ioc[.]one - OSINT Cyber Threat Intelligence Database

THE PROJECTSAURON APT

Show in Graph

Common Information

Type	Value
UUID	894f4ee4-5d67-4734-bbf5-1d38568c1935
Fingerprint	69515f6644ef95fb48d1e477c2afacaae8caf951caf3dc0dd2d47d12782cef93
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 9, 2016, 2:24 p.m.
Added to db	March 10, 2024, 2:33 a.m.
Last updated	Oct. 1, 2024, 2:35 p.m.
Headline	THE PROJECTSAURON APT
Title	THE PROJECTSAURON APT
Detected Hints/Tags/Attributes	142/4/80

Source URLs

	Redirection	Url
Details	Source	https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf
Details	Redirection	https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
Details	Source	https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2016/08/22071441/The-ProjectSauron-APT_research_KL.pdf

URL Provider

Details	Provider	Source level domain
Details	kasperskycontenthub.com	media.kasperskycontenthub.com
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	338	kaspersky.com
Details	Domain	3	bikessport.com
Details	Domain	4	ipchicken.com
Details	Domain	7	xxx.xxx.xxx
Details	Domain	1176	gmail.com
Details	Domain	1	ad-consult.cc
Details	Domain	1	art-irisarns.com
Details	Domain	1	chirotherapie.at
Details	Domain	1	csrv01.rapidcomments.com
Details	Domain	1	dee.hcmut.edu.vn
Details	Domain	1	der-wein.at
Details	Domain	1	dievinothek.net
Details	Domain	1	display24.at
Details	Domain	1	dr-rauch.com
Details	Domain	1	easterncredit.net
Details	Domain	2	flowershop22.110mb.com
Details	Domain	1	gtf.cc
Details	Domain	1	iut.hcmut.edu.vn
Details	Domain	1	liebstoecklco.at
Details	Domain	1	lydia-leydolf.at
Details	Domain	1	mail.mbit-web.com
Details	Domain	1	mbit-web.com
Details	Domain	1	mycruiseship.net
Details	Domain	1	myhomemusic.com
Details	Domain	1	ping.sideways.ru
Details	Domain	2	rapidcomments.com
Details	Domain	1	sba-messebau.at
Details	Domain	1	utc-wien.at
Details	Domain	1	weingut-haider-malloth.at
Details	Domain	2	wildhorses.awardspace.info
Details	Domain	1	windward-trading.biz
Details	Domain	1	winnie-andersen.com
Details	Domain	105	domain.com
Details	Domain	1	avian.org
Details	Domain	1	techno-fandom.org
Details	Email	147	intelreports@kaspersky.com
Details	Email	2	xxx.xxx.xxx@gmail.com
Details	Email	2	s.%s@localhost.localdomain
Details	Email	1	hobbit@avian.org
Details	Email	9	intelligence@kaspersky.com
Details	File	2	kavupdate.exe
Details	File	1	kavupd.exe
Details	File	1	ssawrapper.exe
Details	File	3	symnet32.dll
Details	File	1	kb2931368.exe
Details	File	2	hptcpprnt.dll
Details	File	1	vmwaretoolsupgr32.exe
Details	File	14	w.exe
Details	File	5	settings.cfg
Details	File	2	virtualencryptednetworkemail.key
Details	File	2	virtualencryptednetwork.ini
Details	File	2	fakevirtualencryptednetwork.dll
Details	File	1206	index.php
Details	File	16	data.bin
Details	File	2	msprtssp.dll
Details	File	533	ntdll.dll
Details	File	2	kblog.blob
Details	File	1	awardspace.inf
Details	File	1260	explorer.exe
Details	File	2	xxx.bat
Details	IPv4	5	2.0.0.9
Details	IPv4	2	74.125.148.11
Details	IPv4	1	104.131.61.33
Details	IPv4	2	176.9.242.188
Details	IPv4	2	185.78.64.121
Details	IPv4	1	192.195.77.59
Details	IPv4	1	216.250.114.149
Details	IPv4	3	217.160.176.157
Details	IPv4	1	37.252.125.88
Details	IPv4	1	54.209.129.218
Details	IPv4	1	66.228.52.133
Details	IPv4	2	81.4.108.168
Details	IPv4	1	83.125.22.161
Details	Microsoft Patch Numbers	1	KB2931368
Details	Url	1	http://ipchicken.com/index.php
Details	Url	1	http://techno-fandom.org
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\Software\VirtualEncryptedNetwork\Components
Details	Windows Registry Key	31	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Details	Windows Registry Key	2	HKLM\System\CurrentControlSet\Control\SecurityProviders
Details	Windows Registry Key	4	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders