Operation Dust Storm
Common Information
| Type | Value |
|---|---|
| UUID | 20990c8a-c995-4322-aac6-f1c3a054fdfb |
| Fingerprint | c9b9df416a36c678f5e9d2e8ca86f43bc016a298384da9ba4d2cf055fae4ceb7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 22, 2016, 9:39 p.m. |
| Added to db | March 10, 2024, 2:28 a.m. |
| Last updated | Aug. 31, 2024, 8 a.m. |
| Headline | Operation Dust Storm |
| Title | Operation Dust Storm |
| Detected Hints/Tags/Attributes | 150/3/333 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 3 | cve-2011-1255 |
|
| Details | CVE | 32 | cve-2011-0611 |
|
| Details | CVE | 27 | cve-2014-0322 |
|
| Details | Domain | 3 | www.noip.com |
|
| Details | Domain | 1 | www.oray.com |
|
| Details | Domain | 1 | www.pubyun.com |
|
| Details | Domain | 1 | 323332.3322.org |
|
| Details | Domain | 1 | 1stone.zapto.org |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 1 | honeywells.tk |
|
| Details | Domain | 113 | www.usenix.org |
|
| Details | Domain | 1 | msevpn.3322.org |
|
| Details | Domain | 22 | 126.com |
|
| Details | Domain | 1 | amazonwikis.com |
|
| Details | Domain | 1 | sfcorporation.com |
|
| Details | Domain | 1 | adobeus.com |
|
| Details | Domain | 1 | adobekr.com |
|
| Details | Domain | 1 | moviestops.com |
|
| Details | Domain | 1 | login.live.adobekr.com |
|
| Details | Domain | 1 | login.live.wih365.com |
|
| Details | Domain | 1 | yahoomail.adobeus.com |
|
| Details | Domain | 1 | mail.glkjcorp.com |
|
| Details | Domain | 1 | glkjcorp.com |
|
| Details | Domain | 179 | hotmail.com |
|
| Details | Domain | 54 | www.ahnlab.com |
|
| Details | Domain | 5 | secunewsview.do |
|
| Details | Domain | 1 | flash.movie |
|
| Details | Domain | 1 | tomshardpc.com |
|
| Details | Domain | 1 | wordoscorp.com |
|
| Details | Domain | 85 | 163.com |
|
| Details | Domain | 1 | projectscorp.net |
|
| Details | Domain | 6 | 21cn.com |
|
| Details | Domain | 1 | elecarrow.com |
|
| Details | Domain | 1 | hkabinc.com |
|
| Details | Domain | 158 | aol.com |
|
| Details | Domain | 1 | exemail.com |
|
| Details | Domain | 1 | sslmails.com |
|
| Details | Domain | 1 | mail.glkcorp.com |
|
| Details | Domain | 184 | www.fireeye.com |
|
| Details | Domain | 1 | bz.tao123.biz |
|
| Details | Domain | 1 | js.amazonwikis.com |
|
| Details | Domain | 44 | www.bloomberg.com |
|
| Details | Domain | 1 | gifas.cechire.com |
|
| Details | Domain | 1 | goddess.nexon.com.au |
|
| Details | Domain | 1 | java.ree.pl |
|
| Details | Domain | 1 | jcsh-web.com.cn |
|
| Details | Domain | 1 | naedco.com |
|
| Details | Domain | 1 | songwol.co.kr |
|
| Details | Domain | 1 | spacexmt.spacedevcoop.com |
|
| Details | Domain | 1 | tavis.tw |
|
| Details | Domain | 1 | www.jcsh-web.com.cn |
|
| Details | Domain | 1 | www.toisengyo.jp |
|
| Details | Domain | 102 | sourceforge.net |
|
| Details | Domain | 1 | msejake.7766.org |
|
| Details | Domain | 1 | smtp.adobekr.com |
|
| Details | Domain | 1 | auto.glkjcorp.com |
|
| Details | Domain | 1 | ssl.projectscorp.net |
|
| Details | Domain | 1 | pic.elecarrow.com |
|
| Details | Domain | 1 | ectscorp.net |
|
| Details | Domain | 5 | ow.com |
|
| Details | Domain | 1 | www.zlib.net |
|
| Details | Domain | 1 | bcsr.wordoscorp.com |
|
| Details | Domain | 1 | dpc.com |
|
