Poison Ivy Malware Analysis | FireEye
Common Information
Type | Value |
---|---|
UUID | 13c475de-372b-4283-8f8e-723d8add37c3 |
Fingerprint | b3eaf7f599a92a25ec705236db232f0ae864144cadfa2f7003ec38f5bddd0ec2 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Aug. 30, 2014, 2:10 a.m. |
Added to db | Nov. 29, 2024, 5:27 p.m. |
Last updated | Nov. 29, 2024, 5:30 p.m. |
Headline | Poison Ivy Malware Analysis | FireEye |
Title | Poison Ivy Malware Analysis | FireEye |
Detected Hints/Tags/Attributes | 138/3/135 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.mandiant.com/sites/default/files/2021-09/rpt-poison-ivy.pdf |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 189 | cve-2012-0158 |
|
Details | CVE | 47 | cve-2009-4324 |
|
Details | CVE | 27 | cve-2013-0422 |
|
Details | CVE | 37 | cve-2011-3544 |
|
Details | CVE | 85 | cve-2010-3333 |
|
Details | Domain | 200 | www.fireeye.com |
|
Details | Domain | 4722 | github.com |
|
Details | Domain | 1 | www.poisonivy-rat.com |
|
Details | Domain | 5 | debugger.immunityinc.com |
|
Details | Domain | 19 | opensource.org |
|
Details | Domain | 82 | code.google.com |
|
Details | Domain | 1 | sox.sourceforge.net |
|
Details | Domain | 2 | poisonivy.py |
|
Details | Domain | 4 | www.volatilesystems.com |
|
Details | Domain | 40 | ntdetect.com |
|
Details | Domain | 1 | www.webserver.dynssl.com |
|
Details | Domain | 1 | webserver.freetcp.com |
|
Details | Domain | 3 | byinter.net |
|
Details | Domain | 1 | microsoftb.byinter.net |
|
Details | Domain | 1 | microsofte.byinter.net |
|
Details | Domain | 1 | webserver.fartit.com |
|
Details | Domain | 1 | freetcp.com |
|
Details | Domain | 1 | www.webserver.fartit.com |
|
Details | Domain | 1 | www.webserver.freetcp.com |
|
Details | Domain | 1 | kr.iphone.qpoe.com |
|
Details | Domain | 1 | nkr.iphone.qpoe.com |
|
Details | Domain | 1 | ct.toh.info |
|
Details | Domain | 2 | js001.3322.org |
|
Details | Domain | 1 | cmdnetview.com |
|
Details | Domain | 3 | apple.cmdnetview.com |
|
Details | Domain | 2 | xicp.net |
|
Details | Domain | 1 | autuo.xicp.net |
|
Details | Domain | 1 | tw.2012yearleft.com |
|
Details | Domain | 1 | 2012yearleft.com |
|
Details | Domain | 1297 | gmail.com |
|
Details | Domain | 1 | dedydns.ns01.us |
|
Details | Domain | 1 | maofajapa.3322.org |
|
Details | Domain | 1 | send.have8000.com |
|
Details | Domain | 1 | have8000.com |
|
Details | Domain | 1 | fbi.zyns.com |
|
Details | Domain | 1 | weile3322b.3322.org |
|
Details | Domain | 1 | ngcc.8800.org |
|
Details | Domain | 1 | sh.chromeenter.com |
|
Details | Domain | 2 | jj.mysecondarydns.com |
|
Details | Domain | 1 | mf.ddns.info |
|
Details | Domain | 1 | av.ddns.us |
|
Details | Domain | 1 | mongoles.3322.org |
|
Details | Domain | 1 | wubangtu.info |
|
Details | Domain | 1 | 3q.wubangtu.info |
|
Details | Domain | 39 | fireeye.com |
|
Details | 2 | zhengyanbin8@gmail.com |
||
Details | 17 | info@fireeye.com |
||
Details | File | 1349 | explorer.exe |
|
Details | File | 2 | poisonivy.py |
|
Details | File | 1 | c:\gsecdump.exe |
|
Details | File | 1 | file-1-gsecdump.exe |
|
Details | File | 1 | gsecdump.exe |
|
Details | File | 67 | hash.txt |
|
Details | File | 118 | autoexec.bat |
|
Details | File | 127 | boot.ini |
|
Details | File | 65 | config.sys |
|
Details | File | 39 | io.sys |
|
Details | File | 17 | msdos.sys |
|
Details | File | 58 | pagefile.sys |
|
Details | File | 1 | c:\hash.txt |
