ioc[.]one - OSINT Cyber Threat Intelligence Database

Weaponized Container exploiting MS Office Vulnerability CVE 2012-0158 - Communicating to Dridex C2 Infra

Tags

country:	Ukraine
attack-pattern:	Data Direct Botnet - T1583.005 Botnet - T1584.005 Exploits - T1587.004 Exploits - T1588.005 Hidden Window - T1564.003 Ip Addresses - T1590.005 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Hidden Window - T1143

Show in Graph

Common Information

Type	Value
UUID	6f3155ca-3071-4b6c-9b79-5a8acb691541
Fingerprint	ae0d8d132f971556
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 26, 2016, 2:01 p.m.
Added to db	Jan. 18, 2023, 7:56 p.m.
Last updated	Nov. 17, 2024, 5:58 p.m.
Headline	Deriving Cyber Threat Intelligence and Driving Threat Hunting
Title	Weaponized Container exploiting MS Office Vulnerability CVE 2012-0158 - Communicating to Dridex C2 Infra
Detected Hints/Tags/Attributes	70/2/33

Source URLs

	Redirection	Url
Details	Source	http://malwarenailed.blogspot.com/2016/03/weaponized-container-exploiting-ms.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	malwarenailed.blogspot.com

Attributes

Details	Type	#Events	Value
Details	Domain	132	www.sophos.com
Details	Email	1	yvonne@direct-electrical.com
Details	Email	1	56a74b1c.d7bc1c0a.c68bd.ffffb6a7@mx.google.com
Details	File	1	vmsk.exe
Details	File	1	us-15-li-attacking-interoperability-an-ole-edition.pdf
Details	File	1	msgr3en.dll
Details	File	1	analyzing-and-detecting-weaponized-rtf.html
Details	File	13	msvcr71.dll
Details	File	1	proofpoint-operation-transparent-tribe-threat-insight-en.pdf
Details	File	1	baccas-vb2013.pdf
Details	File	17	en.pdf
Details	CVE	39	cve-2014-4114
Details	CVE	176	cve-2012-0158
Details	Domain	1	host68-221-static.241-95-b.business.telecomitalia.it
Details	Domain	1	direct-electrical.com
Details	Domain	10	mx.google.com
Details	Domain	370	www.proofpoint.com
Details	Domain	2	traceevidence.blogspot.com
Details	Domain	403	securelist.com
Details	Domain	14	blogs.mcafee.com
Details	File	748	kernel32.dll
Details	md5	1	BE601E638D4790864E1A472B8D1D6BFD
Details	IPv4	1	95.241.221.68
Details	IPv4	1	91.239.232.145
Details	Url	1	https://www.proofpoint.com/tw/threat-insight/post/dridex-javascript-and-porta-johns
Details	Url	1	https://www.proofpoint.com/tw/threat-insight/post/dridex-javascript-and-porta-johns#sthash.msuo9hgx.dpuf
Details	Url	1	https://www.blackhat.com/docs/us-15/materials/us-15-li-attacking-interoperability-an-ole-edition.pdf
Details	Url	1	http://traceevidence.blogspot.com/2014/03/analyzing-and-detecting-weaponized-rtf.html
Details	Url	1	https://threatpost.com/espionage-malware-watering-hole-attacks-target-diplomats/116600/?utm_content=buffer8f661&utm_medium=social&utm_source=linkedin.com
Details	Url	1	https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf
Details	Url	1	https://securelist.com/analysis/publications/37158/the-curious-case-of-a-cve-2012-0158-exploit
Details	Url	1	https://blogs.mcafee.com/mcafee-labs/cve-2012-0158-exploit-in-the-wild
Details	Url	3	https://www.sophos.com/en-us/medialibrary/pdfs/technical