ioc[.]one - OSINT Cyber Threat Intelligence Database

“Red October”. Detailed Malware Description 4. Second Stage of Attack

Tags

country:	Kuwait Netherlands El Salvador Germany Finland France Hungary Italy Spain Lebanon Poland Portugal Turkey Russia Taiwan
attack-pattern:	Data Direct Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Trap - T1546.005 Vulnerabilities - T1588.006 Connection Proxy - T1090 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	154eef80-e2ac-4225-86df-14d911d31ddf
Fingerprint	aa2528006ca3ab95
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 17, 2013, 4:06 p.m.
Added to db	Jan. 16, 2023, 4:58 p.m.
Last updated	Nov. 17, 2024, 6:50 p.m.
Headline	“Red October”. Detailed Malware Description 4. Second Stage of Attack
Title	“Red October”. Detailed Malware Description 4. Second Stage of Attack
Detected Hints/Tags/Attributes	97/2/43

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/red-october-detailed-malware-description-4-second-stage-of-attack/36884/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	5	nt-windows-online.com
Details	Domain	4	nt-windows-update.com
Details	Domain	4	nt-windows-check.com
Details	Domain	2	microsoftosupdate.com
Details	Domain	3	microsoft-msdn.com
Details	Domain	2	microsoftcheck.com
Details	Domain	1	www.new-driver-upgrade.com
Details	File	1	%appdata%microsoftrtkn32gdi.exe
Details	File	2	%tmp%smrdprevsmrdprev_%p_%p.tmp
Details	File	1	%tmp%%number%.exe
Details	File	4	t.dat
Details	File	17	exchange.asmx
Details	File	2	adt.dat
Details	File	1	testsvc_00.exe
Details	File	1	%system%testsvc_00.exe
Details	File	1	0xa4f2%.tmp
Details	md5	1	43C0BA45BE45CA20ED014A8298104716
Details	md5	1	1294af519b9e6a521294607c8c1b3d27
Details	md5	1	AE693C43E40F0DE9DE9FA2D950003ABF
Details	md5	1	09fd8e1f2936a97df477a5e8552fe360
Details	md5	1	6FE7EB4E59448E197BDFAE87247F3AE6
Details	md5	1	ED5FF814B10ED25946623A7EC2C0A682
Details	md5	1	37B443893551C1537D00FD247E3C9A78
Details	md5	1	06ebdde6a600a65e9e65ba7c63f139fa
Details	md5	1	b49232652748ab677a944bd4d4650603
Details	md5	1	51900a2bb1202225aabc2ee5a64dbe42
Details	md5	1	7ade5d2a88c1eeefe47b501b19c383ef
Details	md5	1	595e29a21ecaa4dfcb3a5db18401a9a8
Details	IPv4	1441	127.0.0.1
Details	IPv4	59	255.255.255.255
Details	Url	1	http://www.new-driver-upgrade.com/cgi-bin/frog
Details	Windows Registry Key	1	HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRunservise
Details	Windows Registry Key	2	HKCUSoftwareMicrosoftWindows
Details	Windows Registry Key	1	HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall
Details	Windows Registry Key	1	HKLMSOFTWAREMicrosoftOffice
Details	Windows Registry Key	3	HKCRCLSID
Details	Windows Registry Key	1	HKLMSOFTWAREClassesSoftwareAdobeAcrobatExe
Details	Windows Registry Key	1	HKCUSOFTWAREAdobeAcrobat
Details	Windows Registry Key	1	HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedMapMenuConfigGrps
Details	Windows Registry Key	1	HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedMapMenuConfigGrps
Details	Windows Registry Key	1	HKCUSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExplorerAdvancedMapMenuConfigGrps
Details	Windows Registry Key	1	HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExplorerAdvancedMapMenuConfigGrps
Details	Windows Registry Key	7	HKLMSOFTWAREMicrosoftWindows