ioc[.]one - OSINT Cyber Threat Intelligence Database

May 31 CVE-2010-3333 DOC President Obama's Speech.doc from compromised louisvilleheartsurgery.com w Trojan Taidoor

Tags

country:	China United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Whois - T1596.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	b89e5094-19c7-41bf-86d9-f89fc68eba41
Fingerprint	36d2940f618236d4
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 13, 2011, 10:04 p.m.
Added to db	Jan. 18, 2023, 7:45 p.m.
Last updated	Nov. 17, 2024, 11:36 p.m.
Headline	UNKNOWN
Title	May 31 CVE-2010-3333 DOC President Obama's Speech.doc from compromised louisvilleheartsurgery.com w Trojan Taidoor
Detected Hints/Tags/Attributes	76/3/218

Source URLs

	Redirection	Url
Details	Source	http://contagiodump.blogspot.com/2011/06/common-vulnerabilities-and-exposures_13.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	contagiodump.blogspot.com

Attributes

Details	Type	#Events	Value
Details	CVE	79	cve-2010-3333
Details	Domain	5	louisvilleheartsurgery.com
Details	Domain	4	mail.louisvilleheartsurgery.com
Details	Domain	1	mail.dailynews.com
Details	Domain	4	ucsamd.com
Details	Domain	1175	gmail.com
Details	Domain	6	suspicious.cloud
Details	Domain	12	att.com
Details	Domain	52	whois.arin.net
Details	Domain	3	gatortech.com
Details	Domain	3	vortex.gatortech.com
Details	Domain	14	www.robtex.com
Details	Domain	3	dudleycarson.com
Details	Domain	3	sarasota-gulfcoast.com
Details	Domain	3	yourhometownsweethearts.com
Details	Domain	3	allstarrealtytony.com
Details	Domain	3	rightwaysales.com
Details	Domain	22	www.threatexpert.com
Details	Email	1	everyday@mail.dailynews.com
Details	Email	2	cbricks@gmail.com
Details	Email	3	ipadmin@att.com
Details	File	4	speech.doc
Details	File	5	a.doc
Details	File	63	report.html
Details	File	5	exploit.rtf
Details	File	6	qfgkt.php
Details	File	5	bbbbb.php
Details	File	7	2.doc
Details	File	6	ups.exe
Details	File	1122	svchost.exe
Details	File	7	dfds3.reg
Details	File	1	c:\\documents and settings\\mila\\local settings\\ups.exe
Details	File	4	sasfis.bk
Details	File	533	ntdll.dll
Details	File	7	flashutil.exe
Details	File	3	fvlbk.php
Details	File	3	epzkq.php
Details	File	3	vkreb.php
Details	File	3	wmssk.php
Details	File	3	ldtxh.php
Details	File	4	102.html
Details	File	19	report.aspx
Details	File	2	iiohf.php
Details	File	2	figuq.php
Details	File	2	heisp.php
Details	File	2	qtcbv.php
Details	File	2	hlobe.php
Details	File	2	tlhdt.php
Details	File	2	vyqld.php
Details	File	2	ttlvm.php
Details	File	2	vocpb.php
Details	File	2	ixoga.php
Details	File	2	mrhfu.php
Details	File	2	uklxd.php
Details	File	2	mwmco.php
Details	File	2	mnopi.php
Details	File	2	janim.php
Details	File	2	ashlg.php
Details	File	2	ygzad.php
Details	File	2	bpomm.php
Details	File	2	rjjoe.php
Details	File	2	cslvv.php
Details	File	2	vghtg.php
Details	File	2	kbyny.php
Details	File	2	ypanf.php
Details	File	2	gmvrl.php
Details	File	2	xtjan.php
Details	File	2	ofypv.php
Details	File	2	luiae.php
Details	File	2	ksycs.php
Details	File	2	ydtff.php
Details	File	2	vskti.php
Details	File	2	tzdhx.php
Details	File	2	qgzrs.php
Details	File	2	gjyxf.php
Details	File	2	nhfwt.php
Details	File	2	uokpr.php
Details	File	2	tfbop.php
Details	File	2	mctvb.php
Details	File	2	qkyqc.php
Details	File	2	balzi.php
