ioc[.]one - OSINT Cyber Threat Intelligence Database

THE ‘ICEFOG’ APT: A TALE OF CLOAK AND THREE DAGGERS

Show in Graph

Common Information

Type	Value
UUID	be7688f9-58a4-43e3-87aa-fa9ee81c5812
Fingerprint	120441a3c9c15bfa46a171e7d27adde35978d5e4ac0056b866656cc078335778
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 26, 2013, 2:03 p.m.
Added to db	April 14, 2024, 3:40 a.m.
Last updated	Oct. 1, 2024, 2:47 p.m.
Headline	THE ‘ICEFOG’ APT: A TALE OF CLOAK AND THREE DAGGERS
Title	THE ‘ICEFOG’ APT: A TALE OF CLOAK AND THREE DAGGERS
Detected Hints/Tags/Attributes	141/3/254

Source URLs

	Redirection	Url
Details	Source	https://d2538mqrb7brka.cloudfront.net/wp-content/uploads/sites/43/2018/03/20133739/icefog.pdf
Details	Source	https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20133739/icefog.pdf
Details	Source	https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2013/09/22105452/icefog.pdf

URL Provider

Details	Provider	Source level domain
Details	cloudfront.net	d2538mqrb7brka.cloudfront.net
Details	kasperskycontenthub.com	media.kasperskycontenthub.com