| Details | Domain | 1 | 10bfym.8800.org |
|
| Details | Domain | 1 | 10kjd.amazonwikis.com |
|
| Details | Domain | 1 | aqyj.tomshardpc.com |
|
| Details | Domain | 1 | b3fk.sfcorporation.com |
|
| Details | Domain | 1 | bdgs.amazonwikis.com |
|
| Details | Domain | 1 | bdt.wordoscorp.com |
|
| Details | Domain | 1 | bfym2.amazonwikis.com |
|
| Details | Domain | 1 | blog.adobeus.com |
|
| Details | Domain | 1 | blog.amazonwikis.com |
|
| Details | Domain | 1 | blog.sfcorporation.com |
|
| Details | Domain | 1 | blog.wih365.com |
|
| Details | Domain | 1 | books.sfcorporation.com |
|
| Details | Domain | 1 | bybf.amazonwikis.com |
|
| Details | Domain | 1 | bygs.sfcorporation.com |
|
| Details | Domain | 1 | cbgs.sfcorporation.com |
|
| Details | Domain | 1 | cdic.sfcorporation.com |
|
| Details | Domain | 1 | cxks.amazonwikis.com |
|
| Details | Domain | 1 | d2ch.sfcorporation.com |
|
| Details | Domain | 1 | dgfk.sfcorporation.com |
|
| Details | Domain | 1 | dghk.sfcorporation.com |
|
| Details | Domain | 1 | down.adobeus.com |
|
| Details | Domain | 1 | ekzy.gmnspace.com |
|
| Details | Domain | 1 | en.amazonwikis.com |
|
| Details | Domain | 1 | exemail.net |
|
| Details | Domain | 1 | flash.adobeus.com |
|
| Details | Domain | 1 | fngs.adobeus.com |
|
| Details | Domain | 1 | fsw.adobeus.com |
|
| Details | Domain | 1 | gde.moviestops.com |
|
| Details | Domain | 1 | ghlc.adobeus.com |
|
| Details | Domain | 1 | gmnspace.com |
|
| Details | Domain | 1 | guhk.moviestops.com |
|
| Details | Domain | 1 | health.dns1.us |
|
| Details | Domain | 1 | hglg.wordoscorp.com |
|
| Details | Domain | 1 | hjxt.sfcorporation.com |
|
| Details | Domain | 1 | hkmj.amazonwikis.com |
|
| Details | Domain | 1 | home.sfcorporation.com |
|
| Details | Domain | 1 | hsjs.wordoscorp.com |
|
| Details | Domain | 1 | hsy.moviestops.com |
|
| Details | Domain | 1 | iccbhhjdgb.adobeus.com |
|
| Details | Domain | 1 | image.amazonwikis.com |
|
| Details | Domain | 1 | image.hkabinc.com |
|
| Details | Domain | 1 | imnothk.8800.org |
|
| Details | Domain | 1 | jggs.sfcorporation.com |
|
| Details | Domain | 1 | jiaoshow.9966.org |
|
| Details | Domain | 1 | jnhs.tomshardpc.com |
|
| Details | Domain | 1 | jrfw.amazonwikis.com |
|
| Details | Domain | 1 | jrgs.sfcorporation.com |
|
| Details | Domain | 1 | js.95nb.co.cc |
|
| Details | Domain | 1 | js.adobekr.com |
|
| Details | Domain | 1 | js.exemail.net |
|
| Details | Domain | 1 | kb1gs.sfcorporation.com |
|
| Details | Domain | 1 | kersperskey.8800.org |
|
| Details | Domain | 1 | kj.uuvod.net |
|
| Details | Domain | 1 | krgt.tomshardpc.com |
|
| Details | Domain | 1 | lhbf.adobeus.com |
|
| Details | Domain | 1 | login.adobekr.com |
|
| Details | Domain | 1 | login.wih365.com |
|
| Details | Domain | 1 | mail.adobekr.com |
|
| Details | Domain | 1 | mail.projectscorp.net |
|
| Details | Domain | 1 | mailxss.9966.org |
|
| Details | Domain | 1 | mesdata.8866.org |
|
| Details | Domain | 1 | microbing.oicp.net |
|
| Details | Domain | 1 | microses.9966.org |
|
| Details | Domain | 1 | microupdate.8800.org |
|
| Details | Domain | 1 | microwmies.oicp.net |
|
| Details | Domain | 1 | mobile.yqby.wordoscorp.com |
|
| Details | Domain | 1 | mocrosoftds.xicp.net |
|
| Details | Domain | 1 | modeless.3322.org |