Details	File	2	nacey.php
Details	File	2	udgnd.php
Details	File	2	lwcnf.php
Details	File	2	zlkqq.php
Details	File	2	goydj.php
Details	File	2	adljt.php
Details	File	2	bzymc.php
Details	File	2	otcvx.php
Details	File	2	yjzbo.php
Details	md5	1	35C33BBD97D7F5629D64153A1B3E71F1
Details	md5	1	35c33bbd97d7f5629d64153a1b3e71f1
Details	md5	2	5EA58C5F12405A4E959234134123380D
Details	md5	2	5ea58c5f12405a4e959234134123380d
Details	sha256	1	7e9be305cdf932eadf9a7fa53c9f50ae951a27ee1c0b0c583c93c814bea4be8c
Details	sha256	2	bb40b1e17e37e0fba0f40d42d2064e97d32cb20f1fc3ea49f33781c570182196
Details	IPv4	3	66.147.51.202
Details	IPv4	3	192.168.20.2
Details	IPv4	1	7.11.9.168
Details	IPv4	41	2.0.3.7
Details	IPv4	12	0.97.0.0
Details	IPv4	17	5.3.2.6
Details	IPv4	10	3.1.1.104
Details	IPv4	39	7.0.3.5
Details	IPv4	6	111.1.0.186
Details	IPv4	3	99.1.23.71
Details	IPv4	2	7.11.9.167
Details	IPv4	19	10.0.3.5
Details	IPv4	3	3.12.16.1
Details	IPv4	3	65.87.199.102
Details	IPv4	3	99.1.23.64
Details	Url	1	http://www.virustotal.com/file-scan/report.html?id=7e9be305cdf932eadf9a7fa53c9f50ae951a27ee1c0b0c583c93c814bea4be8c
Details	Url	3	http://99.1.23.71/qfgkt.php?id=030696111d308d0e8d
Details	Url	4	http://aaaaa/bbbbb.php?id=xxxxxxyyyyyyyyyyyy
Details	Url	2	http://www.virustotal.com/file-scan/report.html?id=bb40b1e17e37e0fba0f40d42d2064e97d32cb20f1fc3ea49f33781c570182196
Details	Url	3	http://99.1.23.71:443/epzkq.php?id=018399121212121212
Details	Url	3	http://99.1.23.71:443/vkreb.php?id=017322121212121212
Details	Url	3	http://65.87.199.102:443/vkreb.php?id=020437121212121212
Details	Url	3	http://www.robtex.com/ip/65.87.199.102.html
Details	Url	1	http://www.threatexpert.com/report.aspx?md5=5ea58c5f12405a4e959234134123380d
Details	Url	2	http://99.1.23.71:443/iiohf.php?id=029590121212121212
Details	Url	2	http://65.87.199.102:443/iiohf.php?id=024326121212121212
Details	Url	2	http://99.1.23.71:443/figuq.php?id=025431121212121212
Details	Url	2	http://65.87.199.102:443/figuq.php?id=017975121212121212
Details	Url	2	http://99.1.23.71:443/heisp.php?id=014218121212121212
Details	Url	2	http://65.87.199.102:443/heisp.php?id=013836121212121212
Details	Url	2	http://99.1.23.71:443/qtcbv.php?id=022665121212121212
Details	Url	2	http://65.87.199.102:443/qtcbv.php?id=003529121212121212
Details	Url	2	http://99.1.23.71:443/hlobe.php?id=004518121212121212
Details	Url	2	http://65.87.199.102:443/hlobe.php?id=009835121212121212
Details	Url	2	http://65.87.199.102:443/epzkq.php?id=012316121212121212
Details	Url	2	http://99.1.23.71:443/tlhdt.php?id=015598121212121212
Details	Url	2	http://65.87.199.102:443/tlhdt.php?id=026804121212121212
Details	Url	2	http://99.1.23.71:443/vyqld.php?id=024007121212121212
Details	Url	2	http://65.87.199.102:443/vyqld.php?id=008414121212121212
Details	Url	2	http://99.1.23.71:443/ttlvm.php?id=013126121212121212
Details	Url	2	http://65.87.199.102:443/ttlvm.php?id=022955121212121212
Details	Url	2	http://99.1.23.71:443/vocpb.php?id=011307121212121212
Details	Url	2	http://65.87.199.102:443/vocpb.php?id=006291121212121212
Details	Url	2	http://99.1.23.71:443/ixoga.php?id=008375121212121212
Details	Url	2	http://65.87.199.102:443/ixoga.php?id=019758121212121212
Details	Url	2	http://99.1.23.71:443/mrhfu.php?id=029330121212121212
