Trojan.Hydraq detection and naming
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 868179f7-ca85-4535-981c-90b3e103d13a |
| Fingerprint | a537a08376088cd6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 20, 2010, 12:10 a.m. |
| Added to db | Jan. 18, 2023, 7:45 p.m. |
| Last updated | Nov. 15, 2024, 8:31 p.m. |
| Headline | UNKNOWN |
| Title | Trojan.Hydraq detection and naming |
| Detected Hints/Tags/Attributes | 32/1/47 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | sha256 | 1 | ce7debbcf1ca3a390083fe5753f231e632017ca041dfa662ad56095a500f2364 |
|
| Details | IPv4 | 17 | 4.5.0.50 |
|
| Details | IPv4 | 12 | 5.0.0.2 |
|
| Details | IPv4 | 1 | 7.9.1.142 |
|
| Details | IPv4 | 29 | 7.0.17.0 |
|
| Details | IPv4 | 14 | 4.0.14.0 |
|
| Details | IPv4 | 16 | 3.1.1.80 |
|
| Details | IPv4 | 10 | 9.1.8.0 |
|
| Details | IPv4 | 25 | 10.0.2.2 |
|
| Details | IPv4 | 39 | 7.0.3.5 |
|
| Details | IPv4 | 15 | 91.2.0.41 |
|
| Details | IPv4 | 1 | 4.0.0.101 |
|
| Details | IPv4 | 1 | 7.9.0.129 |
|
| Details | IPv4 | 1 | 3.117.0.0 |
|
| Details | IPv4 | 5 | 1.4.4.12 |
|
| Details | IPv4 | 2 | 7.9.1.146 |
|
| Details | IPv4 | 5 | 5.0.21.0 |
|
| Details | IPv4 | 59 | 7.0.0.125 |
|
| Details | Url | 1 | http://blog.threatexpert.com/2010/01/trojanhydraq-part-ii.html |
|
| Details | Url | 2 | http://www.symantec.com/security_response/writeup.jsp?docid=2010 |
|
| Details | Url | 1 | http://www.virustotal.com/analisis/160cb3d6c6e11a8c649a1d0ed33faf927ae6dc99e0c76ae1982720255867b38e-1263698531 |
|
| Details | Url | 1 | http://www.virustotal.com/analisis/f0c78171b11b40f40e24dd9eaa8a3a381e1816ab8c3653aeb167e94803f90430-1264023110 |
|
| Details | Url | 1 | http://www.virustotal.com/analisis/ce7debbcf1ca3a390083fe5753f231e632017ca041dfa662ad56095a500f2364-1264140003 |
|
| Details | CVE | 6 | cve-2010-0249 |
|
| Details | Domain | 4 | extraexploit.blogspot.com |
|
| Details | Domain | 9 | blog.threatexpert.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 1 | cc.agent.ba |
|
| Details | Domain | 1 | agent.20480.pl |
|
| Details | Domain | 2 | agent.ba |
|
| Details | Domain | 1 | win32.ccagent.ba |
|
| Details | Domain | 1 | virus.agent.ba |
|
| Details | File | 3 | acelpvc.dll |
|
| Details | File | 2 | vediodriver.dll |
|
| Details | File | 1 | trojanhydraq-part-ii.html |
|
| Details | File | 31 | writeup.jsp |
|
| Details | File | 1 | 20480.pl |
|
| Details | File | 1 | roarur.dll |
|
| Details | File | 3 | packed.asp |
|
| Details | md5 | 1 | ba3545841d8a40ed8493e22c0e70a72c |
|
| Details | md5 | 1 | 4A47404FC21FFF4A1BC492F9CD23139C |
|
| Details | md5 | 1 | 467EEF090DEB3517F05A48310FCFD4EE |
|
| Details | md5 | 1 | 467eef090deb3517f05a48310fcfd4ee |
|
| Details | md5 | 1 | 4a47404fc21fff4a1bc492f9cd23139c |
|
| Details | sha1 | 1 | 43d20c85e323b59e7971626a3c1fe1542ab945f7 |
|
| Details | sha256 | 1 | 160cb3d6c6e11a8c649a1d0ed33faf927ae6dc99e0c76ae1982720255867b38e |
|
| Details | sha256 | 1 | f0c78171b11b40f40e24dd9eaa8a3a381e1816ab8c3653aeb167e94803f90430 |