ioc[.]one - OSINT Cyber Threat Intelligence Database

Sep 16 CVE-2010-2883 PDF INTEREST & FOREIGN EXCHANGE RATES

Tags

country:	Taiwan United States Of America
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	3d2fb15a-6d07-45a5-9d9f-7f49ac4ed7c5
Fingerprint	65b7a07b66d2c088
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 16, 2010, 1:06 a.m.
Added to db	Jan. 18, 2023, 7:45 p.m.
Last updated	Nov. 17, 2024, 6:50 p.m.
Headline	Mal/Ovoxual-AMal/Ovoxual-A is a malicious executable file.Mal/Ovoxual-A often drops the following files:\FAVORITES.DAT (clean data file)\msupdater.exe (usually detected as Mal/Ovoxual-B).Mal/Ovoxual-A may also then set the following registry entry to run msupdater.exe automatically:HKCU\Software\Microsoft\Windows NT\CurrentVersion\WinlogonShellExplorer.exe "\msupdater.exe"
Title	Sep 16 CVE-2010-2883 PDF INTEREST & FOREIGN EXCHANGE RATES
Detected Hints/Tags/Attributes	43/2/46

Source URLs

	Redirection	Url
Details	Source	http://contagiodump.blogspot.com/2010/09/sep-16-cve-2010-2883-pdf-interest.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	contagiodump.blogspot.com

Attributes

Details	Type	#Events	Value
Details	CVE	38	cve-2010-2883
Details	Domain	1	iismx.iis.sinica.edu.tw
Details	Domain	1	webmail.iis.sinica.edu.tw
Details	Domain	1	mail.confinewags.com
Details	Domain	5	fdcservers.net
Details	Domain	22	anubis.iseclab.org
Details	Domain	1	dh.ba
Details	Domain	1	ipserver.ee.ntu.edu.tw
Details	Email	1	20100916233152.w71ipg6umo8sscgg@webmail.iis.sinica.edu.tw
Details	File	12	cooltype.dll
Details	File	2	_foreign_exchange_rates.pdf
Details	File	63	report.html
Details	File	37	exploit.pdf
Details	File	16	behaveslike.pdf
Details	File	208	setup.exe
Details	File	1	favorites.dat
Details	File	1	msupdater.exe
Details	File	1260	explorer.exe
Details	File	3	msupdate.exe
Details	md5	1	4ef704239fa63d1c1dfcf2ea2da0d711
Details	md5	1	95d42d365489a6e5ebdf62565c5c8aa2
Details	md5	1	374075ce8b6e8f0cd1f90009fd5a703b
Details	md5	1	18b0a39b7f9329e12d2b5893d4177053
Details	sha256	1	daac83fc4af5c53068c4e5a29dadfdc5200e3b3fc2b491eebe0a4bc19ec9e3f2
Details	sha256	1	043935374ce39637a4816d0a484d30bed1d3054bbe89625fbc22f83ef4cb3e04
Details	IPv4	1	140.109.20.49
Details	IPv4	1	192.168.0.51
Details	IPv4	1441	127.0.0.1
Details	IPv4	1	204.45.63.6
Details	IPv4	1	192.168.0.49
Details	IPv4	3	5.0.0.50
Details	IPv4	3	4.1.143.0
Details	IPv4	5	3.1.1.90
Details	IPv4	59	7.0.0.125
Details	IPv4	26	10.0.2.7
Details	IPv4	39	7.0.3.5
Details	IPv4	9	101.1.1.7
Details	IPv4	4	3.12.14.1
Details	IPv4	1	7.10.12.61
Details	IPv4	41	2.0.3.7
Details	IPv4	1	140.112.19.195
Details	Url	1	http://www.virustotal.com/file-scan/report.html?id=daac83fc4af5c53068c4e5a29dadfdc5200e3b3fc2b491eebe0a4bc19ec9e3f2
Details	Url	1	http://anubis.iseclab.org/?action=result&task_id=14495366b24a64d242d1946aa1e3a88be&format=html
Details	Url	1	http://anubis.iseclab.org/?action=result&task_id=1e84f89b1e5b8fe04ad889cf45d8dbb88
Details	Url	1	http://www.virustotal.com/file-scan/report.html?id=043935374ce39637a4816d0a484d30bed1d3054bbe89625fbc22f83ef4cb3e04
Details	Windows Registry Key	31	HKCU\Software\Microsoft\Windows