|
| Details | Domain | 1 | movie.sfcorporation.com |
|
| Details | Domain | 1 | music.sfcorporation.com |
|
| Details | Domain | 1 | net.amazonwikis.com |
|
| Details | Domain | 1 | news.amazonwikis.com |
|
| Details | Domain | 1 | news.elecarrow.com |
|
| Details | Domain | 1 | news.sfcorporation.com |
|
| Details | Domain | 1 | nttvps.gnway.net |
|
| Details | Domain | 1 | pic.glkjcorp.com |
|
| Details | Domain | 1 | pic.hkabinc.com |
|
| Details | Domain | 1 | pics.adobeus.com |
|
| Details | Domain | 1 | pics.amazonwikis.com |
|
| Details | Domain | 1 | qsgs.sfcorporation.com |
|
| Details | Domain | 1 | rbjg.moviestops.com |
|
| Details | Domain | 1 | rbny.sfcorporation.com |
|
| Details | Domain | 1 | rbxr.tomshardpc.com |
|
| Details | Domain | 1 | rjby.tomshardpc.com |
|
| Details | Domain | 1 | rjjh.wordoscorp.com |
|
| Details | Domain | 1 | rmax.amazonwikis.com |
|
| Details | Domain | 1 | ruag.amazonwikis.com |
|
| Details | Domain | 1 | sane.adobeus.com |
|
| Details | Domain | 1 | sdj2b.3322.org |
|
| Details | Domain | 1 | sgad.sfcorporation.com |
|
| Details | Domain | 1 | showjiao.imzone.in |
|
| Details | Domain | 1 | showshow.7766.org |
|
| Details | Domain | 1 | smgs.amazonwikis.com |
|
| Details | Domain | 1 | sport.sfcorporation.com |
|
| Details | Domain | 1 | ssl.elecarrow.com |
|
| Details | Domain | 1 | ssl.exemail.net |
|
| Details | Domain | 1 | ssl.gmnspace.com |
|
| Details | Domain | 1 | ssl.sfcorporation.com |
|
| Details | Domain | 1 | sybf.adobeus.com |
|
| Details | Domain | 1 | tcgs.adobeus.com |
|
| Details | Domain | 1 | tdfg.moviestops.com |
|
| Details | Domain | 1 | tech.amazonwikis.com |
|
| Details | Domain | 1 | test.uuvod.net |
|
| Details | Domain | 1 | tqsj.sfcorporation.com |
|
| Details | Domain | 1 | tzcl.sfcorporation.com |
|
| Details | Domain | 1 | tzz.exemail.net |
|
| Details | Domain | 1 | up.adobekr.com |
|
| Details | Domain | 1 | update.adobekr.com |
|
| Details | Domain | 1 | update.adobeus.com |
|
| Details | Domain | 1 | uworks.sfcorporation.com |
|
| Details | Domain | 1 | video.sfcorporation.com |
|
| Details | Domain | 1 | vod.amazonwikis.com |
|
| Details | Domain | 1 | vod.sfcorporation.com |
|
| Details | Domain | 1 | vpntemp.3322.org |
|
| Details | Domain | 1 | wbjs.sfcorporation.com |
|
| Details | Domain | 1 | web.sfcorporation.com |
|
| Details | Domain | 1 | wed.amazonwikis.com |
|
| Details | Domain | 1 | wih365.com |
|
| Details | Domain | 1 | wsxg.moviestops.com |
|
| Details | Domain | 1 | www.adobeus.com |
|
| Details | Domain | 1 | www.projectscorp.net |
|
| Details | Domain | 1 | www.wih365.com |
|
| Details | Domain | 1 | wxpb.sfcorporation.com |
|
| Details | Domain | 1 | xjgs.sfcorporation.com |
|
| Details | Domain | 1 | xkgs.sfcorporation.com |
|
| Details | Domain | 1 | xrgt.tomshardpc.com |
|
| Details | Domain | 1 | xrgt.wordoscorp.com |
|
| Details | Domain | 1 | yahoo.gmnspace.com |
|
| Details | Domain | 1 | ygfk.sfcorporation.com |
|
| Details | Domain | 1 | yhkj.sfcorporation.com |
|
| Details | Domain | 1 | yjbf.amazonwikis.com |
|
| Details | Domain | 1 | yjxy.sfcorporation.com |
|
| Details | Domain | 1 | yqby.wordoscorp.com |
|
| Details | Domain | 1 | zdzl.sfcorporation.com |
|
| Details | Domain | 1 | ziper.imbbs.in |
|
