Mar 2 CVE-2012-0754 SWF in DOC Iran's Oil and Nuclear Situation.doc
Tags
| cmtmf-attack-pattern: | Code Injection |
| country: | Iran United States Of America |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Code Injection - T1540 Dynamic Dns - T1311 Dynamic Dns - T1333 Python - T1059.006 Server - T1583.004 Server - T1584.004 Denial Of Service |
Common Information
| Type | Value |
|---|---|
| UUID | 2ed02b4b-e7f5-4b8e-b53e-f31b5de613f0 |
| Fingerprint | 94f201822caf44c7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 5, 2012, 8:29 a.m. |
| Added to db | Jan. 18, 2023, 7:45 p.m. |
| Last updated | Nov. 18, 2024, 4:35 a.m. |
| Headline | UNKNOWN |
| Title | Mar 2 CVE-2012-0754 SWF in DOC Iran's Oil and Nuclear Situation.doc |
| Detected Hints/Tags/Attributes | 53/4/102 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 7 | cve-2012-0754 |
|
| Details | CVE | 3 | cve-2004-0210 |
|
| Details | CVE | 1 | cve-2012-0744 |
|
| Details | Domain | 1 | pyswfcarve.py |
|
| Details | Domain | 5 | www.7-zip.org |
|
| Details | Domain | 2 | blog.9bplus.com |
|
| Details | Domain | 1 | this.myns.play |
|
| Details | Domain | 1 | 76-230-115-208.static.reverse.lstn.net |
|
| Details | Domain | 1 | www.documents.mypicture.info |
|
| Details | Domain | 1 | documents.mypicture.info |
|
| Details | Domain | 1 | ftp.documents.mypicture.info |
|
| Details | Domain | 1 | mypicture.info |
|
| Details | Domain | 2 | vanity.changeip.com |
|
| Details | Domain | 8 | changeip.com |
|
| Details | Domain | 1 | ehostingusa.com |
|
| Details | Domain | 1 | te-3-0-0-ten07.eugene.or.bverton.comcast.net |
|
| Details | Domain | 1 | xmlswf.as |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 1176 | gmail.com |
|
| Details | Domain | 1 | kiki.edns.biz |
|
| Details | Domain | 1 | edns.biz |
|
| Details | Domain | 1 | renos.ax |
|
| Details | 1 | zoujinhe@ehostingusa.com |
||
| Details | 1 | wmorrison89@gmail.com |
||
| Details | 1 | william.abnett@gmail.com |
||
| Details | File | 2 | situation.doc |
|
| Details | File | 2 | us.exe |
|
| Details | File | 1 | pyswfcarve.py |
|
| Details | File | 1 | cve-2012-0754.swf |
|
| Details | File | 1 | myns.pl |
|
| Details | File | 2 | test.mp4 |
|
| Details | File | 40 | www.doc |
|
| Details | File | 3 | mypicture.inf |
|
| Details | File | 1 | ftp.doc |
|
| Details | File | 4 | info.asp |
|
| Details | File | 1 | us-embedded.exe |
|
| Details | File | 1 | %temp%\us.exe |
|
| Details | File | 1 | capturebatlog.txt |
|
| Details | File | 1 | regshotlog.txt |
|
| Details | File | 9 | dump.txt |
|
| Details | File | 1 | cve-2012-0744-xls.xls |
|
| Details | File | 1 | cve-2012-0744-xls.swf |
|
| Details | File | 1 | renos.exe |
|
| Details | File | 1 | syoukai.mp4 |
|
| Details | File | 1 | normal.mp4 |
|
| Details | File | 1 | script.swf |
|
| Details | File | 1 | exploit.xls |
|
| Details | md5 | 1 | E92A4FC283EB2802AD6D0E24C7FCC857 |
|
| Details | md5 | 1 | 128A66CC3EFE6F424C3FEDCC4B6235AC |
|
| Details | md5 | 1 | FD1BE09E499E8E380424B3835FC973A8 |
|
| Details | md5 | 1 | e92a4fc283eb2802ad6d0e24c7fcc857 |
|
| Details | md5 | 1 | fd1be09e499e8e380424b3835fc973a8 |
|
| Details | md5 | 1 | cb3dcde34fd9ff0e19381d99b02f9692 |
|
| Details | md5 | 1 | 128a66cc3efe6f424c3fedcc4b6235ac |
|
| Details | md5 | 1 | 8933598c8b1fa5e493497b11c48da4f2 |
|
| Details | md5 | 1 | 198DE4A1EBF05F7F44FAF76F167B0233 |
|
| Details | md5 | 1 | AD7F04E73E19DEBF7C38034E3DAAF535 |
|
| Details | md5 | 1 | 143E2FD4D39199ABF7B871A2BB96FF1F |
|
| Details | md5 | 1 | 8933598C8B1FA5E493497B11C48DA4F2 |
|
| Details | md5 | 1 | CB3DCDE34FD9FF0E19381D99B02F9692 |
|
| Details | md5 | 1 | 198de4a1ebf05f7f44faf76f167b0233 |
|
| Details | md5 | 1 | ad7f04e73e19debf7c38034e3daaf535 |
|
| Details | md5 | 1 | 143e2fd4d39199abf7b871a2bb96ff1f |
|
| Details | sha1 | 1 | 988541c505fef37a48eca2cad926ec378a09a526 |
|
| Details | sha1 | 1 | 8b79abcb79a8ab962d386dfc3e51ac5de9428d4f |
|
| Details | sha1 | 1 | cd3ce4c08704ba447b39fc562215f41c007187f5 |
|
| Details | sha1 | 1 | 74c1e426a7ab9cf77a57b919a0c0fc563c15b441 |
|
| Details | sha1 | 1 | 8db153c242ea8b4ce8b12a80f875f50ec92ecf97 |
|
| Details | sha1 | 1 | 4e03e469d9040307bcdd1461f4f242d73ff40d4c |
|
| Details | sha1 | 1 | 12e36f86ce54576cc38b2edfd13e3a5aa6c8d51c |
|
| Details | sha1 | 1 | a2eb4ee6e2d4f2e51dca1d238e017d6420156bfe |
|
| Details | sha256 | 1 | 2dd92dcfe5a46143b9a879122432e48ef0b9016736b66cd322f5c9fb5d3441dd |
|
| Details | sha256 | 1 | 68360603794c0f6d1aff9f6853dbdbb1860a89269d3147dab768034d4195ca62 |
|
| Details | sha256 | 1 | e7ed13395dc2cc89cd7814c84c14b175c57c8fc0e6864ec304901af054b5199c |
|
| Details | sha256 | 1 | ab8bc59730a9c709214fb1a14c88dc64c979480d0fa34e19e99be644e4e9ee40 |
|
| Details | sha256 | 1 | bb6d781d1bd4da0914670a83b419b605661bbfac86bf9ae153f81fe94bbb6425 |
|
| Details | sha256 | 1 | c34ad3cac4d3b8420fa8dbe1bb0760623ecfa27a6ab7790c231e9e3a92b9039c |
|
| Details | sha256 | 1 | b3a97be4160fb261e138888df276f9076ed76fe2efca3c71b3ebf7aa8713f4a4 |
|
| Details | sha256 | 1 | d018ea9fea664b9608474e1271aaf23fe5d3b6161a2db486592e763475e377bd |
|
| Details | IPv4 | 1 | 208.115.230.76 |
|
| Details | IPv4 | 1 | 208.115.192.0 |
|
| Details | IPv4 | 1 | 208.115.255.255 |
|
| Details | IPv4 | 1 | 199.192.156.134 |
|
| Details | IPv4 | 1 | 68.85.151.214 |
|
| Details | IPv4 | 3 | 204.16.173.30 |
|
| Details | IPv4 | 1 | 199.192.152.0 |
|
| Details | IPv4 | 1 | 199.192.159.255 |
|
| Details | IPv4 | 1 | 68.80.0.0 |
|
| Details | IPv4 | 1 | 68.87.255.255 |
|
| Details | IPv4 | 1 | 10.3.183.15 |
|
| Details | IPv4 | 2 | 11.1.102.62 |
|
| Details | IPv4 | 2 | 11.1.111.6 |
|
| Details | IPv4 | 2 | 11.1.115.6 |
|
| Details | IPv4 | 1 | 61.196.209.58 |
|
| Details | IPv4 | 1 | 12.4.228.10 |
|
| Details | IPv4 | 1 | 12.4.228.0 |
|
| Details | IPv4 | 1 | 12.4.228.127 |
|
| Details | Url | 2 | http://www.7-zip.org |
|
| Details | Url | 1 | http://blog.9bplus.com/adobes-swf-tools-cve-2012-0754 |
|
| Details | Url | 1 | http://208.115.230.76/test.mp4 |
|
| Details | Url | 43 | https://www.virustotal.com |
|
| Details | Url | 1 | http://61.196.209.58/syoukai.mp4 |