ioc[.]one - OSINT Cyber Threat Intelligence Database

Dissecting Sundown Exploit Kit

Tags

country:	Japan Taiwan
attack-pattern:	Data Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003

Show in Graph

Common Information

Type	Value
UUID	5a21e0bd-ea4f-4e8d-84ec-b1b7c6be3e43
Fingerprint	a64330112d3c0da9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 31, 2017, 2:58 p.m.
Added to db	Jan. 18, 2023, 9:23 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	NetWitness Community
Title	Dissecting Sundown Exploit Kit
Detected Hints/Tags/Attributes	69/2/39

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2017/08/31/dissecting-sundown-exploit-kit

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	Value
Details	CVE	77	cve-2016-0189
Details	CVE	57	cve-2016-4117
Details	CVE	30	cve-2015-7645
Details	CVE	55	cve-2014-6332
Details	CVE	25	cve-2015-2419
Details	CVE	5	cve-2012-0779
Details	Domain	88	malware-traffic-analysis.net
Details	Domain	1	hxrheg.fve.mobi
Details	Domain	1	hco.huc.mobi
Details	Domain	47	www.malware-traffic-analysis.net
Details	Domain	81	blog.malwarebytes.com
Details	Domain	184	www.fireeye.com
Details	Domain	1	binaryhax0r.blogspot.co.il
Details	Domain	3	www.nao-sec.org
Details	Domain	1	contagiodump.blogspot.co.il
Details	File	185	shell32.dll
Details	File	50	urlmon.dll
Details	File	748	kernel32.dll
Details	File	14	temp.exe
Details	File	1	mfgrehy.tmp
Details	File	376	wscript.exe
Details	File	6	index3.html
Details	File	3	cve-2016-4117-flash-zero-day.html
Details	File	1	rig-exploit-kit-shellcode-spwans.html
Details	File	1	analyzing-rig-exploit-kit-vol2.html
Details	File	1	may-3-cve-2012-0779-world-uyghur.html
Details	md5	1	995eba050390492ad99dc938f958746f
Details	Mandiant Temporary Group Assumption	22	TEMP.EXE
Details	Threat Actor Identifier - APT	297	APT27
Details	Url	1	http://hxrheg.fve.mobi/@@@.php?id=265
Details	Url	1	http://hco.huc.mobi/7/?9643522803
Details	Url	1	http://hco.huc.mobi/7/?947545190441&id=265
Details	Url	1	http://hco.huc.mobi/7/?78493521
Details	Url	1	http://www.malware-traffic-analysis.net/2017/01/19/index3.html
Details	Url	1	https://blog.malwarebytes.com/cybercrime/exploits/2016/10/yet-another-sundown-ek-variant
Details	Url	3	https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
Details	Url	1	http://binaryhax0r.blogspot.co.il/2016/09/rig-exploit-kit-shellcode-spwans.html
Details	Url	1	http://www.nao-sec.org/2017/05/analyzing-rig-exploit-kit-vol2.html
Details	Url	1	http://contagiodump.blogspot.co.il/2012/05/may-3-cve-2012-0779-world-uyghur.html