THE “LURID” DOWNLOADER
Common Information
| Type | Value |
|---|---|
| UUID | 9fe96be5-8e07-477b-939a-a3d1be8317fc |
| Fingerprint | 8dc1703f20c71b417092a0d3c282b49617ffccaef519ea43804d32bef2be34d1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 23, 2011, 4:49 p.m. |
| Added to db | April 14, 2024, 12:11 p.m. |
| Last updated | Aug. 31, 2024, 1:22 a.m. |
| Headline | THE “LURID” DOWNLOADER |
| Title | THE “LURID” DOWNLOADER |
| Detected Hints/Tags/Attributes | 138/3/136 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 43 | cve-2009-4324 |
|
| Details | Domain | 4 | googleblog.blogspot.com |
|
| Details | Domain | 124 | www.cisco.com |
|
| Details | Domain | 22 | about-threats.trendmicro.com |
|
| Details | Domain | 13 | isc.sans.org |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | Domain | 10 | www.nartv.org |
|
| Details | Domain | 35 | wikileaks.org |
|
| Details | Domain | 2 | cablesearch.org |
|
| Details | Domain | 123 | www.reuters.com |
|
| Details | Domain | 2 | dalailama.com |
|
| Details | Domain | 1 | gawab.com |
|
| Details | Domain | 1 | info3.gawab.com |
|
| Details | Domain | 1 | www.ldvpn.cn |
|
| Details | Domain | 287 | yahoo.com |
|
| Details | Domain | 85 | 163.com |
|
| Details | Domain | 1 | mailru-vip.com |
|
| Details | Domain | 1 | yandex-vip.com |
|
| Details | Domain | 1 | ceonline.com |
|
| Details | Domain | 1 | ce-helppane.com |
|
| Details | Domain | 1 | foxit-pro.com |
|
| Details | Domain | 1 | ymail-vip.com |
|
| Details | Domain | 1 | ymail-pro.com |
|
| Details | Domain | 1 | yandex-pro.com |
|
| Details | Domain | 6 | ce.com |
|
| Details | Domain | 1 | mailru-pro.com |
|
| Details | Domain | 1 | hoticq.com |
|
| Details | Domain | 1 | redhag.com |
|
| Details | Domain | 1 | zadhc.com |
|
| Details | Domain | 1 | lasmail.com |
|
| Details | Domain | 1 | hotoicq.com |
|
| Details | Domain | 1 | ace.mailru-vip.com |
|
| Details | Domain | 1 | home.mailru-pro.com |
|
| Details | Domain | 1 | xphlp.ymail-vip.com |
|
| Details | Domain | 1 | setup.mailru-vip.com |
|
| Details | Domain | 1 | superkiller.mailru-vip.com |
|
| Details | Domain | 1 | sexinsex.ymail-vip.com |
|
| Details | Domain | 1 | win.foxit-pro.com |
|
| Details | Domain | 1 | update.ymail-vip.com |
|
| Details | Domain | 1 | press.foxit-pro.com |
|
| Details | Domain | 1 | press.mailru-pro.com |
|
| Details | Domain | 1 | press.ymail-pro.com |
|
| Details | Domain | 1 | help.lasmail.com |
|
| Details | Domain | 1 | mail.lasmail.com |
|
| Details | Domain | 1 | support.hotoicq.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | 1 | ohhdl@dalailama.com |
||
| Details | 1 | emb107@gawab.com |
||
| Details | 1 | bruce_tuner@yahoo.com |
||
| Details | File | 1 | new-approach-to-china.html |
|
| Details | File | 1 | targeted_attacks.pdf |
|
| Details | File | 1 | archivemalware.aspx |
|
| Details | File | 1 | 1008_crouching_powerpoint_hidden_trojan_24c3.pdf |
|
| Details | File | 2 | sansfire2008-is_troy_burning_vanhorenbeeck.pdf |
|
| Details | File | 4 | ghostnet.pdf |
|
| Details | File | 6 | shadows-in-the-cloud.pdf |
|
| Details | File | 1 | 09state32025.html |
|
| Details | File | 73 | view.php |
|
| Details | File | 1 | flyer_edited-3.pdf |
|
| Details | File | 1 | us-dongtai.html |
|
| Details | File | 1 | losar_flyer_edited-3.pdf |
|
| Details | File | 63 | ctfmon.exe |
|
| Details | File | 1 | mspmsnsr.dll |
|
| Details | File | 1 | isssync.exe |
|
| Details | File | 1 | worm_otorun.tmp |
|
| Details | File | 1 | sys32time.ini |
|
| Details | File | 1 | ipop.dll |
|
| Details | File | 1 | msacm.dat |
|
| Details | File | 1 | nfal.exe |
|
| Details | File | 1 | 0dayaug12.exe |
|
| Details | File | 1 | desp.exe |
|
| Details | File | 1 | 0dayjun14.exe |
|
| Details | File | 1 | 0dayapr13.exe |