| Details | Domain | 1 | zpgx.tomshardpc.com |
|
| Details | File | 30 | www.pub |
|
| Details | File | 1 | 105484-moran.pdf |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 4 | deployjava.js |
|
| Details | File | 2 | flash.mov |
|
| Details | File | 1 | faq.htm |
|
| Details | File | 25 | win.exe |
|
| Details | File | 1 | units.html |
|
| Details | File | 1 | pic.html |
|
| Details | File | 2 | erido.jpg |
|
| Details | File | 1 | ree.pl |
|
| Details | File | 55 | msdtc.exe |
|
| Details | File | 31 | tmp.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 35 | index.asp |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | 2016757.aspx |
|
| Details | File | 1 | %windir%\system32\cryptpol.dll |
|
| Details | File | 1 | %appdata%\cryptpol.dll |
|
| Details | File | 1 | %appdata%\athmgmt.dll |
|
| Details | File | 1 | %appdata%\rasctl.dll |
|
| Details | File | 1 | %appdata%\rtcomdll.dll |
|
| Details | File | 1 | %appdata%\msnt.dll |
|
| Details | File | 1205 | index.php |
|
| Details | File | 1 | gde.mov |
|
| Details | File | 1 | guhk.mov |
|
| Details | File | 1 | hsy.mov |
|
| Details | File | 2 | js.exe |
|
| Details | File | 1 | rbjg.mov |
|
| Details | File | 2 | ssl.exe |
|
| Details | File | 1 | tdfg.mov |
|
| Details | File | 1 | tzz.exe |
|
| Details | File | 6 | v.exe |
|
| Details | File | 1 | wsxg.mov |
|
| Details | md5 | 1 | 63bd3f80387e3f2c7130bc3b36474c24 |
|
| Details | md5 | 1 | edca4f063161b25bfe0c90b378b9c19c |
|
| Details | md5 | 1 | 74ff3b246fde30bb3c14483279d4b003 |
|
| Details | md5 | 1 | 12038957e3956bf8682362044ddccf42 |
|
| Details | md5 | 1 | 38238f14d63d14075824cc9afd9a3b84 |
|
| Details | md5 | 1 | df9b9c2f1408ac440458196a9e690db6 |
|
| Details | md5 | 1 | 580c7ed2b624a0dfa749909d3e110704 |
|
| Details | md5 | 1 | 65bd310663d30fb6fe3532ad45d57b8a |
|
| Details | md5 | 1 | 4241a9371023e7452475117ff1fcd672 |
|
| Details | md5 | 1 | 62dab56bf1943b5e0c73ff2b2e41f876 |
|
| Details | md5 | 1 | bd56d32fbda703a98c87689c92325d90 |
|
| Details | md5 | 1 | 2978c6cfff1754c85a4a22b6a72dc9e6 |
|
| Details | md5 | 1 | 0b596b54e65ed5ab2c80b8bc259ca5dc |
|
| Details | md5 | 1 | 83399bd0e09b2c2886a58890bbbf6a8d |
|
| Details | md5 | 1 | 4e6cd3aa32b091045dd6739c637acfd5 |
|
| Details | md5 | 1 | bbc6d1b87352c3ae109b2c6c97baaf75 |
|
| Details | md5 | 1 | 85b80ed2aa871257f293a074d80eb64a |
|
| Details | md5 | 1 | 621ec74ec70c0cf1703f5f5adab23a67 |
|
| Details | IPv4 | 1 | 111.1.1.66 |
|
| Details | IPv4 | 1 | 125.46.42.221 |
|
| Details | IPv4 | 1 | 218.106.246.220 |
|
| Details | IPv4 | 1 | 218.106.246.195 |
|
| Details | IPv4 | 1 | 114.108.150.38 |
|
| Details | IPv4 | 1 | 126.85.184.190 |
|
| Details | IPv4 | 1 | 114.142.147.53 |
|
| Details | IPv4 | 1 | 59.120.59.2 |
|
| Details | IPv4 | 1 | 67.192.225.83 |
|
| Details | IPv4 | 1 | 98.129.119.156 |
|
| Details | IPv4 | 7 | 58.158.177.102 |
|
| Details | IPv4 | 1 | 6.9.2.1 |
|
| Details | IPv4 | 1 | 108.171.240.154 |
|
| Details | IPv4 | 1 | 111.67.199.213 |
|
| Details | IPv4 | 1 | 111.67.199.222 |
|
| Details | IPv4 | 1 | 112.175.69.60 |
|
| Details | IPv4 | 1 | 112.175.69.89 |
|
| Details | IPv4 | 1 | 112.218.71.202 |
|
| Details | IPv4 | 1 | 113.10.139.218 |
|
| Details | IPv4 | 1 | 113.10.168.22 |
|
| Details | IPv4 | 1 | 113.11.202.233 |
|
