and device for vulnerability detection based on visual analysis system
US10880316B2 (en) Method and system for determining initial execution of an attack
CN108229168B (en) Heuristic detection method, system and storage medium for nested files
CN103390129B (en) Detect the method and apparatus of security of uniform resource locator

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road)

Applicant after: Antan Technology Group Co.,Ltd.

Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road)

Applicant before: Harbin Antian Science and Technology Group Co.,Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200207