|
Details | File | 1 | file-2-hash.txt |
|
Details | File | 1 | pi-extracted-file-3-screenshot.bmp |
|
Details | File | 6 | toh.inf |
|
Details | File | 1 | strategy_meeting.exe |
|
Details | File | 13 | form.exe |
|
Details | File | 1 | november_2012.exe |
|
Details | File | 8 | ddns.inf |
|
Details | File | 1 | wubangtu.inf |
|
Details | Github username | 27 | fireeye |
|
Details | Github username | 4 | mitrecnd |
|
Details | md5 | 1 | 808e21d6efa2884811fbd0adf67fda78 |
|
Details | md5 | 1 | 8010cae3e8431bb11ed6dc9acabb93b7 |
|
Details | md5 | 1 | 0323de551aa10ca6221368c4a73732e6 |
|
Details | md5 | 1 | 8002debc47e04d534b45f7bb7dfcab4d |
|
Details | md5 | 1 | 55a3b2656ceac2ba6257b6e39f4a5b5a |
|
Details | md5 | 1 | b08694e14a9b966d8033b42b58ab727d |
|
Details | md5 | 1 | d8c00fed6625e5f8d0b8188a5caac115 |
|
Details | md5 | 1 | b1deff736b6d12b8d98b485e20d318ea |
|
Details | md5 | 1 | 08709f35581e0958d1ca4e50b7d86dba |
|
Details | md5 | 1 | cf8094c07c15aa394dddd4eca4aa8c8b |
|
Details | md5 | 1 | 410eeaa18dbec01a27c5b41753b3c7ed |
|
Details | md5 | 1 | b2dc98caa647e64a2a8105c298218462 |
|
Details | md5 | 1 | 68fec995a13762184a2616bda86757f8 |
|
Details | md5 | 1 | 39a59411e7b12236c0b4351168fb47ce |
|
Details | md5 | 1 | f5315fb4a654087d30c69c768d80f826 |
|
Details | md5 | 1 | e6ca06e9b000933567a8604300094a85 |
|
Details | md5 | 1 | 56cff0d0e0ce486aa0b9e4bc0bf2a141 |
|
Details | md5 | 1 | 60963553335fa5877bd5f9be9d8b23a6 |
|
Details | md5 | 1 | 6d989302166ba1709d66f90066c2fd59 |
|
Details | md5 | 1 | 4bc6cab128f623f34bb97194da21d7b6 |
|
Details | md5 | 1 | 4e84b1448cf96fabe88c623b222057c4 |
|
Details | md5 | 1 | 494e65cf21ad559fccf3dacdd69acc94 |
|
Details | md5 | 1 | a5965b750997dbecec61358d41ac93c7 |
|
Details | md5 | 1 | e62584c9cd15c3fa2b6ed0f3a34688ab |
|
Details | IPv4 | 8 | 192.168.0.12 |
|
Details | IPv4 | 7 | 192.168.0.15 |
|
Details | IPv4 | 165 | 255.255.255.0 |
|
Details | IPv4 | 151 | 192.168.0.1 |
|
Details | IPv4 | 2 | 219.76.208.163 |
|
Details | IPv4 | 1 | 113.10.246.30 |
|
Details | IPv4 | 1 | 219.90.112.203 |
|
Details | IPv4 | 1 | 202.65.220.64 |
|
Details | IPv4 | 1 | 75.126.95.138 |
|
Details | IPv4 | 1 | 219.90.112.197 |
|
Details | IPv4 | 1 | 202.65.222.45 |
|
Details | IPv4 | 1 | 98.126.148.114 |
|
Details | IPv4 | 1 | 180.210.206.96 |
|
Details | IPv4 | 1 | 101.78.151.179 |
|
Details | IPv4 | 1 | 60.10.1.0 |
|
Details | IPv4 | 1 | 60.10.1.120 |
|
Details | IPv4 | 1 | 60.10.1.115 |
|
Details | IPv4 | 1 | 60.10.1.121 |
|
Details | IPv4 | 1 | 60.10.1.114 |
|
Details | IPv4 | 1 | 60.1.1.114 |
|
Details | IPv4 | 1 | 60.10.1.118 |
|
Details | IPv4 | 1 | 60.2.148.167 |
|
Details | IPv4 | 1 | 54.241.8.84 |
|
Details | IPv4 | 1 | 123.183.210.28 |
|
Details | Threat Actor Identifier - APT | 126 | APT1 |
|
Details | Url | 1 | https://github.com/fireeye/pycommands |
|
Details | Url | 1 | https://github.com/fireeye/chopshop |
|
Details | Url | 2 | https://github.com/mitrecnd/chopshop. |
|
Details | Url | 1 | http://debugger.immunityinc.com/. |
|
Details | Url | 1 | http://opensource.org/licenses/bsd-2-clause. |
|
Details | Url | 1 | https://code.google.com/p/camcrypt/. |
|
Details | Url | 1 | http://sox.sourceforge.net/. |
|
Details | Url | 2 | http://code.google.com/p/volatility |
|
Details | Url | 1 | https://www.volatilesystems |
|
Details | Url | 1 | https://www.volatilesystems.com/default/volatility. |
|
Details | Url | 1 | http://www.truesec |