ioc[.]one - OSINT Cyber Threat Intelligence Database

AlienSpy Java RAT samples and traffic information

Tags

country:	Switzerland Saudi Arabia United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	a785c2fd-7e0a-42f1-a3b4-51fbf3aff5f3
Fingerprint	6abfe19c00067f94
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 17, 2014, 4:16 p.m.
Added to db	Jan. 18, 2023, 7:46 p.m.
Last updated	Nov. 17, 2024, 9:42 p.m.
Headline	UNKNOWN
Title	AlienSpy Java RAT samples and traffic information
Detected Hints/Tags/Attributes	67/3/134

Source URLs

	Redirection	Url
Details	Source	http://contagiodump.blogspot.com/2014/11/alienspy-java-rat-samples-and-traffic.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	contagiodump.blogspot.com

Attributes

Details	Type	#Events	Value
Details	Domain	28	docs.oracle.com
Details	Domain	1	www.kdgregory.com
Details	Domain	1	staf.cs.ui.ac.id
Details	Domain	3	alienspy.net
Details	Domain	8	java.sun.com
Details	Domain	1	212.clients.instantdedis.com
Details	Domain	5	fdcservers.net
Details	Domain	1	webmail.app.magix-online.com
Details	Domain	1	smtp.app.magix-online.com
Details	Domain	1	webmail.magix-online.com
Details	Domain	1	brentyil.org
Details	Domain	272	outlook.com
Details	Domain	1	meetngreetindia.com
Details	Domain	1	mahanadi3.ewebguru.net
Details	Domain	268	www.virustotal.com
Details	Domain	1	installone.no-ip.biz
Details	Domain	1	mgw.ch
Details	Domain	1	softplus.net
Details	Domain	15	trojan.java
Details	Domain	20	exploit.java
Details	Email	1	20141116145406.horde.yl7l4bi7ap6_nxm76ddeaw2@webmail.magix-online.com
Details	Email	1	purchase@brentyil.org
Details	Email	1	jingwings@outlook.com
Details	Email	1	rolf.tschumi@mgw.ch
Details	Email	1	abuse@softplus.net
Details	File	1	db46adcfae462e7c475c171fbe66df82_paymentadvice.jar
Details	File	1	01234.exe
Details	File	1	transfer.jar
Details	File	2	order.jar
Details	File	1	b2856b11ff23d35da2c9c906c61781ba_purchaseorder.jar
Details	File	85	protocol.html
Details	File	1205	index.php
Details	File	1	staf.cs
Details	File	1	ch11.pdf
Details	File	1	paymentadvice.jar
Details	File	4	stub.dll
Details	File	1	14583359.bat
Details	File	1	29ovhaabdr.tmp
Details	File	1	asdqw15727804162199772615555.jar
Details	File	1	asdqw4727319084772952101234.exe
Details	File	1	cnregyvlbs.txt
Details	File	196	desktop.ini
Details	File	1	dfr5.tmp
Details	File	1	iwimmqlgpst2624529381479181764.png
Details	File	1	oiufr7lcfxq1847924646026958055.vbs
Details	File	1	tem.txt
Details	File	1	unxx0jihww.txt
Details	File	1	xoojlyrm61.tmp
Details	File	1	%userprofile%\application data\evt88iwdho\cnregyvlbs.txt
Details	File	1	%userprofile%\application data\evt88iwdho\desktop.ini
Details	File	1	%userprofile%\local settings\temp\asdqw15727804162199772615555.jar
Details	File	1	%userprofile%\local settings\temp\iwimmqlgpst2624529381479181764.png
Details	File	1	%userprofile%\29ovhaabdr.tmp
Details	File	1	%userprofile%\\application data\9bor9j6crd\desktop.ini
Details	File	1	%userprofile%\\application data\9bor9j6crd\unxx0jihww.txt
Details	File	1	%userprofile%\\local settings\temp\14583359.bat
Details	File	1	%userprofile%\\local settings\temp\asdqw4727319084772952101234.exe
Details	File	1	%userprofile%\\local settings\temp\oiufr7lcfxq1847924646026958055.vbs
Details	File	1	15555.jar
Details	File	1	%userprofile%\application data\jcwdpuepch\desktop.ini
Details	File	1	%userprofile%\application data\jcwdpuepch\lcusmagrlf.txt
Details	File	30	index.dat
Details	File	1	%userprofile%\vblvc5keqy.tmp
Details	File	1	%userprofile%\local settings\temp\tasknetworkgathor267205042636993976.reg
Details	File	1	lcusmagrlf.txt
Details	File	1	tasknetworkgathor267205042636993976.reg
Details	File	1	vblvc5keqy.tmp
Details	File	1	%userprofile%\application data\sys32\desktop.ini
Details	File	1	%userprofile%\application data\sys32\windows.jar
Details	File	1	%userprofile%\wwmi853jfc.tmp
Details	File	1	%userprofile%\local settings\temp\tasknetworkgathor7441169770678304780.reg
Details	File	1	dfra.tmp
Details	File	1	tasknetworkgathor7441169770678304780.reg
Details	File	1	windows.jar
Details	File	1	wwmi853jfc.tmp
Details	File	1	purchase.jar
Details	File	1	15555.exe
Details	File	1	sfer.jar
Details	File	1	55.jar
Details	File	101	gate.php
Details	File	2	advice.jar
Details	File	15	trojan.java
Details	File	20	exploit.java
Details	md5	1	DB46ADCFAE462E7C475C171FBE66DF82
Details	md5	1	FAB8DE636D6F1EC93EEECAADE8B9BC68
Details	md5	1	B5E7CD42B45F8670ADAF96BBCA5AE2D0
Details	md5	1	79E9DD35AEF6558461C4B93CD0C55B76
Details	md5	1	b2856b11ff23d35da2c9c906c61781ba
Details	md5	1	11691d9f7d585c528ca22f7ba6f4a131
Details	md5	1	3d9ffbe03567067ae0d68124b5b7b748
Details	md5	1	f2701642ac72992c983cb85981a5aeb6
Details	md5	1	3edfd511873b30d1373a4dc54db336ee
Details	md5	1	b0ef7ff41caf69d9ae076c605653c4c7
Details	md5	1	64fb8dfb8d25a0273081e78e7c40ca5e
Details	md5	1	abe6ef71e44d2e145033800d0dccea57
Details	md5	1	fab8de636d6f1ec93eeecaade8b9bc68
Details	md5	1	b5e7cd42b45f8670adaf96bbca5ae2d0
Details	md5	1	9E1EDE0DEDADB7AF34C0222ADA2D58C9
Details	md5	1	d020b9fdac0139d43997f9ec14fa5947
Details	md5	1	a396d2898e8a83aa5233c4258de006e3
Details	md5	1	042c2fa9077d96478ce585d210641d9a
Details	md5	1	79e9dd35aef6558461c4b93cd0c55b76
Details	md5	1	e783bdd20a976eaeaae1ff4624487420
Details	md5	1	b431d50792262b0ef75a3d79a4ca4a81
Details	md5	1	6486acf0ca96ecdc981398855255b699
Details	md5	19	d41d8cd98f00b204e9800998ecf8427e
Details	md5	1	b5c6ea9aaf042d88ee8cd61ec305880b
Details	md5	1	B2856B11FF23D35DA2C9C906C61781BA
Details	md5	1	311af3b9a52ffc58f46ad83afb1e93b6
Details	md5	1	8e222c61fc55c230407ef1eb21a7daa9
Details	md5	1	db46adcfae462e7c475c171fbe66df82
Details	sha1	1	a2e74aef2c17329f0e8e8f347c62a6a03d16b944
Details	sha1	3	7110eda4d09e062aa5e4a390b0a572ac0d2c0220
Details	sha1	1	2b43211053d00147b2cb9847843911c771fd3db4
Details	sha256	1	02d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45
Details	sha256	1	733c037f886d91b6874ac4a2de5b32ca1e7f7f992928b01579b76603b233110c
Details	sha256	1	91d71b06c99fe25271ba19c1c47c2d1ba85e78c2d7d5ae74e97417dc958dc725
Details	IPv4	1	204.45.207.40
Details	IPv4	1	38.89.137.248
Details	IPv4	1	193.254.184.250
Details	IPv4	1	206.217.192.188
Details	IPv4	1	50.28.15.25
Details	IPv4	1	185.32.221.17
Details	IPv4	1	185.32.220.0
Details	IPv4	1	185.32.223.255
Details	Url	1	https://docs.oracle.com/javase/7/docs/platform/serialization/spec/protocol.html
Details	Url	1	http://www.kdgregory.com/index.php?page=java.serialization
Details	Url	1	http://staf.cs.ui.ac.id/webkuliah/java/masteringjavabeans/ch11.pdf
Details	Url	1	https://alienspy.net
Details	Url	1	http://java.sun.com/dtd/properties.dtd
Details	Url	1	http://meetngreetindia.com/scala/gate.php
Details	Url	1	https://www.virustotal.com/en/ip-address/50.28.15.25/information
Details	Url	1	https://www.virustotal.com/en/file/02d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45/analysis/sha256
Details	Url	1	https://www.virustotal.com/en/file/91d71b06c99fe25271ba19c1c47c2d1ba85e78c2d7d5ae74e97417dc958dc725/analysis