|
| Details | File | 1 | 0dayjun09.exe |
|
| Details | File | 1 | 0daydec08.exe |
|
| Details | File | 1 | smross.exe |
|
| Details | File | 1 | lh0526w.exe |
|
| Details | File | 1 | z10dec09up.exe |
|
| Details | File | 1 | lh0517e.exe |
|
| Details | md5 | 1 | 322fcf1b134fef1bae52fbd80a373ede |
|
| Details | md5 | 1 | 84d24967cb5cbacf4052a3001692dd54 |
|
| Details | md5 | 1 | 3447416fbbc65906bd0384d4c2ba479e |
|
| Details | md5 | 1 | 856de08a947a40e00ea7ed66b8e02c53 |
|
| Details | md5 | 1 | 571d636618a7ba35b7e9bae872fc5bfd |
|
| Details | md5 | 1 | ebba8420c261102635de4d20bdd772f2 |
|
| Details | md5 | 1 | ed69041fbe470fe0f2c1fd837efcb6e7 |
|
| Details | md5 | 1 | d66948e4e90baff08d24c77c93788597 |
|
| Details | md5 | 1 | 2d93cbe969d3b5f02d4f9f1a3eb39b85 |
|
| Details | md5 | 1 | 465ca2eef82b412949eeaa9fa3cc5c75 |
|
| Details | md5 | 1 | e1833932053171da15c60e6c2fca708a |
|
| Details | md5 | 1 | e38ccff8e7fb922fe48b54b4032fec50 |
|
| Details | md5 | 1 | 744670ca4531f7ceb72a75ae456e8215 |
|
| Details | md5 | 1 | f0f31112af491f56af7cc0802ba96c0f |
|
| Details | md5 | 1 | 2a21eb36cc2a0a24149a4821aa328b7b |
|
| Details | md5 | 1 | 5403e0bda1db72e5e862e9169db4e1d7 |
|
| Details | md5 | 1 | 57d99d67c3e8987e812c9332d6774794 |
|
| Details | md5 | 1 | 963e39d8675b5bb3d2f4e6da45c51bb0 |
|
| Details | md5 | 1 | 166d6cd28c9df20c30fed220a3132345 |
|
| Details | md5 | 1 | 89b98f66650cb29d0926713fda3b5bbc |
|
| Details | md5 | 1 | d8815fe64eb5321add412554908da28a |
|
| Details | md5 | 1 | 22caf76a780c54ddce7fa139100fa54e |
|
| Details | md5 | 1 | 140c69ea9a963100e75497b33820f1da |
|
| Details | md5 | 1 | 8f65204d8440b7be2b52908e35d19124 |
|
| Details | md5 | 1 | f993d4cabe5021c96d6a80192f142dca |
|
| Details | md5 | 1 | 74bdabd1077d640f7d21c6cfb14a0348 |
|
| Details | IPv4 | 1 | 66.220.20.18 |
|
| Details | IPv4 | 1 | 96.46.11.88 |
|
| Details | IPv4 | 1 | 173.212.195.216 |
|
| Details | IPv4 | 1 | 109.123.126.143 |
|
| Details | IPv4 | 1 | 109.123.126.156 |
|
| Details | IPv4 | 1 | 184.95.36.75 |
|
| Details | IPv4 | 1 | 109.123.126.151 |
|
| Details | IPv4 | 1 | 106.123.126.151 |
|
| Details | IPv4 | 1 | 174.139.13.122 |
|
| Details | IPv4 | 1 | 184.22.240.174 |
|
| Details | IPv4 | 1 | 46.23.67.226 |
|
| Details | IPv4 | 1 | 184.22.251.12 |
|
| Details | IPv4 | 1 | 109.123.126.157 |
|
| Details | IPv4 | 1 | 58.64.149.29 |
|
| Details | IPv4 | 1 | 204.12.197.70 |
|
| Details | Pdb | 1 | dllservicetrojan.pdb |
|
| Details | Pdb | 1 | servicedll.pdb |
|
| Details | Url | 1 | http://googleblog.blogspot.com/2010/01/new-approach-to-china.html |
|
| Details | Url | 1 | http://www.cisco.com/en/us/prod/collateral/vpndevc/ps10128/ps10339/ps10354/targeted_attacks.pdf |
|
| Details | Url | 1 | http://about-threats.trendmicro.com/archivemalware.aspx?language=us&name=troj_sharp.r |
|
| Details | Url | 1 | http://events.ccc.de/congress/2007/fahrplan/attachments/1008_crouching_powerpoint_hidden_trojan_24c3.pdf |
|
| Details | Url | 1 | http://isc.sans.org/presentations/sansfire2008-is_troy_burning_vanhorenbeeck.pdf |
|
| Details | Url | 1 | http://isc.sans.edu/diary. |
|
| Details | Url | 4 | http://www.nartv.org/mirror/ghostnet.pdf |
|
| Details | Url | 4 | http://www.nartv.org/mirror/shadows-in-the-cloud.pdf |
|
| Details | Url | 1 | http://wikileaks.org/cable/2009/04/09state32025.html |
|
| Details | Url | 2 | http://cablesearch.org/cable/view.php?id=08state116943 |
|
| Details | Url | 1 | http://www.reuters.com/article/2011/04/14/us-china-usa-cyberespionage-idustre73d24220110414 |
|
| Details | Url | 1 | http://www.ldvpn.cn/us-dongtai.html |
|
| Details | Url | 1 | http://mobile.darkreading.com/9287/show/571d636618a7ba35b7e9bae872fc5bfd |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Parameters |