| Details | IPv4 | 1 | 116.255.131.152 |
|
| Details | IPv4 | 1 | 118.99.37.87 |
|
| Details | IPv4 | 1 | 118.193.163.143 |
|
| Details | IPv4 | 1 | 120.126.134.196 |
|
| Details | IPv4 | 1 | 120.31.68.42 |
|
| Details | IPv4 | 1 | 123.254.111.169 |
|
| Details | IPv4 | 1 | 124.162.53.203 |
|
| Details | IPv4 | 1 | 124.162.53.224 |
|
| Details | IPv4 | 1 | 126.125.35.247 |
|
| Details | IPv4 | 1 | 126.25.172.171 |
|
| Details | IPv4 | 1 | 126.25.201.73 |
|
| Details | IPv4 | 1 | 173.252.201.210 |
|
| Details | IPv4 | 1 | 175.41.23.181 |
|
| Details | IPv4 | 1 | 203.124.12.24 |
|
| Details | IPv4 | 1 | 203.124.12.59 |
|
| Details | IPv4 | 1 | 210.105.192.3 |
|
| Details | IPv4 | 1 | 210.209.116.105 |
|
| Details | IPv4 | 1 | 210.209.117.148 |
|
| Details | IPv4 | 1 | 210.209.117.235 |
|
| Details | IPv4 | 1 | 210.51.13.167 |
|
| Details | IPv4 | 1 | 211.22.125.58 |
|
| Details | IPv4 | 1 | 211.42.249.37 |
|
| Details | IPv4 | 1 | 218.106.246.177 |
|
| Details | IPv4 | 1 | 218.106.246.189 |
|
| Details | IPv4 | 1 | 218.106.246.222 |
|
| Details | IPv4 | 1 | 218.106.246.254 |
|
| Details | IPv4 | 1 | 218.106.247.81 |
|
| Details | IPv4 | 1 | 23.238.229.128 |
|
| Details | IPv4 | 1 | 27.255.72.68 |
|
| Details | IPv4 | 1 | 27.255.72.69 |
|
| Details | IPv4 | 1 | 27.255.72.78 |
|
| Details | IPv4 | 1 | 59.188.13.133 |
|
| Details | IPv4 | 1 | 59.188.13.137 |
|
| Details | IPv4 | 1 | 126.5.125.197 |
|
| Details | Threat Actor Identifier - APT | 115 | APT1 |
|
| Details | Url | 1 | https://www.usenix.org/system/files/login/articles |
|
| Details | Url | 1 | http://114.142.147.53/deployjava.js |
|
| Details | Url | 1 | http://59.120.59.2/eng/img/deployjava.js |
|
| Details | Url | 1 | http://67.192.225.83/us/deployjava.js |
|
| Details | Url | 1 | http://98.129.119.156/cfide/debug/includes/deployjava.js |
|
| Details | Url | 1 | http://gifas.cechire.com/fr/deployjava.js |
|
| Details | Url | 1 | http://goddess.nexon.com.au/inc/deployjava.js |
|
| Details | Url | 1 | http://java.ree.pl/meeting/deployjava.js |
|
| Details | Url | 1 | http://jcsh-web.com.cn/admin/inc/conn/deployjava.js |
|
| Details | Url | 1 | http://naedco.com/img/common/t/deployjava.js |
|
| Details | Url | 1 | http://songwol.co.kr/employee/deployjava.js |
|
| Details | Url | 1 | http://spacexmt.spacedevcoop.com/checkplayer/deployjava.js |
|
| Details | Url | 1 | http://tavis.tw/tmp/deployjava.js |
|
| Details | Url | 1 | http://www.jcsh-web.com.cn/admin/inc/conn/deployjava.js |
|
| Details | Url | 1 | http://www.toisengyo.jp/24/11/deployjava.js |
|
| Details | Url | 1 | http://pic.elecarrow.com:80//item/2016757.aspx |
|
| Details | Url | 1 | http://ssl.proj |
|
| Details | Windows Registry Key | 5 | HKLM\System\CurrentControlSet |
|
| Details | Windows Registry Key | 1 | HKCU\Software\dnimtsoleht\StubPath |
|
| Details | Windows Registry Key | 1 | HKCU\Software\snimtsOleht\StubPath |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Backtsaleht\StubPath |
|
| Details | Windows Registry Key | 3 | HKLM\SOFTWARE\Microsoft\Active |
|
| Details | Windows Registry Key | 1 | HKCU\Software\bkfouerioyou |
|
| Details | Windows Registry Key | 1 | HKCU\SOFTWARE\AdobeSoft |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 31 | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet |