ioc[.]one - OSINT Cyber Threat Intelligence Database

Jul 12 RTLO rar with trojan Taidoor - former President Lee Teng-hui seriously ill

Tags

country:	India South Korea Singapore Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	9acf5290-2b60-46ae-b11f-85de7808989e
Fingerprint	7e9cb65e6a83b416
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 25, 2011, 4:05 p.m.
Added to db	Jan. 18, 2023, 7:45 p.m.
Last updated	Nov. 15, 2024, 12:49 a.m.
Headline	UNKNOWN
Title	Jul 12 RTLO rar with trojan Taidoor - former President Lee Teng-hui seriously ill
Detected Hints/Tags/Attributes	49/3/68

Source URLs

	Redirection	Url
Details	Source	http://contagiodump.blogspot.com/2011/07/jul-12-rtlo-rar-with-trojan-taidoor.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	contagiodump.blogspot.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	msr12.hinet.net
Details	Domain	1	59-120-229-228.hinet-ip.hinet.net
Details	Domain	179	hotmail.com
Details	Domain	287	yahoo.com
Details	Domain	1	59.120.229.22859-120-229-228.hinet-ip.hinet.net
Details	Domain	2	trojan-gypikon-based.ba
Details	Domain	1	dropper.ye
Details	Domain	1	abianshabi.myddns.com
Details	Domain	2	kornet.net
Details	Domain	1	mcmerhons.com
Details	Domain	1	habi.myddns.com
Details	Email	1	bbianshabi@hotmail.com
Details	Email	1	kenneth.abbate@yahoo.com
Details	Email	1	abuse@kornet.net
Details	Email	1	darrenlim@mcmerhons.com
Details	File	5	gpj.exe
Details	File	2	sexypicturegirlalexe.jpg
Details	File	6	qfgkt.php
Details	File	5	bbbbb.php
Details	File	63	report.html
Details	File	4	sasfis.bk
Details	File	1	1tmp.bat
Details	File	7	dfds3.reg
Details	File	3	tlntsvr.exe
Details	File	1	c:\\documents and settings\\mila\\local settings\\tlntsvr.exe
Details	File	2	winhp.tmp
Details	File	1	1tmp.exe
Details	File	3	win32.cs
Details	File	1	zpmbl.php
Details	File	1	deegv.php
Details	md5	1	7c458a2d76e1270e5add6c0ec8c02815
Details	md5	1	B1497751D08A99181EB981B7110935DC
Details	md5	1	27AE3C32B4D80BCD5A3D69613CB8EAB6
Details	md5	1	4DD8A05B976BF586A9ACC126E985B252
Details	md5	2	D679CFCD2096E351DBBBB968B52B6C3C
Details	md5	1	e38f3b357813dd2181f22ea68726e1b8
Details	sha256	1	195d3a0e5c498b2fc092f05520fc8823e12f913d5dc5ba534eee1b67ea2822e6
Details	sha256	1	c89abd88d215131e4b3620ea970a2ea2011220899dc89d93eaac56ac2278c523
Details	IPv4	1	168.95.4.112
Details	IPv4	1	59.120.229.228
Details	IPv4	1	4.6.8.6
Details	IPv4	1	59.120.229.0
Details	IPv4	1	59.120.229.255
Details	IPv4	1	7.11.12.65
Details	IPv4	41	2.0.3.7
Details	IPv4	17	5.3.2.6
Details	IPv4	6	5.1.0.8
Details	IPv4	16	4.6.2.117
Details	IPv4	10	3.1.1.104
Details	IPv4	10	8.0.0.5
Details	IPv4	6	111.1.0.186
Details	IPv4	11	6.7.0.1
Details	IPv4	9	3.12.16.4
Details	IPv4	1	14.0.135.0
Details	IPv4	2	203.90.100.21
Details	IPv4	1	203.90.64.0
Details	IPv4	1	203.90.127.255
Details	IPv4	2	222.101.218.86
Details	IPv4	1	222.96.0.0
Details	IPv4	1	222.127.255.255
Details	IPv4	1	119.73.230.3
Details	IPv4	1	119.73.230.0
Details	IPv4	1	119.73.230.15
Details	Url	1	http://someipordomain/qfgkt.php?id=030696111d308d0e8d
Details	Url	4	http://aaaaa/bbbbb.php?id=xxxxxxyyyyyyyyyyyy
Details	Url	1	http://www.virustotal.com/file-scan/report.html?id=195d3a0e5c498b2fc092f05520fc8823e12f913d5dc5ba534eee1b67ea2822e6
Details	Url	1	http://www.virustotal.com/file-scan/report.html?id=c89abd88d215131e4b3620ea970a2ea2011220899dc89d93eaac56ac2278c523
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run