May 6, 2008 Poison Ivy EXE RSIS Commentary from RSISPubllcation@NTU.EDU.SG
Tags
| country: | China |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Active Setup - T1547.014 Dns - T1071.004 Dns - T1590.002 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 54c27f61-290a-4d96-acd8-f201908c2e78 |
| Fingerprint | 29b0a20364db8084 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 6, 2008, 11:49 p.m. |
| Added to db | Jan. 18, 2023, 7:45 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | UNKNOWN |
| Title | May 6, 2008 Poison Ivy EXE RSIS Commentary from RSISPubllcation@NTU.EDU.SG |
| Detected Hints/Tags/Attributes | 32/3/41 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | ntu.edu.sg |
|
| Details | Domain | 1 | w32.agent.45056.mq |
|
| Details | Domain | 22 | www.threatexpert.com |
|
| Details | Domain | 22 | anubis.iseclab.org |
|
| Details | Domain | 1 | js001.3322.org |
|
| Details | Domain | 18 | robtex.com |
|
| Details | 1 | rsispubllcation@ntu.edu.sg |
||
| Details | File | 1 | rsis.exe |
|
| Details | File | 2 | downloader.mdw |
|
| Details | File | 19 | report.aspx |
|
| Details | File | 1 | msxmltwo.exe |
|
| Details | File | 1 | c:\rsis.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 99 | c:\windows\explorer.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | md5 | 1 | 105C80E404324938EAE633934EE44ED1 |
|
| Details | md5 | 1 | 105c80e404324938eae633934ee44ed1 |
|
| Details | sha256 | 1 | b71040cfa7545804d02afb8bb39639cf9c5dfd7439b29b6d3cf7a1ea8b9a5efc |
|
| Details | IPv4 | 17 | 4.5.0.50 |
|
| Details | IPv4 | 12 | 5.0.0.2 |
|
| Details | IPv4 | 5 | 8.2.1.180 |
|
| Details | IPv4 | 41 | 2.0.3.7 |
|
| Details | IPv4 | 28 | 5.2.0.5 |
|
| Details | IPv4 | 2 | 0.96.0.0 |
|
| Details | IPv4 | 10 | 4.5.1.85 |
|
| Details | IPv4 | 14 | 4.0.14.0 |
|
| Details | IPv4 | 16 | 3.1.1.80 |
|
| Details | IPv4 | 59 | 7.0.0.125 |
|
| Details | IPv4 | 10 | 9.1.8.0 |
|
| Details | IPv4 | 25 | 10.0.2.2 |
|
| Details | IPv4 | 39 | 7.0.3.5 |
|
| Details | IPv4 | 15 | 91.2.0.41 |
|
| Details | IPv4 | 3 | 6.5.1.9 |
|
| Details | IPv4 | 3 | 3.12.12.2 |
|
| Details | IPv4 | 10 | 5.0.27.0 |
|
| Details | IPv4 | 2 | 222.35.137.193 |
|
| Details | Url | 1 | http://www.virustotal.com/analisis/b71040cfa7545804d02afb8bb39639cf9c5dfd7439b29b6d3cf7a1ea8b9a5efc-1267933534 |
|
| Details | Url | 1 | http://www.threatexpert.com/report.aspx?md5=105c80e404324938eae633934ee44ed1 |
|
| Details | Url | 1 | http://anubis.iseclab.org/?action=result&task_id=17dcf8eaeeed8708481ff44961985d488 |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Local |