Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 4f0b14db-938c-40fc-b943-769f84124b8c |
| Fingerprint | c4a88919a8a742c3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 20, 2015, 9:32 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor |
| Title | Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor |
| Detected Hints/Tags/Attributes | 73/3/45 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 24 | cve-2015-5122 |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 1 | start-vedioing.net |
|
| Details | Domain | 7 | inbox.com |
|
| Details | Domain | 1 | anywhere-staring.com |
|
| Details | Domain | 85 | 163.com |
|
| Details | 1 | alta.rohde@inbox.com |
||
| Details | File | 3 | movie.swf |
|
| Details | File | 312 | calc.exe |
|
| Details | File | 1 | %temp%\rdws.exe |
|
| Details | File | 1 | %temp%\fasap.dat |
|
| Details | File | 1 | %temp%\fasapi.bat |
|
| Details | File | 1 | fasap.dat |
|
| Details | File | 1 | %windir%\system32\sysprep\sysprep.exe |
|
| Details | File | 40 | cryptbase.dll |
|
| Details | File | 20 | sysprep.exe |
|
| Details | File | 1 | %temp%\fasapi.bin |
|
| Details | File | 1 | sttip.asp |
|
| Details | File | 1 | snews.asp |
|
| Details | File | 1 | stravel.asp |
|
| Details | File | 1 | sjobs.asp |
|
| Details | File | 1 | ssports.asp |
|
| Details | File | 1 | sweather.asp |
|
| Details | File | 3 | rdws.exe |
|
| Details | File | 1 | fasapi.bin |
|
| Details | md5 | 1 | 319500B2C792AEE6CD8EF8EE87D9DC1E |
|
| Details | md5 | 1 | 10DBFB65836773567B466918250D7EF4 |
|
| Details | md5 | 1 | 7F1779F37F257006576B2D41919441EC |
|
| Details | md5 | 1 | 1F132F365E60CD43FFF75CD3CA464463 |
|
| Details | md5 | 1 | D0D267D8CBBB7DBC59CFC68742FD0559 |
|
| Details | md5 | 1 | BCDEC2A79EADF1DA2166BBB705A25AAE |
|
| Details | sha1 | 1 | 723db4f13e98364098d76b925ea197f9ecd5309b |
|
| Details | sha1 | 1 | 4330f5ad25980e0ebb0165f6b49727152735ef4a |
|
| Details | sha1 | 1 | 4ac396084e932733bb887b51fa5a5e489d9cb0ec |
|
| Details | sha1 | 1 | 4df97974b36adadfdfda44172484019ad2edd649 |
|
| Details | sha1 | 1 | 4586685cc724dedffb9c41f65b2dffc7017f2970 |
|
| Details | sha1 | 1 | fd2ce90293cbb7cd28b42ce8ffb2ce5d95ed3260 |
|
| Details | sha256 | 1 | 27439adaa07f5ad16eb8039c16eceb4e71f6358e7fc13ac645e8878da8c3e77e |
|
| Details | sha256 | 1 | 25ba7d0399dda177a2f35f2f5804ba54a272e43c192649339e5cbf8bd4efa0e0 |
|
| Details | sha256 | 1 | 53edff51e0e52b2d1e8526fea144e9ea923183c2cfece8a87dda92b8390651af |
|
| Details | sha256 | 1 | bdbd4974f872a6b62528f4f03c64d6cd9cf5e9352582f5ae242dc7f843a6fe55 |
|
| Details | sha256 | 1 | 05acabac8bca04ac36fbd8b7dfbe21bde720ebe82a6b642721114e7fbda01bea |
|
| Details | sha256 | 1 | 052aad8133e1ffc2863581db33d366ba4180dfcf2e01ed7acbea4d53c355ab59 |
|
| Details | IPv4 | 1 | 172.246.109.27 |
|
| Details | IPv4 | 1 | 172.16.95.137 |