ioc[.]one - OSINT Cyber Threat Intelligence Database

Gazing at Gazer

Show in Graph

Common Information

Type	Value
UUID	8d80cefb-6205-4151-a6f4-7d54e6c55813
Fingerprint	033551e2e689395c323ec7477082f099d8990e27ae4fd4762cb3df19316065c3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 29, 2017, 11:24 a.m.
Added to db	March 10, 2024, 7:08 a.m.
Last updated	Aug. 31, 2024, 3:29 a.m.
Headline	Gazing at Gazer
Title	Gazing at Gazer
Detected Hints/Tags/Attributes	97/4/135

Source URLs

	Redirection	Url
Details	Source	https://web-assets.esetstatic.com/wls/2017/08/eset-gazer.pdf
Details	Redirection	https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf

URL Provider

Details	Provider	Source level domain
Details	esetstatic.com	web-assets.esetstatic.com
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	21	update.microsoft.com
Details	Domain	368	microsoft.com
Details	Domain	18	windowsupdate.microsoft.com
Details	Domain	287	yahoo.com
Details	Domain	707	google.com
Details	Domain	114	eset.com
Details	Domain	2	daybreakhealthcare.co.uk
Details	Domain	2	simplecreative.design
Details	Domain	2	outletpiumini.springwaterfeatures.com
Details	Domain	1	zerogov.com
Details	Domain	2	ales.ball-mill.es
Details	Domain	2	dyskurs.com.ua
Details	Domain	2	warrixmalaysia.com.my
Details	Domain	2	shinestars-lifestyle.com
Details	Domain	2	www.aviasiya.com
Details	Domain	2	murad.by
Details	Domain	2	baby.greenweb.co.il
Details	Domain	5	soligro.com
Details	Domain	2	giadinhvabe.net
Details	Domain	1	tekfordummies.com
Details	Domain	1	kennynguyen.esy.es
Details	Domain	1	sonneteck.com
Details	Domain	1	chagiocaxuanson.esy.es
Details	Domain	2	hotnews.16mb.com
Details	Domain	2	zszinhyosz.pe.hu
Details	Domain	2	weandcats.com
Details	Domain	2	turla.cl
Details	Domain	2	solidloop.org
Details	Domain	3	turla.cc
Details	Domain	2	ultimatecomsup.biz
Details	Domain	2	turla.ag
Details	Domain	2	turla.ad
Details	Domain	2	turla.cf
Details	Email	69	threatintel@eset.com
Details	Email	1	admin@solidloop.org
Details	File	23	safari.exe
Details	File	1260	explorer.exe
Details	File	2	ﬁrefox.exe
Details	File	16	scrnsave.exe
Details	File	1	%appdata%\adobe\adobeup.exe
Details	File	2125	cmd.exe
Details	File	1	%temp%\cvrg72b5.tmp
Details	File	1	%temp%\cvrg1a6b.tmp
Details	File	1	%temp%\cvrg38d9.tmp
Details	File	99	c:\windows\explorer.exe
Details	File	1	%temp%\kb943729.log
Details	File	12	xxx.php
Details	File	1	4d4idgkxxx.php
Details	File	1	lo3r6v4xxx.php
Details	File	1	t3x0ftu9xxx.php
Details	File	1	x3ljjxxx.php
Details	File	1	df1e06.tmp
Details	File	9	%homepath%\ntuser.dat.log
Details	File	1	%homepath%\appdata\local\adobe\adobeupdater.exe
Details	File	1	themees.php
Details	File	2	single.php
Details	File	1	rss_0.php
Details	File	27	settings.php
Details	File	1	commandhandler.php
Details	File	1	map-menu.php
Details	File	1	grunion-table-form.php
Details	File	94	config.php
Details	File	1	old.php
Details	File	30	www.avi
Details	File	1	page-search.php
Details	File	86	admin.php
Details	File	19	db.php
Details	File	26	class.php
Details	File	1	delicious.php
Details	File	1	buildtest.php
Details	File	1	activation.php
Details	File	1	content-header.php
Details	File	1	full-hight.php
Details	File	1	http-module.php
Details	File	1	cvrg72b5.tmp
Details	File	1	cvrg1a6b.tmp
Details	File	1	cvrg38d9.tmp
Details	sha1	1	27fa78de705ebaa4b11c4b5fe7277f91906b3f92
Details	sha1	1	35f205367e2e5f8a121925bbae6ff07626b526a7
Details	sha1	1	b151cd7c4f9e53a8dcbdeb7ce61ccdd146eb68ab
Details	sha1	1	e40bb5beec5678537e8fe537f872b2ad6b77e08a
