W32.Duqu
Common Information
Type | Value |
---|---|
UUID | d19c4533-2353-4572-9f55-b6cfd1600a49 |
Fingerprint | 8c556df10b0e68475294af06105404f34c971709d45dff4b3ec854aae69593dd |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Nov. 23, 2011, 7:43 p.m. |
Added to db | Oct. 1, 2024, 2:30 p.m. |
Last updated | Oct. 1, 2024, 2:33 p.m. |
Headline | W32.Duqu |
Title | W32.Duqu |
Detected Hints/Tags/Attributes | 190/4/112 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 369 | microsoft.com |
|
Details | Domain | 4 | dyndns.org |
|
Details | Domain | 216 | www.symantec.com |
|
Details | Domain | 2 | netp191.zdata.mz |
|
Details | Domain | 3 | www.sunbeltsecurity.com |
|
Details | Domain | 1 | aq.aq |
|
Details | Domain | 80 | www.eset.com |
|
Details | Domain | 7 | www.geoffchappell.com |
|
Details | Domain | 5 | www.csmonitor.com |
|
Details | File | 4 | jminet7.sys |
|
Details | File | 3 | cmi4432.sys |
|
Details | File | 306 | services.exe |
|
Details | File | 1 | nfred965.sys |
|
Details | File | 1 | nred961.sys |
|
Details | File | 1 | adp55xx.sys |
|
Details | File | 3 | adpu321.sys |
|
Details | File | 1 | iastor451.sys |
|
Details | File | 1 | allide1.sys |
|
Details | File | 1 | iraid18.sys |
|
Details | File | 1 | noname.sys |
|
Details | File | 3 | igdkmd16b.sys |
|
Details | File | 533 | ntdll.dll |
|
Details | File | 478 | lsass.exe |
|
Details | File | 748 | kernel32.dll |
|
Details | File | 17 | mrxcls.sys |
|
Details | File | 1260 | explorer.exe |
|
Details | File | 263 | iexplore.exe |
|
Details | File | 199 | firefox.exe |
|
Details | File | 29 | pccntmon.exe |
|
Details | File | 119 | avp.exe |
|
Details | File | 45 | mcshield.exe |
|
Details | File | 23 | avguard.exe |
|
Details | File | 42 | bdagent.exe |
|
Details | File | 8 | umxcfg.exe |
|
Details | File | 14 | fsdfwd.exe |
|
Details | File | 28 | rtvscan.exe |
|
Details | File | 35 | ccsvchst.exe |
|
Details | File | 53 | ekrn.exe |
|
Details | File | 7 | tmproxy.exe |
|
Details | File | 14 | ravmond.exe |
|
Details | File | 212 | winlogon.exe |
|
Details | File | 1122 | svchost.exe |
|
Details | File | 1 | resource302.dll |
|
Details | File | 1 | dq7.tmp |
|
Details | File | 1 | net7.sys |
|
Details | File | 7 | keylogger.exe |
|
Details | File | 2 | res302.dll |
|
Details | File | 2 | ntddl.dll |
|
Details | File | 2 | cmi4432_res302.dll |
|
Details | File | 2 | 203627.dll |
|
Details | File | 2 | nep191_res302.dll |
|
Details | File | 2 | cmi4432_203627.dll |
|
Details | File | 2 | cmi4432.dll |
|
Details | File | 10 | 360rp.exe |
|
Details | File | 21 | 360sd.exe |
|
Details | File | 10 | %systemroot%\system32\lsass.exe |
|
Details | File | 5 | %systemroot%\system32\winlogon.exe |
|
Details | File | 32 | %systemroot%\system32\svchost.exe |
|
Details | File | 185 | shell32.dll |
|
Details | File | 2 | c:\\windows\\system32\\drivers\\jminet7.sys |
|
Details | File | 125 | ntoskrnl.exe |
|
Details | File | 2 | jmp_ntoskrnl.exe |
