APT1: technical backstage
Common Information
| Type | Value |
|---|---|
| UUID | 76d24652-44c9-4178-b43f-2397f1366968 |
| Fingerprint | e8a10ba6e3eb63c176971035cac6afc991e42b40fbd61c9bf22dc4a5716116fe |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 27, 2013, 8:32 a.m. |
| Added to db | April 14, 2024, 9:28 a.m. |
| Last updated | Aug. 31, 2024, 4:26 a.m. |
| Headline | APT1: technical backstage |
| Title | APT1: technical backstage |
| Detected Hints/Tags/Attributes | 129/2/163 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | intelreport.mandiant.com |
|
| Details | Domain | 13 | malware.lu |
|
| Details | Domain | 1 | rat.com |
|
| Details | Domain | 17 | datetime.datetime.now |
|
| Details | Domain | 1 | www.signal11.eu |
|
| Details | Domain | 3 | dev.metasploit.com |
|
| Details | Domain | 71 | www.openwall.com |
|
| Details | Domain | 79 | code.google.com |
|
| Details | Domain | 212 | technet.microsoft.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 29 | metasploit.com |
|
| Details | Domain | 3 | optbool.new |
|
| Details | Domain | 3 | optstring.new |
|
| Details | Domain | 1 | optint.new |
|
| Details | Domain | 1 | camellia.new |
|
| Details | Domain | 1 | sock.read |
|
| Details | Domain | 1 | www.malware.lu |
|
| Details | Domain | 1 | forum.nasm.us |
|
| Details | Domain | 1 | shellcode.py |
|
| Details | File | 36 | datetime.dat |
|
| Details | File | 1206 | index.php |
|
| Details | File | 1 | targeted_2010.pdf |
|
| Details | File | 1 | poisonivy_bof.rb |
|
| Details | File | 103 | test.txt |
|
| Details | File | 1 | p232.exe |
|
| Details | File | 1 | c:\vip\ivy\p232.exe |
|
| Details | File | 50 | alg.exe |
|
| Details | File | 3 | c:\windows\system32\alg.exe |
|
| Details | File | 119 | smss.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 99 | c:\windows\explorer.exe |
|
| Details | File | 165 | csrss.exe |
|
| Details | File | 9 | c:\windows\system32\csrss.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 11 | c:\windows\system32\winlogon.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 23 | c:\windows\system32\services.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 29 | c:\windows\system32\lsass.exe |
|
| Details | File | 40 | wuauclt.exe |
|
| Details | File | 9 | c:\windows\system32\wuauclt.exe |
|
| Details | File | 26 | vmacthlp.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 92 | c:\windows\system32\svchost.exe |
|
| Details | File | 28 | vmwaretray.exe |
|
| Details | File | 23 | cmdagent.exe |
|
| Details | File | 30 | vmwareuser.exe |
|
| Details | File | 36 | zhudongfangyu.exe |
|
| Details | File | 131 | spoolsv.exe |
|
| Details | File | 8 | c:\windows\system32\spoolsv.exe |
|
| Details | File | 63 | ctfmon.exe |
|
| Details | File | 4 | c:\windows\system32\ctfmon.exe |
|
| Details | File | 13 | vmwareservice.exe |
|
| Details | File | 1 | xport.exe |
|
| Details | File | 1 | c:\vip\cmd\xport.exe |
|
| Details | File | 7 | conime.exe |
|
| Details | File | 1 | c:\windows\system32\conime.exe |
|
| Details | File | 15 | cfp.exe |
|
| Details | File | 1 | list_ip.txt |
|
| Details | File | 1 | keyx.exe |
|
| Details | File | 1 | teeamware.log |
|
| Details | File | 1 | tmupdate.exe |
|
| Details | File | 3 | ggg.exe |
|
| Details | File | 1 | ggg64.exe |
|
| Details | File | 1 | iochttp.exe |
|
| Details | File | 1 | iochttp3.exe |
|
| Details | File | 1 | ippmin.exe |
|
| Details | File | 21 | m.exe |
|
| Details | File | 5 | map.exe |
|
| Details | File | 33 | nc.exe |
|
| Details | File | 1 | nc1.exe |
|
| Details | File | 1 | nc2.exe |
|
| Details | File | 55 | putty.exe |
|
| Details | File | 1 | pwdump.dll |
|
| Details | File | 1 | pwdump.exe |
|
| Details | File | 1 | shtrace.exe |
|
| Details | File | 4 | exp.exe |
|
| Details | File | 1 | getos.exe |
|
| Details | File | 9 | dump.exe |
|
| Details | File | 49 | nltest.exe |
|
| Details | File | 9 | 10%29.aspx |
|
| Details | File | 5 | pr.exe |
|
| Details | File | 13 | wget.exe |
|
