ioc[.]one - OSINT Cyber Threat Intelligence Database

WHITE PAPER A Detailed Analysis of an Advanced Persistent Threat Malware

Show in Graph

Common Information

Type	Value
UUID	190a25e2-5326-48a8-b8d0-5a279e1fb97b
Fingerprint	c156b674f3c20aa08bfdbe9ba2fb4843e47e7abe322f234e26e2024f1bc50fce
Analysis status	DONE
Considered CTI value	1
Text language
Published	None
Added to db	March 21, 2024, 12:43 p.m.
Last updated	Aug. 31, 2024, 5:50 a.m.
Headline	WHITE PAPER A Detailed Analysis of an Advanced Persistent Threat Malware
Title	WHITE PAPER A Detailed Analysis of an Advanced Persistent Threat Malware
Detected Hints/Tags/Attributes	113/3/102

Source URLs

	Redirection	Url
Details	Source	https://sansorg.egnyte.com/dd/tEbL1JjJRS/

URL Provider

Details	Provider	Source level domain
Details	egnyte.com	sansorg.egnyte.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	wireshark.org
Details	Domain	2	test.3322.org.cn
Details	Domain	1	drive.cab
Details	Domain	103	www.mcafee.com
Details	Domain	7	taosecurity.blogspot.com
Details	Domain	102	sourceforge.net
Details	Domain	2	www.yesky.com
Details	Domain	1	forensics.sans.org
Details	Domain	2	www.bitsum.com
Details	Domain	29	www.techrepublic.com
Details	Domain	1	www.cgsoftlabs.ro
Details	Domain	16	www.hex-rays.com
Details	Domain	1	fasthorizon.blogspot.com
Details	Domain	1	espionageware.blogspot.com
Details	Domain	4	www.scmagazineus.com
Details	Domain	2	www.malwarecookbook.com
Details	Domain	182	www.mandiant.com
Details	Domain	11	upx.sourceforge.net
Details	Domain	212	technet.microsoft.com
Details	Domain	2	www.peid.info
Details	Domain	10	www.scribd.com
Details	Domain	52	www.wireshark.org
Details	Domain	7	www.ollydbg.de
Details	Domain	8	www.honeynet.org
Details	Domain	16	zeltser.com
Details	Domain	4	www.woodmann.com
Details	File	1	event.rar
Details	File	1	event.chm
Details	File	1	dg003_improve_8080_v132.exe
Details	File	1	dg003.exe
Details	File	1	msvcr.dll
Details	File	46	netstat.exe
Details	File	88	1.txt
Details	File	1	iecheck.exe
Details	File	1260	explorer.exe
Details	File	1	ipsecstap.dat
Details	File	23	sfc_os.dll
Details	File	1	c:\windows\inf\1.txt
Details	File	99	c:\windows\explorer.exe
Details	File	1	c:\windows\system32\ipsecstap.dat
Details	File	1	c:\windows\msip.ini
Details	File	1	fvcwin32.exe
Details	File	1	acvcwin32.exe
Details	File	1	avcwin32.exe
Details	File	1	20110704145735.bmp
Details	File	1	autolist.txt
Details	File	1	sam.dll
Details	File	57	system.dll
Details	File	1	iestorage.dll
Details	File	1	drive.cab
Details	File	1	iestorge.dll
Details	File	1	secret.dll
Details	File	1	iestoreage.dll
Details	File	1	svcwin32.exe
Details	File	3	wp-operation-shady-rat.pdf
Details	File	3	aboutwfp.asp
Details	File	1	bintext.aspx
Details	File	1	idadownfreeware.htm
Details	File	1	shady-rat-is-serious-business.html
Details	File	1	roadmap-of-apt-type-malware.html
Details	File	1	capturebat.html
Details	File	1	fileinsight.aspx
Details	File	2	peid.inf
Details	File	4	download.htm
Details	File	1204	index.php
Details	md5	1	4EC0027BEF4D7E1786A04D021FA8A67F
Details	IPv4	1	192.168.80.125
Details	IPv4	1	192.168.80.130
Details	IPv4	7	2.4.0.1
Details	IPv4	1	172.16.0.61
Details	Url	2	http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
Details	Url	1	http://taosecurity.blogspot.com/search?q=apt
Details	Url	1	http://sourceforge.net/projects/regshot
Details	Url	1	http://www.yesky.com/84/1942084.shtml
Details	Url	1	http://www.bitsum.com/aboutwfp.asp
Details	Url	1	http://www.mcafee.com/us/downloads/free-tools/bintext.aspx
Details	Url	1	http://www.techrepublic.com/blog/security/kaspersky-disputes-
Details	Url	1	http://www.cgsoftlabs.ro
Details	Url	1	http://www.hex-rays.com/idapro/idadownfreeware.htm
Details	Url	1	http://fasthorizon.blogspot.com/2011/08/shady-rat-is-serious-business.html
Details	Url	1	http://espionageware.blogspot.com/2011/09/attack-
Details	Url	1	http://www.scmagazineus.com/mcafee-
Details	Url	1	http://espionageware.blogspot.com/2011/08/behavioral-analysis-with-
Details	Url	2	http://www.malwarecookbook.com
Details	Url	1	http://www.mandiant.com/products/services/m-trends
Details	Url	1	http://www.mcafee.com/us/downloads/free-tools/fileinsight.aspx
Details	Url	7	http://upx.sourceforge.net
Details	Url	1	http://technet.microsoft.com/en-us/sysinternals/bb963902
Details	Url	2	http://technet.microsoft.com/en-us/sysinternals/bb896653
Details	Url	1	http://technet.microsoft.com/en-us/sysinternals/bb896645
Details	Url	1	http://technet.microsoft.com/en-us/sysinternals/bb896656
Details	Url	1	http://technet.microsoft.com/en-us/sysinternals/bb897437
Details	Url	1	http://technet.microsoft.com/en-us/sysinternals/dd535533
Details	Url	1	http://technet.microsoft.com/en-us/sysinternals/bb896657
Details	Url	1	http://www.peid.info
Details	Url	1	http://www.scribd.com/doc/13731776/tracking-
Details	Url	5	http://www.wireshark.org
Details	Url	1	http://www.ollydbg.de/download.htm
Details	Url	1	http://www.honeynet.org/node/315
Details	Url	1	http://zeltser.com/remnux
Details	Url	1	http://www.woodmann.com/collaborative/tools/index.php/malcode_analysis_pac
Details	Windows Registry Key	6	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer