ioc[.]one - OSINT Cyber Threat Intelligence Database

Feb 25 CVE-2010-3333 DOC China's Military Build-up from a compromised IBEW-NECA Joint Trust Funds account

Tags

country:	China Israel Thailand Singapore
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	3b053adf-980d-47e5-8a1f-317bbd556cb3
Fingerprint	b9788516208a5e91
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 1, 2011, 2:10 a.m.
Added to db	Jan. 18, 2023, 7:45 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	UNKNOWN
Title	Feb 25 CVE-2010-3333 DOC China's Military Build-up from a compromised IBEW-NECA Joint Trust Funds account
Detected Hints/Tags/Attributes	53/3/71

Source URLs

	Redirection	Url
Details	Source	http://contagiodump.blogspot.com/2011/03/cve-2010-3333-doc-chinas-military-build.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	contagiodump.blogspot.com

Attributes

Details	Type	#Events	Value
Details	CVE	79	cve-2010-3333
Details	Domain	1	ewtf.org
Details	Domain	1	ewtfdc2.ewtf.org
Details	Domain	1	ewtfexch07.ewtf.org
Details	Email	1	cmxxxxxxxx@ewtf.org
Details	File	1122	svchost.exe
Details	File	1	alerter.exe
Details	File	1	appmgmt.exe
Details	File	3	cisvc.exe
Details	File	3	clipsrv.exe
Details	File	1	comsysapp.exe
Details	File	1	dmadmin.exe
Details	File	1	dot3svc.exe
Details	File	1	eaphost.exe
Details	File	1	hidserv.exe
Details	File	1	hkmsvc.exe
Details	File	1	imapiservice.exe
Details	File	4	messenger.exe
Details	File	1	mnmsrvc.exe
Details	File	55	msdtc.exe
Details	File	1	msiserver.exe
Details	File	1	napagent.exe
Details	File	2	netdde.exe
Details	File	2	netddedsdm.exe
Details	File	2	netlogon.exe
Details	File	1	ntlmssp.exe
Details	File	1	ntmssvc.exe
Details	File	10	ose.exe
Details	File	1	rasauto.exe
Details	File	1	rdsessmgr.exe
Details	File	1	remoteaccess.exe
Details	File	2	rpcapd.exe
Details	File	1	rpclocator.exe
Details	File	3	rsvp.exe
Details	File	2	swprv.exe
Details	File	2	sysmonlog.exe
Details	File	3	tlntsvr.exe
Details	File	3	upnphost.exe
Details	File	6	ups.exe
Details	File	1	vss.exe
Details	File	1	wmdmpmsn.exe
Details	File	4	wmi.exe
Details	File	13	wmiapsrv.exe
Details	File	1	wuauserv.exe
Details	File	1	xmlprov.exe
Details	File	1	century.doc
Details	File	146	wininet.dll
Details	File	130	ws2_32.dll
Details	File	53	iphlpapi.dll
Details	File	69	shlwapi.dll
Details	File	79	regedit.exe
Details	File	7	dfds3.reg
Details	File	1	%s.php
Details	File	1	%c%c%c%c%c%c.exe
Details	File	1	c:\documents and settings\username\local settings\filename.exe
Details	md5	2	02B77C3941478A05F2EE6559E3B76FB6
Details	md5	1	02b77c3941478a05f2ee6559e3b76fb6
Details	md5	1	91572F3D15588F34F42EE5136D74C738
Details	md5	1	1f4e6cad1513e9e7765ef50bce4837b0
Details	sha1	1	cd7a8327dc8917d90bdbe693a310fa75a43a1ae0
Details	sha1	1	0dc6e154341e0331a982e657944998fb06f32370
Details	IPv4	1	69.85.28.235
Details	IPv4	1	192.9.200.202
Details	IPv4	8	5.2.11.5
Details	IPv4	4	4.2.254.0
Details	IPv4	39	7.0.3.5
Details	IPv4	6	101.3.0.103
Details	IPv4	1	61.7.158.11
Details	IPv4	1	7.11.4.13
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKU\S-1-5-21-789336058-1580436667-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run\FILENAME