ioc[.]one - OSINT Cyber Threat Intelligence Database

Safe: A Targeted Threat

Show in Graph

Common Information

Type	Value
UUID	99904389-8d78-4faf-a4b3-5acf8233364f
Fingerprint	06f1f280f09d2e34d709ac285f6039bb2be43082cc0cb8e82c694b8fc74d9e42
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 20, 2013, 8:43 a.m.
Added to db	April 14, 2024, 11:59 a.m.
Last updated	Aug. 30, 2024, 11:03 p.m.
Headline	Safe: A Targeted Threat
Title	Safe: A Targeted Threat
Detected Hints/Tags/Attributes	152/4/105

Source URLs

	Redirection	Url
Details	Source	https://documents.trendmicro.com/assets/wp/wp-safe-a-targeted-threat.pdf

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	documents.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	176	cve-2012-0158
Details	Domain	604	www.trendmicro.com
Details	Domain	25	www.cve.mitre.org
Details	Domain	1	safeext.org
Details	Domain	622	en.wikipedia.org
Details	Domain	29	www.nirsoft.net
Details	Domain	1	mongolbaatarsonin.in
Details	Domain	1	getapencil.com
Details	Domain	1	withoutcake.com
Details	Domain	1	willyoumarryadog.com
Details	Domain	22	126.com
Details	Domain	1	sugarsbutters.com
Details	Domain	1	aq5u.org
Details	Domain	1	shumetheme.org
Details	Domain	2	www.totaldefense.com
Details	Domain	79	www.f-secure.com
Details	Domain	132	www.sophos.com
Details	Domain	22	www.threatexpert.com
Details	Domain	1	www.math.sci.hiroshima-u.ac.jp
Details	Domain	1	mongolbaatar.us
Details	Domain	1	svnbook.red-bean.com
Details	File	8	decrypt.exe
Details	File	1	typeconfig.exe
Details	File	1	safedisk.exe
Details	File	2	phishing-email-most-favored-apt-attack-bait.pdf
Details	File	1	interview_excerpts.doc
Details	File	1	smcs.exe
Details	File	1	safecredential.dat
Details	File	1	safeext.dll
Details	File	1260	explorer.exe
Details	File	24	report.php
Details	File	2	detailed-analysis.aspx
Details	File	13	build.bat
Details	File	1	compress.bat
Details	File	1	lz77.exe
Details	File	1	pecompress.bat
Details	File	1	upxshell.exe
Details	File	1	readme-mt.txt
Details	File	94	config.php
Details	File	7	global.php
Details	File	3	utils.php
Details	File	1	record.php
Details	File	816	index.html
Details	File	1	attack-bait.pdf
Details	File	1	masquerading-as-image-files.aspx
Details	File	19	report.aspx
Details	File	1	insidewc.html
Details	md5	1	9d334262d146bd57a7adfb9b3e093f9f
Details	md5	1	029b716d3ef7969819e67800d9c716f5
Details	md5	1	7d21dd42d8c83505c0ca691b84200a3d
Details	md5	1	9cd5fc340522f1f1a8a4e4008e99d893
Details	md5	1	a73cc231498079396aa93b4b2bf07293
Details	md5	1	ec11c74dd6880adeda7ef47eed272f34
Details	md5	1	0e431415b774178ab2c61cc8059dff37
Details	md5	1	6efbb2cf6a917495c5d0e5366bad9f00
Details	md5	1	df70528104138299ed807823353e1e23
Details	md5	1	187de2aa89e2eeb0a16705555387e488
Details	md5	1	1bd4428c3145608c450ba77a8442ebf3
Details	md5	1	4bc95c02a7ff8d6d571d21deb3aeab15
Details	md5	1	6b4b6e649c3b19cf4334f4ea9c219417
Details	md5	1	7a16003bd4d4cab734a3f46338dd2e47
Details	md5	1	7e2ee5883cd4b2e202d52941efb9ed19
Details	md5	1	7f42ade2ec925f8c78551173626a3b94
Details	md5	1	80293c5a9c2915769438d5524fcfdb88
Details	md5	1	8503cf0484545d65998b38addb910dcd
Details	md5	1	95d7c5ec58661bd158a4a55d1af0098e
Details	md5	1	9d4633d8ecffac7257884b4ae48c2650
Details	md5	1	cb043ef81849d5bb0dbb5406320e7c76
Details	md5	1	e375089bbc34c7017c52105224ee1ba9
Details	md5	1	e5f9f4a252622029c7bbad78f8a25363
Details	md5	1	faca29ccc97aa933a048f9d6a095b7f6
Details	md5	1	520ce270dad6e8ac722610347272dfff
Details	md5	1	939554c50dfcc4607663e60b625763ef
Details	md5	1	ee610ba2e096f125da66c2db7eab014b
Details	md5	1	5ae6024b60473559c2870cdc1f4f89da
Details	md5	1	6f69a6c2797e9b6eb92aefe2eca0cff1
Details	sha1	1	a2da9cda33ce378a21f54e9f03f6c0c9efba61fa
Details	sha1	1	91e6277a70d48ed953ac9208275e5dc855a8f7a7
Details	sha1	1	303e982d0929ca2c50809323dff66be38a46926a
Details	sha1	1	2029399fb4be3d88c2ba0a7544b1ebec58157639
Details	sha1	1	cde35c8da8c420aeaf5adda14ba68d18010479fa
Details	Url	2	http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-
Details	Url	7	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve
Details	Url	1	http://en.wikipedia.org/wiki/user_account_control
Details	Url	1	http://en.wikipedia.org/wiki/browser_
Details	Url	1	http://www.nirsoft.net/.
Details	Url	1	http://www.totaldefense.com/blogs/2012/04/11/mac-os-x-threat-masquerading-as-image-files.
Details	Url	1	http://www.f-secure.com/v-descs/backdoor_osx_imuler_a.shtml
Details	Url	1	http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware
Details	Url	3	http://www.threatexpert.com/report.
Details	Url	1	http://www.math.sci.hiroshima-u.ac.jp/~m-mat/mt/mt2002/codes/readme-mt.txt
Details	Url	1	http://en.wikipedia.org/wiki/gb_2312
Details	Url	1	http://www.trendmicro.com/us/enterprise/security-risk-management/deep-discovery/index.html
Details	Url	8	http://www.trendmicro.com/cloud-content
Details	Url	3	http://www.cve.mitre.org/cgi-bin/cvename.
Details	Url	1	http://en.wikipedia.org/wiki/user_account_
Details	Url	2	http://www.nirsoft.net
Details	Url	1	http://www.totaldefense.com
Details	Url	2	http://www.f-secure.com/v-descs/backdoor_
Details	Url	1	http://www.sophos.com/en-us/threat-center
Details	Url	1	http://www.threatexpert.com/report.aspx?
Details	Url	1	http://www.math.sci.hiroshima-u.ac.jp
Details	Url	1	http://svnbook.red-bean.com/en/1.6/svn.
Details	Url	1	http://www.trendmicro.com/us/enterprise
Details	Windows Registry Key	1	HKU\S-1-5-21-3050518243-3448030925