|
Details | File | 2 | cwsandboxreport.aspx |
|
Details | File | 2 | dsc00001.jpg |
|
Details | File | 4 | stuxnet_under_the_microscope.pdf |
|
Details | File | 29 | www.geo |
|
Details | File | 2 | viewer.htm |
|
Details | File | 2 | mrxcls.htm |
|
Details | File | 6 | w32_stuxnet_dossier.pdf |
|
Details | File | 252 | www.cs |
|
Details | md5 | 3 | 9749d38ae9b9ddd81b50aad679ee87ec |
|
Details | md5 | 2 | 4c804ef67168e90da2c3da58b60c3d16 |
|
Details | md5 | 2 | 856a13fcae0407d83499fc9c3dd791ba |
|
Details | md5 | 2 | 92aa68425401ffedcfba4235584ad487 |
|
Details | md5 | 1 | 164aa9cd56d900341535551464af43b7 |
|
Details | md5 | 1 | 66a7e49ef0ebf10fb54621861c6dbfff |
|
Details | md5 | 2 | 0a566b1616c8afeef214372b1a0580c7 |
|
Details | md5 | 2 | 0eecd17c6c215b358b7b872b74bfd800 |
|
Details | md5 | 1 | 3B51F48378A26F664BF26B32496BD72A |
|
Details | md5 | 2 | 3d83b077d32c422d6c7016b5083b9fc2 |
|
Details | md5 | 2 | 4541e850a228eb69fd0f0e924624b245 |
|
Details | md5 | 1 | 7A331793E65863EFA5B5DA4FD5023695 |
|
Details | md5 | 2 | 94c4ef91dfcd0c53a96fdc387f9f9c35 |
|
Details | md5 | 1 | a0a976215f619a33bf7f52e85539a513 |
|
Details | md5 | 1 | a1d2a954388775513b3c7d95ab2c9067 |
|
Details | md5 | 2 | b4ac366e24204d821376653279cbad86 |
|
Details | md5 | 2 | c9a31ea148232b201fe7cb7db5c75f5e |
|
Details | md5 | 1 | dccffd4d2fc6a602bea8fdc1fa613dd4 |
|
Details | md5 | 2 | e8d6b4dadb96ddb58775e6c85b10b6cc |
|
Details | md5 | 1 | f60968908f03372d586e71d87fe795cd |
|
Details | sha1 | 2 | 192f3f7c40fa3aaa4978ebd312d96447e881a473 |
|
Details | sha1 | 2 | 588476196941262b93257fd89dd650ae97736d4d |
|
Details | sha1 | 2 | f8f116901ede1ef59c05517381a3e55496b66485 |
|
Details | sha1 | 3 | d17c6a9ed7299a8a55cd962bdb8a5a974d0cb660 |
|
Details | sha1 | 2 | 723c71bd7a6c1a02fa6df337c926410d0219103a |
|
Details | sha1 | 2 | 3ef572cd2b3886e92d1883e53d7c8f7c1c89a4b4 |
|
Details | sha1 | 2 | c4e51498693cebf6d0cf22105f30bc104370b583 |
|
Details | sha256 | 2 | 901e0000fbf7cf4ef06d2695ec6968fae71bca841f0b4ffd2cb0699001a8a30e |
|
Details | sha256 | 2 | 600e0000998281bb47abfc237906077f116f0afdb09a5603ab782e6e13099ee5 |
|
Details | IPv4 | 4 | 206.183.111.97 |
|
Details | IPv4 | 2 | 77.241.93.160 |
|
Details | IPv4 | 1 | 123.30.137.117 |
|
Details | IPv4 | 1 | 68.132.129.18 |
|
Details | IPv4 | 4 | 1.9.2.9 |
|
Details | Url | 2 | http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=85625782&cs=f61afbecf2457 |
|
Details | Url | 1 | http://www.eset.com/resources/white‐papers/stuxnet_under_the_microscope.pdf |
|
Details | Url | 2 | http://www.geoffchappell.com/viewer.htm?doc=notes |
|
Details | Url | 2 | http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepaper |
|
Details | Url | 1 | http://www.csmonitor.com/usa/2011/0922/from |
|
Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet |
|
Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JmiNET3 |
|
Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JmiNET3\Enum |