| Details | File | 1 | c:\recycler\%computername%_base.dat |
|
| Details | File | 1 | c:\recycler\%computername%_filelist.dat |
|
| Details | File | 1 | c:\recycler\base.bat |
|
| Details | File | 12 | 6.exe |
|
| Details | File | 1 | wp-fakem-rat.pdf |
|
| Details | File | 2 | params.max |
|
| Details | File | 5 | c.bin |
|
| Details | File | 1 | hash.asm |
|
| Details | File | 1 | winutils.asm |
|
| Details | File | 1 | gen_conf.py |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 1 | shellcode.py |
|
| Details | File | 25 | main.exe |
|
| Details | File | 20 | shellcode.bin |
|
| Details | File | 1 | %.obj |
|
| Details | File | 1 | %.asm |
|
| Details | File | 4 | main.obj |
|
| Details | File | 1 | global.obj |
|
| Details | File | 1 | winutils.obj |
|
| Details | File | 2 | hash.obj |
|
| Details | md5 | 1 | 3d0760bbc1b8c0bc14e8510a66bf6d99 |
|
| Details | md5 | 1 | b31b9dd9d29330917627f9f916987f3c |
|
| Details | md5 | 1 | 1295f4a3659cb481b6ae051b61567d7d |
|
| Details | md5 | 1 | 3fd2c4507b23e26d427f89129b2476ac |
|
| Details | md5 | 1 | a476dd10d34064514af906fc37fc12a3 |
|
| Details | md5 | 1 | d91a6d50702822330acac8b36b15bb6c |
|
| Details | md5 | 1 | ffea249e19495e02d61aa52e981cebd8 |
|
| Details | md5 | 1 | 5b4d4d6d77954107d927eb1987dd43fb |
|
| Details | md5 | 1 | 266fbfd5cacfcac975e11a3dacd91923 |
|
| Details | md5 | 1 | ab41b1e2db77cebd9e2779110ee3915d |
|
| Details | md5 | 1 | 8be39ba7ced43bef5b523193d94320eb |
|
| Details | md5 | 1 | 2937e2b37d8bb3d9fe96ded7e6f763aa |
|
| Details | md5 | 1 | 9bb6826905965c13be1c84cc0ff83f42 |
|
| Details | md5 | 1 | 2aabd170dae5982e5d93dc6fd9f2723a |
|
| Details | md5 | 1 | 7a115108739c7d400b4e036fe995519f |
|
| Details | md5 | 1 | f140e0e9aab19fefb7e47d1ea2e7c560 |
|
| Details | md5 | 1 | a78cbc7d652955be49498ee9834e6a2d |
|
| Details | md5 | 1 | 40a3e68eafd50c02b076acf71d1569db |
|
| Details | md5 | 1 | 5682aa66f0d1566cf3b7e27946943b4f |
|
| Details | md5 | 1 | c16269c4a32062863b63a123951166d2 |
|
| Details | md5 | 1 | 669cef1b64aa530292cc823981c506f6 |
|
| Details | md5 | 1 | 380fe92c23f2028459f54cb289c3553f |
|
| Details | md5 | 1 | e258cf52ef4659ed816f3d084b3ec6c7 |
|
| Details | md5 | 1 | 71d3f12a947b4da2b7da3bee4193a110 |
|
| Details | md5 | 1 | a4ad1d1a512a7e00d2d4c843ef559a7a |
|
| Details | md5 | 1 | 53b77ada5498ef207d48a76243051a01 |
|
| Details | md5 | 1 | 98a65022855013588603b8bed1256d5e |
|
| Details | md5 | 1 | 57a9d084b7d016f776bfc78a2e76d03d |
|
| Details | md5 | 1 | 9fbea622b9a1361637e0b97d7dd34560 |
|
| Details | IPv4 | 2 | 113.10.246.0 |
|
| Details | IPv4 | 2 | 113.10.246.255 |
|
| Details | IPv4 | 1 | 202.65.220.0 |
|
| Details | IPv4 | 1 | 202.65.220.255 |
|
| Details | IPv4 | 1 | 202.67.215.0 |
|
| Details | IPv4 | 1 | 202.67.215.255 |
|
| Details | IPv4 | 2 | 210.3.0.0 |
|
| Details | IPv4 | 2 | 210.3.127.255 |
|
| Details | IPv4 | 1 | 219.76.239.216 |
|
| Details | IPv4 | 1 | 219.76.239.223 |
|
| Details | IPv4 | 1 | 70.39.64.0 |
|
| Details | IPv4 | 1 | 70.39.127.255 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 22 | 255.0.0.0 |
|
| Details | IPv4 | 1 | 192.168.164.128 |
|
| Details | IPv4 | 141 | 255.255.255.0 |
|
| Details | IPv4 | 2 | 192.168.0.45 |
|
| Details | IPv4 | 2 | 192.168.0.24 |
|
| Details | Threat Actor Identifier - APT | 115 | APT1 |
|
| Details | Url | 1 | http://intelreport.mandiant.com/. |
|
| Details | Url | 1 | http://www.poisonivy |
|
| Details | Url | 1 | http://www.signal11.eu/en/research/articles |
|
| Details | Url | 1 | http://dev.metasploit.com/redmine/projects/framework/repository/entry |
|
| Details | Url | 1 | http://www.openwall.com/john/. |
|
| Details | Url | 1 | https://code.google.com/p/spserver |
|
| Details | Url | 3 | http://technet.microsoft.com/en- |
|
| Details | Url | 6 | http://www.trendmicro.com/cloud- |
|
| Details | Url | 1 | https://192.168.0.24:8443 |
|
| Details | Url | 2 | http://metasploit.com |
|
| Details | Url | 1 | http://www.malware.lu |
|
| Details | Url | 1 | http://forum.nasm.us/index.php?topic=874.0 |