Details	sha1	1	522e5f02c06ad215c9d0c23c5a6a523d34ae4e91
Details	sha1	1	c380038a57ffb8c064851b898f630312fabcbba7
Details	sha1	1	267f144d771b4e2832798485108decd505cb824a
Details	sha1	1	52f6d09cccdbc38d66c184521e7ccf6b28c4b4d9
Details	sha1	1	475c59744accb09724dae610763b7284646ab63f
Details	sha1	1	22542a3245d52b7bcdb3eaef5b8b2693f451f497
Details	sha1	1	2b9faa8b0fcadac710c7b2b93d492ff1028b5291
Details	sha1	1	e05ab6978c17724b7c874f44f8a6cbfb1c56418d
Details	sha1	1	6dec3438d212b67356200bbac5ec7fa41c716d86
Details	sha1	1	b548863df838069455a76d2a63327434c02d0d9d
Details	sha1	1	c3e6511377dfe85a34e19b33575870dda8884c3c
Details	sha1	1	9ff4f59ca26388c37d0b1f0e0b22322d926e294a
Details	sha1	1	029aa51549d0b9222db49a53d2604d79ad1c1e59
Details	sha1	1	cecc70f2b2d50269191336219a8f893d45f5e979
Details	sha1	1	7fac4fc130637afab31c56ce0a01e555d5dea40d
Details	sha1	1	5838a51426ca6095b1c92b87e1be22276c21a044
Details	sha1	1	3944253f6b7019eed496fad756f4651be0e282b4
Details	sha1	1	228da957a9ed661e17e00efba8e923fd17fae054
Details	sha1	1	295d142a7bdced124fdcc8edfe49b9f3acceab8a
Details	sha1	1	0f97f599fab7f8057424340c246d3a836c141782
Details	sha1	1	dbb185e493a0fdc959763533d86d73f986409f1b
Details	sha1	1	4701828dee543b994ed2578b9e0d3991f22bd827
Details	sha1	1	6fd611667ba19691958b5b72673b9b802edd7ff8
Details	sha1	1	fcabeb735c51e2b8eb6fb07bda8b95401d069bd8
Details	sha1	1	75831df9cbcfd7bf812511148d2a0f117324a75f
Details	sha1	1	bae3ae65c32838fb52a0f5ad2cde8659d2bff9f3
Details	sha1	1	37ff6841419adc51eeb8756660b2fb46f3eb24ed
Details	sha1	1	9e6de3577b463451b7afce24ab646ef62ad6c2bd
Details	sha1	1	795c6ee27b147ff0a05c0477f70477e315916e0e
Details	sha1	1	8184ad9d6bbd03e99a397f8e925fa66cfbe5cf1b
Details	sha1	1	7ced96b08d7593e28fee616eccbc6338896517cf
Details	sha1	1	63c534630c2ce0070ad203f9704f1526e83ae586
Details	sha1	1	23f1e3be3175d49e7b262cd88cfd517694dcba18
Details	sha1	1	7a6f1486269abdc1d658db618dc3c6f2ac85a4a7
Details	sha1	1	11b35320fb1cf21d2e57770d8d8b237eb4330eaa
Details	sha1	1	e8a2bad87027f2bf3ecae477f805de13fccc0181
Details	sha1	1	950f0b0c7701835c5fbdb6c5698a04b8afe068e6
Details	sha1	1	a5eec8c6aadf784994bf68d9d937bb7af3684d5c
Details	sha1	1	411ef895fe8dd4e040e8bf4048f4327f917e5724
Details	sha1	1	c1288df9022bcd2c0a217b1536dfa83928768d06
Details	sha1	1	4b6ef62d5d59f2fe7f245dd3042dc7b83e3cc923
Details	sha1	1	7f54f9f2a6909062988ae87c1337f3cf38d68d35
Details	IPv4	2	169.255.137.203
Details	IPv4	2	217.171.86.137
Details	Windows Registry Key	31	HKCU\Software\Microsoft\Windows
Details	Windows Registry Key	37	HKCU\Control
Details	Windows Registry Key	26	HKCU\Software\Microsoft
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ScreenSaver
Details	Windows Registry Key	31	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Windows\Current
Details	Windows Registry Key	4	HKLM\Software\Microsoft\Windows\Current
Details	Yara rule	1	import "pe" rule Gazer_certificate_subject { condition: for any i in (0 .. pe.number_of_signatures - 1) : ( pe.signatures[i].subject contains "Solid Loop" or pe.signatures[i].subject contains "Ultimate Computer Support" ) }
Details	Yara rule	1	rule Gazer_certificate { strings: $certif1 = { 52 76 A4 53 CD 70 9C 18 DA 65 15 7E 5F 1F DE 02 } $certif2 = { 12 90 F2 41 D9 B2 80 AF 77 FC DA 12 C6 B4 96 9C } condition: (uint16(0) == 0x5a4d) and 1 of them and filesize < 2MB }
Details	Yara rule	1	rule Gazer_logfile_name { strings: $s1 = "CVRG72B5.tmp.cvr" $s2 = "CVRG1A6B.tmp.cvr" $s3 = "CVRG38D9.tmp.cvr" condition: (uint16(0) == 0x5a4d) and 1 of them }