Attributes

Details	Type	#Events	Value
Details	CVE	14	cve-2012-1856
Details	CVE	176	cve-2012-0158
Details	CVE	25	cve-2013-0422
Details	CVE	41	cve-2012-1723
Details	CVE	79	cve-2010-3333
Details	Domain	2	blog.malwaretracker.com
Details	Domain	1	0158.az
Details	Domain	1	money.cnnpolicy.com
Details	Domain	1	reversemode.com
Details	Domain	622	en.wikipedia.org
Details	Domain	1	www.cloudsbit.com
Details	Domain	158	aol.com
Details	Domain	5	smtp.aol.com
Details	Domain	1	disneyland.website
Details	Domain	1	bbs.pcbeta.com
Details	Domain	1	img2icns.zip
Details	Domain	1	appst0re.net
Details	Domain	1	freespi.cab.cab
Details	Domain	397	asp.net
Details	Domain	3	basic.net
Details	Domain	1	spekosoft.com
Details	Domain	1	kechospital.com
Details	Domain	1	unikorean.com
Details	Domain	1	pasakosoft.net
Details	Domain	1	chinauswatch.net
Details	Domain	1	msvistastar.com
Details	Domain	1	defenseasia.net
Details	Domain	1	pinganw.org
Details	Domain	1	kevinsw.net
Details	Domain	1	avatime.net
Details	Domain	1	shinebay.net
Details	Domain	1	securimalware.net
Details	Domain	338	kaspersky.com
Details	Domain	1	wang.gs
Details	Domain	1	infostaition.com
Details	Domain	18	sohu.com
Details	Domain	2	100911.com
Details	Domain	1	625tongyi.com
Details	Domain	1	9-joy.net
Details	Domain	1	agorajpweb.com
Details	Domain	1	bigbombnews.com
Details	Domain	1	cloudsbit.com
Details	Domain	1	cnnpolicy.com
Details	Domain	1	dabolloth.com
Details	Domain	1	dancewall228.com
Details	Domain	1	dashope.net
Details	Domain	1	daxituzi.net
Details	Domain	1	disneyland.website.iiswan.com
Details	Domain	1	dosaninfracore.com
Details	Domain	1	dotaplayers.com
Details	Domain	1	electk.net
Details	Domain	1	esdlin.com
Details	Domain	1	gamestar2.net
Details	Domain	1	gangstyleobs.com
Details	Domain	1	globalwebnews.net
Details	Domain	1	kakujae.com
Details	Domain	1	kansenshu.com
Details	Domain	1	kimjeayun.com
Details	Domain	1	koreanmofee.com
Details	Domain	1	kreamnnd.com
Details	Domain	1	krentertainly.net
Details	Domain	1	lexdesign152.net
Details	Domain	1	mashuisi.net
Details	Domain	1	minihouse.website.iiswan.com
Details	Domain	1	mudain.net
Details	Domain	1	namoon-tistory.com
Details	Domain	1	newsceekjp.com
Details	Domain	1	nk-kotii.com
Details	Domain	1	ppxxcc.org
Details	Domain	1	samyongonc.com
Details	Domain	1	sejonng.org
Details	Domain	1	sejoung.org
Details	Domain	1	setchon.com
Details	Domain	1	skynet121.net
Details	Domain	1	starwings.net
Details	Domain	1	tokyoyan.net
Details	Domain	1	twittle.org
Details	Domain	1	war3players.com
Details	Domain	1	widestar.net
Details	Domain	1	womenewes.com
Details	Domain	1	yahoowebnews.com
Details	Domain	1	zhpedu.org
Details	Domain	2	exploit.msword.cve-2010-3333.cg
Details	Domain	2	exploit.msword.cve-2010-3333.ci
Details	Domain	1	exploit.msword.cve-2012-0158.ae
Details	Domain	1	exploit.msword.cve-2012-0158.az
Details	Domain	1	trojan.php.agent.ax
Details	Domain	1	www.9-joy.net
Details	Domain	1	minihouse.website
Details	Domain	1	iiswan.com
Details	Domain	1	www.setchon.com
Details	Domain	1	www.kevinsw.net
Details	Domain	1	img2icns.app
Details	Domain	1	launchd.app
Details	Domain	1	www.img2icnsapp.com
Details	Email	1	harrypottercommand001@aol.com
Details	Email	1	jd2command092@aol.com
Details	Email	1	jd2clientsend@aol.com
Details	Email	1	woshihero009@aol.com
Details	Email	1	mrmylcmd009@aol.com
Details	Email	1	defaultmail002@aol.com
Details	Email	147	intelreports@kaspersky.com
Details	File	1	tomato-garden-campaign-possible.html
Details	File	2	wdmaud.drv
Details	File	1	量産用材料の件.eml
Details	File	1	20130128.xls
Details	File	175	update.exe
Details	File	5	sxs.dll
Details	File	5	upload.aspx
Details	File	4	winhlp32.exe
Details	File	8	index2.php
Details	File	1	alive.asp
Details	File	1	space.asp
Details	File	1	msuc.dat
Details	File	1	msld.exe
Details	File	1	序.exe
Details	File	1	调用专用.exe
Details	File	1	special.exe
Details	File	13	view.asp
Details	File	4	update.asp
Details	File	5	upfile.asp
Details	File	26	forum.php
Details	File	1	img2icns.rar
Details	File	1	img2icns.zip
Details	File	1	%hostname%.jpg
Details	File	5	console.exe
Details	File	8	dbgview.exe
Details	File	1	hush获取.exe
Details	File	1	quarks-pwdump.exe
Details	File	1	片调用程序.exe
Details	File	1	exe.jpg
Details	File	1	freespi.cab
Details	File	1	control.aspx
Details	File	1	windows版本号.txt
Details	File	12	version.txt
Details	File	3	%temp%\scvhost.exe
Details	File	1	%temp%\svohost.exe
Details	File	1	%temp%\msuc.dat
Details	File	1	%temp%\order.dat
Details	File	1	%temp%\cmd1.dat
Details	File	1	%temp%\tmpxor.dat
Details	File	1	%systemroot%\msld.exe
Details	File	1	%systemroot%\wdmaud.drv
Details	File	15	backdoor.asp
