ioc[.]one - OSINT Cyber Threat Intelligence Database

CVE-2015-2545: overview of current threats

Tags

country:	Malaysia China Colombia Denmark Nepal Hong Kong Hungary India Indonesia Japan Kazakhstan Thailand Kyrgyzstan Myanmar Philippines Uzbekistan Vietnam Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Email Account - T1087.003 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	a729f78f-2824-4066-be7a-81c6bafff961
Fingerprint	b3058d11d3a32cc3
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 25, 2016, 10:56 a.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	CVE-2015-2545: overview of current threats
Title	CVE-2015-2545: overview of current threats
Detected Hints/Tags/Attributes	133/3/119

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	CVE	30	cve-2015-2545
Details	CVE	37	cve-2015-1701
Details	Domain	184	www.fireeye.com
Details	Domain	338	kaspersky.com
Details	Domain	7	nic.in
Details	Domain	1	mea.gov.in
Details	Domain	1174	gmail.com
Details	Domain	1	vastuxx.nic.in
Details	Domain	1	indianembassy.hu
Details	Domain	1	mout.gmx.com
Details	Domain	1	newsupdate.dynssl.com
Details	Domain	1	dnsnews.dns05.com
Details	Domain	2	accounts.serveftp.com
Details	Domain	1	goback.strangled.net
Details	Domain	1	carwiseplot.no-ip.org
Details	Domain	1	eranger.com.tw
Details	Domain	1	www.ocaler.mooo.com
Details	Domain	1	www.onmypc.serverpit.com
Details	Email	147	intelreports@kaspersky.com
Details	Email	1	dsfsi@nic.in
Details	Email	1	dsfsi@mea.gov.in
Details	Email	1	chumarpost@gmail.com
Details	Email	1	chancery@indianembassy.hu
Details	Email	1	amb.copenhagen@mea.gov.in
Details	Email	1	amb.bogota@mea.gov.in
Details	Email	1	richa.gaharwar@nic.in
Details	Email	1	janet@eranger.com.tw
Details	File	1	the-eps-awakens-part-two.html
Details	File	12	list.doc
Details	File	1	hotels.doc
Details	File	5	image1.ep
Details	File	1	h:\test.txt
Details	File	1	2016.docx
Details	File	1	appinfo.dat
Details	File	3	potplayermini.exe
Details	File	1	windowsmemstatus.txt
Details	File	5	potplayer.dll
Details	File	6	update.dat
Details	File	816	index.html
Details	File	2125	cmd.exe
Details	File	1	1-3說明檔.doc
Details	File	1	image002.gif
Details	File	1	image002.ep
Details	File	1	svcmondr.exe
Details	File	1	http.exe
Details	File	1	image001.ep
Details	File	478	lsass.exe
Details	File	1	iehelpermshtml.dll
Details	File	5	windowssystem32rundll32.exe
Details	File	1	m1.jpg
Details	File	48	mshtml.dll
Details	File	1	%temp%ixp000.tmp
Details	File	3	news.asp
Details	File	1	cessorieswordpade.exe
Details	File	1	wordpade.exe
Details	File	1	%temp%dumps.dat
Details	File	1	%temp%makescr.dat
Details	File	24	signons.sql
Details	File	64	logins.json
Details	md5	1	a90a329335fa0af64d8394b28e0f86c1
Details	md5	1	8FC628C9F43D42E2B77C2801518AF2A5
Details	md5	1	98c57aa9c7e3f90c4eb4afeba8128484
Details	md5	1	8052234dcd41a7d619acb0ec9636be0b
Details	md5	1	07f4b663cc3bcb5899edba9eaf9cf4b5
Details	md5	1	b751323586c5e36d1d644ab42888a100
Details	md5	1	8ad9cb6b948bcf7f9211887e0cf6f02a
Details	md5	1	be0cc8411c066eac246097045b73c282
Details	md5	1	bae673964e9bc2a45ebcc667895104ef
Details	md5	1	6bbdbf6d3b24b8bfa296b9c76b95bb2f
Details	md5	1	3fbe576d33595734a92a665e72e5a04f
Details	md5	1	aae962611da956a26a76d185455f1d44
Details	md5	1	3ed40dec891fd48c7ec6fa49b1058d24
Details	md5	1	1aefd1c30d1710f901c70be7f1366cae
Details	md5	1	f4c1e96717c82b14ca76384cb005fbe5
Details	md5	1	1ba92c6d35b7a31046e013d35fa48775
Details	md5	1	6d55eb3ced35c7479f67167d84bf15f0
Details	md5	1	C591263d56b57dfadd06a68dd9657343
Details	md5	1	Aebf03ceaef042a833ee5459016f5bde
Details	md5	1	Fd6636af7d2358c40fe6923b23a690e8
Details	md5	1	D91f101427a39d9f40c41aa041197a9c
Details	md5	1	B751323586c5e36d1d644ab42888a100
Details	md5	1	8cd2eb90fabd03ac97279d398b09a5e9
Details	md5	1	d0407e1a66ee2082a0d170814bd4ab02
Details	md5	1	4902abe46039d36b45ac8a39c745445a
Details	md5	2	f16903b2ff82689404f7d0820f461e5d
Details	md5	1	9469dd12136b6514d82c3b01d6082f59
Details	md5	1	d44e971b202d573f8c797845c90e4658
Details	md5	1	332397ec261393aaa58522c4357c3e48
Details	md5	1	2460871a040628c379e04f79af37060d
Details	md5	1	7a60da8198c4066cc52d79eecffcb327
Details	md5	1	d0533874d7255b881187e842e747c268
Details	md5	1	046b98a742cecc11fb18d9554483be2d
Details	IPv4	1	74.208.4.200
Details	IPv4	1	74.208.4.201
Details	IPv4	1	191.96.111.195
Details	IPv4	1	43.227.113.129
Details	IPv4	1	103.61.136.120
Details	IPv4	1	118.193.12.252
Details	IPv4	1	59.188.13.204
Details	IPv4	2	59.188.0.197
Details	IPv4	1	180.150.227.135
Details	IPv4	1	115.144.69.54
Details	IPv4	1	115.144.107.9
Details	IPv4	1	180.128.10.28
Details	Pdb	1	usersjohndesktoppotplayerreleasepotplayer.pdb
Details	Pdb	1	baiduyundownloadserviceexereleaseserviceexe.pdb
Details	Threat Actor Identifier - APT	11	APT16
Details	Url	1	https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html
Details	Url	1	http://goback.strangled.net:443
Details	Windows Registry Key	1	HKEY_USERSSoftwareMicrosoftWindowsCurrentVersionInternet
Details	Windows Registry Key	1	HKCUSoftwareMicrosoftWindowsCurrentVersionInternetSettingsConnectionsDefaultConnectionSettings
Details	Windows Registry Key	6	HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Details	Windows Registry Key	1	HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersioRun
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINESoftwareMicrosoftActive
Details	Windows Registry Key	2	HKEY_CURRENT_USERSoftwareMicrosoftInternet
Details	Windows Registry Key	1	HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet
Details	Windows Registry Key	6	HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
Details	Windows Registry Key	3	HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
Details	Windows Registry Key	1	HKEY_USERSSoftwareMicrosoftWindowsCurrentVersionRun