Poison Ivy Malware Analysis | FireEye
Image Description
Common Information
Type Value
UUID 13c475de-372b-4283-8f8e-723d8add37c3
Fingerprint b3eaf7f599a92a25ec705236db232f0ae864144cadfa2f7003ec38f5bddd0ec2
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 30, 2014, 2:10 a.m.
Added to db Nov. 29, 2024, 5:27 p.m.
Last updated Nov. 29, 2024, 5:30 p.m.
Headline Poison Ivy Malware Analysis | FireEye
Title Poison Ivy Malware Analysis | FireEye
Detected Hints/Tags/Attributes 138/3/135
Attributes
Details Type #Events CTI Value
Details CVE 189
cve-2012-0158
Details CVE 47
cve-2009-4324
Details CVE 27
cve-2013-0422
Details CVE 37
cve-2011-3544
Details CVE 85
cve-2010-3333
Details Domain 200
www.fireeye.com
Details Domain 4722
github.com
Details Domain 1
www.poisonivy-rat.com
Details Domain 5
debugger.immunityinc.com
Details Domain 19
opensource.org
Details Domain 82
code.google.com
Details Domain 1
sox.sourceforge.net
Details Domain 2
poisonivy.py
Details Domain 4
www.volatilesystems.com
Details Domain 40
ntdetect.com
Details Domain 1
www.webserver.dynssl.com
Details Domain 1
webserver.freetcp.com
Details Domain 3
byinter.net
Details Domain 1
microsoftb.byinter.net
Details Domain 1
microsofte.byinter.net
Details Domain 1
webserver.fartit.com
Details Domain 1
freetcp.com
Details Domain 1
www.webserver.fartit.com
Details Domain 1
www.webserver.freetcp.com
Details Domain 1
kr.iphone.qpoe.com
Details Domain 1
nkr.iphone.qpoe.com
Details Domain 1
ct.toh.info
Details Domain 2
js001.3322.org
Details Domain 1
cmdnetview.com
Details Domain 3
apple.cmdnetview.com
Details Domain 2
xicp.net
Details Domain 1
autuo.xicp.net
Details Domain 1
tw.2012yearleft.com
Details Domain 1
2012yearleft.com
Details Domain 1297
gmail.com
Details Domain 1
dedydns.ns01.us
Details Domain 1
maofajapa.3322.org
Details Domain 1
send.have8000.com
Details Domain 1
have8000.com
Details Domain 1
fbi.zyns.com
Details Domain 1
weile3322b.3322.org
Details Domain 1
ngcc.8800.org
Details Domain 1
sh.chromeenter.com
Details Domain 2
jj.mysecondarydns.com
Details Domain 1
mf.ddns.info
Details Domain 1
av.ddns.us
Details Domain 1
mongoles.3322.org
Details Domain 1
wubangtu.info
Details Domain 1
3q.wubangtu.info
Details Domain 39
fireeye.com
Details Email 2
zhengyanbin8@gmail.com
Details Email 17
info@fireeye.com
Details File 1349
explorer.exe
Details File 2
poisonivy.py
Details File 1
c:\gsecdump.exe
Details File 1
file-1-gsecdump.exe
Details File 1
gsecdump.exe
Details File 67
hash.txt
Details File 118
autoexec.bat
Details File 127
boot.ini
Details File 65
config.sys
Details File 39
io.sys
Details File 17
msdos.sys
Details File 58
pagefile.sys
Details File 1
c:\hash.txt
Details File 1
file-2-hash.txt
Details File 1
pi-extracted-file-3-screenshot.bmp
Details File 6
toh.inf
Details File 1
strategy_meeting.exe
Details File 13
form.exe
Details File 1
november_2012.exe
Details File 8
ddns.inf
Details File 1
wubangtu.inf
Details Github username 27
fireeye
Details Github username 4
mitrecnd
Details md5 1
808e21d6efa2884811fbd0adf67fda78
Details md5 1
8010cae3e8431bb11ed6dc9acabb93b7
Details md5 1
0323de551aa10ca6221368c4a73732e6
Details md5 1
8002debc47e04d534b45f7bb7dfcab4d
Details md5 1
55a3b2656ceac2ba6257b6e39f4a5b5a
Details md5 1
b08694e14a9b966d8033b42b58ab727d
Details md5 1
d8c00fed6625e5f8d0b8188a5caac115
Details md5 1
b1deff736b6d12b8d98b485e20d318ea
Details md5 1
08709f35581e0958d1ca4e50b7d86dba
Details md5 1
cf8094c07c15aa394dddd4eca4aa8c8b
Details md5 1
410eeaa18dbec01a27c5b41753b3c7ed
Details md5 1
b2dc98caa647e64a2a8105c298218462
Details md5 1
68fec995a13762184a2616bda86757f8
Details md5 1
39a59411e7b12236c0b4351168fb47ce
Details md5 1
f5315fb4a654087d30c69c768d80f826
Details md5 1
e6ca06e9b000933567a8604300094a85
Details md5 1
56cff0d0e0ce486aa0b9e4bc0bf2a141
Details md5 1
60963553335fa5877bd5f9be9d8b23a6
Details md5 1
6d989302166ba1709d66f90066c2fd59
Details md5 1
4bc6cab128f623f34bb97194da21d7b6
Details md5 1
4e84b1448cf96fabe88c623b222057c4
Details md5 1
494e65cf21ad559fccf3dacdd69acc94
Details md5 1
a5965b750997dbecec61358d41ac93c7
Details md5 1
e62584c9cd15c3fa2b6ed0f3a34688ab
Details IPv4 8
192.168.0.12
Details IPv4 7
192.168.0.15
Details IPv4 165
255.255.255.0
Details IPv4 151
192.168.0.1
Details IPv4 2
219.76.208.163
Details IPv4 1
113.10.246.30
Details IPv4 1
219.90.112.203
Details IPv4 1
202.65.220.64
Details IPv4 1
75.126.95.138
Details IPv4 1
219.90.112.197
Details IPv4 1
202.65.222.45
Details IPv4 1
98.126.148.114
Details IPv4 1
180.210.206.96
Details IPv4 1
101.78.151.179
Details IPv4 1
60.10.1.0
Details IPv4 1
60.10.1.120
Details IPv4 1
60.10.1.115
Details IPv4 1
60.10.1.121
Details IPv4 1
60.10.1.114
Details IPv4 1
60.1.1.114
Details IPv4 1
60.10.1.118
Details IPv4 1
60.2.148.167
Details IPv4 1
54.241.8.84
Details IPv4 1
123.183.210.28
Details Threat Actor Identifier - APT 126
APT1
Details Url 1
https://github.com/fireeye/pycommands
Details Url 1
https://github.com/fireeye/chopshop
Details Url 2
https://github.com/mitrecnd/chopshop.
Details Url 1
http://debugger.immunityinc.com/.
Details Url 1
http://opensource.org/licenses/bsd-2-clause.
Details Url 1
https://code.google.com/p/camcrypt/.
Details Url 1
http://sox.sourceforge.net/.
Details Url 2
http://code.google.com/p/volatility
Details Url 1
https://www.volatilesystems
Details Url 1
https://www.volatilesystems.com/default/volatility.
Details Url 1
http://www.truesec