Details	File	1	agent.gz
Details	File	7	trojan.php
Details	File	1	1234567890.doc
Details	File	1	説明書.xls
Details	File	1	2345678901.doc
Details	File	1	keikaku-201302.xls
Details	File	1	agent.xps
Details	File	5	www.dot
Details	File	1	%windir%\wdmaud.drv
Details	File	1260	explorer.exe
Details	File	119	smss.exe
Details	File	6	tmp.dat
Details	File	1	order.dat
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	cmd1.dat
Details	File	1	tmpxor.dat
Details	File	1	msloger.exe
Details	File	1	aa.tmp
Details	File	15	hwp.exe
Details	File	1	ab.tmp
Details	File	2125	cmd.exe
Details	File	1	mstmpdata.dat
Details	File	17	log.log
Details	File	20	config.dat
Details	File	7	launchd.pl
Details	md5	1	b8bed65865ddecbd22efff0970b97321
Details	md5	1	5f1344d8375b449f77d4d8ecfcdeda9a
Details	md5	1	9de808b3147ec72468a5aec4b2c38c20
Details	md5	1	120f9ed8431a24c14b60003260930c37
Details	md5	1	32e8d4b2f08aff883c8016b7ebd7c85b
Details	md5	1	d544a65f0148e59ceca38c579533d040
Details	md5	1	9a64277e40e3db8659d359126c840897
Details	md5	1	61ed85d28eb18b13223e033a01cb5c05
Details	md5	1	43edcbd20bb5fec2c2d36e7c01d49fc7
Details	md5	1	d6c90955c6f2a346c9c91be82a1f9d8c
Details	md5	1	78d9ac9954516ac096992cf654caa1fc
Details	md5	1	387ae1e56fa48ec50a46394cc51acce7
Details	md5	1	0b28d3cc9e89ffe53dbb50f739fcb6e3
Details	md5	1	4482fd69a07ab15d9a9d3b3819d048be
Details	md5	1	6d3d95137ef1ba5c6e15a4a95de8a546
Details	md5	1	a72d3774d2d97a7eeb164c6c5768f52a
Details	md5	1	2a106c694660891e0950493e3eedc42d
Details	md5	1	324d26f4fb7a91b8019c19e6a0318400
Details	md5	1	aa97368c43171a5c93c57327d5da04cf
Details	md5	1	d22ab2a2f9e4763a35eb7c6db144d3d4
Details	md5	1	ffef41bd67de8806ac2d0e10a3cab3c2
Details	md5	1	be043b0d1337f85cfd05f786eaf4f942
Details	md5	1	126c6b7f5be186fd48bb975f7e59385e
Details	md5	1	ff27ebb3696e075e339195a2833caa47
Details	md5	1	cf1815491d41202eb8647341a8695e1e
Details	md5	1	336de9428650c46b64ff699ab4a441bb
Details	md5	1	9f422bb6c00bb46fbfa3918ae3e9447a
Details	md5	1	d53cec579c7b3b3e0f77cd64e0c58bbf
Details	md5	1	00c3d59a83c3745498b75fd9d1067b4c
Details	md5	1	9d3d8504cd488acaa731cfdd48fe5851
Details	md5	1	95ee545a6562a81c3e049a48c5b9f8aa
Details	md5	1	219738275b9dfbef6be8b65473833e45
Details	md5	1	363bcf8bbf8ae7def65adcec0a755d45
Details	md5	1	3ce3e49e0e31e69b2aabcb3d7569a63c
Details	md5	1	c5f3d21cb19a4b2d03aa42e4bf43b79b
Details	md5	1	b1241cd7a0d7d58d1182badd0adba8ab
Details	md5	1	7ec89be945add54aa67009dbc12a9260
Details	md5	1	eb4579f08cd270e496c70ddcaa29dacb
Details	md5	1	5aaa057d3447a214e729276563d2f922
Details	md5	1	8f816f4acc49f5ebba00d92437b42e85
Details	md5	1	f4ced221baf2a482e60baf374ab063be
Details	md5	1	3a6feab7eb90b87cf5a4e08bce2572e8
Details	md5	1	853096b7e1e4bdb9221875c30d9a15a0
Details	md5	1	15a342cf2cc4fc5ae933d463f5d2196f
Details	md5	1	acc57cc72a8d129703b4914c408a15a1
Details	md5	1	162b349be9c6d11c58cf163e211d891c
Details	md5	1	f7547f23bd2fd37b7d44e8617f629b49
Details	md5	1	c352c376968e8a1157fa425431776797
Details	md5	1	31a530fea411455b8844fe019ffb66cd
Details	md5	1	43678aa052ad677841bd2ef532ecd284
Details	md5	1	fa452f67c6bf8056b563690d61c4a4c6
Details	md5	1	b21635b1b1fce93ff917d9308d4835fb
Details	md5	1	2d6a82fdb59e38d63027beac28dc2813
Details	md5	1	beb9da03aff9386599625199a5a47b8d
Details	md5	1	80405f5681f1e4f2de6e8c26ec20c14d
Details	md5	1	2761c55bafa96d5814e847b665006e49
Details	md5	1	566b175ab355e6313ba0ca98b0146d84
Details	md5	1	d421e0d74fa7035246c1ea51bd4d3114
Details	md5	1	24751030c1fa40bd57988d4e6fe70117
Details	md5	1	392f5372ba3348ea1820df34c078f6c8
Details	md5	1	fba7b9ffd08110e37d2bdf77c0d8b806
Details	md5	1	0e2694aea9d3de122611d88e37ffc7f0
Details	md5	1	cd85a9a05538e89190d519703c9a1327
Details	md5	1	f46eb126668dfc843a05958e71936b01
Details	md5	1	BF13CCB777F7175ECD567E757ABCB0E4
Details	md5	1	FA452F67C6BF8056B563690D61C4A4C6
Details	IPv4	3	95.211.172.143
Details	IPv4	1	122.10.87.252
Details	IPv4	1	113.10.136.228
Details	IPv4	1	103.246.245.130
Details	IPv4	1	110.45.203.152
Details	IPv4	1	27.255.71.204
Details	IPv4	1	199.192.154.124
Details	IPv4	1	211.42.249.39
Details	Pdb	2	uccodepiecego.pdb
Details	Threat Actor Identifier - APT	115	APT1
Details	Url	1	http://blog.malwaretracker.com/2013/06
Details	Url	1	http://reversemode.com/index2.php?option=com_content&do_
Details	Url	11	http://en.wikipedia.org
Details	Url	1	http://bbs.pcbeta.com/forum.php?mod=viewthread&tid=1157944
Details	Url	1	http://appst0re.net/upload.aspx?filepath=%order
Details	Url	1	http://www.img2icnsapp.com
Details	Url	1	http://appst0re.net/upload.
Details	Url	1	http://appst0re.net
Details	Windows Registry Key	31	HKCU\Software\Microsoft\Windows