Details	Url	2	http://65.87.199.102:443/mrhfu.php?id=010690121212121212
Details	Url	2	http://99.1.23.71:443/uklxd.php?id=002815121212121212
Details	Url	2	http://65.87.199.102:443/uklxd.php?id=008982121212121212
Details	Url	2	http://99.1.23.71:443/mwmco.php?id=031260121212121212
Details	Url	2	http://65.87.199.102:443/mwmco.php?id=028267121212121212
Details	Url	2	http://99.1.23.71:443/mnopi.php?id=028612121212121212
Details	Url	2	http://65.87.199.102:443/mnopi.php?id=023566121212121212
Details	Url	2	http://99.1.23.71:443/janim.php?id=006088121212121212
Details	Url	2	http://65.87.199.102:443/janim.php?id=030408121212121212
Details	Url	2	http://99.1.23.71:443/ashlg.php?id=002182121212121212
Details	Url	2	http://65.87.199.102:443/ashlg.php?id=016018121212121212
Details	Url	2	http://99.1.23.71:443/ygzad.php?id=011976121212121212
Details	Url	2	http://65.87.199.102:443/ygzad.php?id=020329121212121212
Details	Url	2	http://99.1.23.71:443/bpomm.php?id=020982121212121212
Details	Url	2	http://65.87.199.102:443/bpomm.php?id=002109121212121212
Details	Url	2	http://99.1.23.71:443/rjjoe.php?id=008994121212121212
Details	Url	2	http://65.87.199.102:443/rjjoe.php?id=015622121212121212
Details	Url	2	http://99.1.23.71:443/cslvv.php?id=028657121212121212
Details	Url	2	http://65.87.199.102:443/cslvv.php?id=009700121212121212
Details	Url	2	http://99.1.23.71:443/vghtg.php?id=002106121212121212
Details	Url	2	http://65.87.199.102:443/vghtg.php?id=018698121212121212
Details	Url	2	http://99.1.23.71:443/kbyny.php?id=010796121212121212
Details	Url	2	http://65.87.199.102:443/kbyny.php?id=032222121212121212
Details	Url	2	http://99.1.23.71:443/ypanf.php?id=017108121212121212
Details	Url	2	http://65.87.199.102:443/ypanf.php?id=024083121212121212
Details	Url	2	http://99.1.23.71:443/gmvrl.php?id=018065121212121212
Details	Url	2	http://65.87.199.102:443/gmvrl.php?id=003381121212121212
Details	Url	2	http://99.1.23.71:443/xtjan.php?id=027263121212121212
Details	Url	2	http://65.87.199.102:443/xtjan.php?id=010227121212121212
Details	Url	2	http://99.1.23.71:443/ofypv.php?id=015393121212121212
Details	Url	2	http://65.87.199.102:443/ofypv.php?id=023673121212121212
Details	Url	2	http://99.1.23.71:443/luiae.php?id=005768121212121212
Details	Url	2	http://65.87.199.102:443/luiae.php?id=022611121212121212
Details	Url	2	http://99.1.23.71:443/ksycs.php?id=024451121212121212
Details	Url	2	http://65.87.199.102:443/ksycs.php?id=023453121212121212
Details	Url	2	http://99.1.23.71:443/ydtff.php?id=025174121212121212
Details	Url	2	http://65.87.199.102:443/ydtff.php?id=010519121212121212
Details	Url	2	http://99.1.23.71:443/vskti.php?id=003464121212121212
Details	Url	2	http://65.87.199.102:443/vskti.php?id=030690121212121212
Details	Url	2	http://99.1.23.71:443/tzdhx.php?id=011630121212121212
Details	Url	2	http://65.87.199.102:443/tzdhx.php?id=028644121212121212
Details	Url	2	http://99.1.23.71:443/qgzrs.php?id=026953121212121212
Details	Url	2	http://65.87.199.102:443/qgzrs.php?id=002819121212121212
Details	Url	2	http://99.1.23.71:443/gjyxf.php?id=015749121212121212
Details	Url	2	http://65.87.199.102:443/gjyxf.php?id=012118121212121212
Details	Url	2	http://99.1.23.71:443/nhfwt.php?id=010929121212121212
Details	Url	2	http://65.87.199.102:443/nhfwt.php?id=003353121212121212
Details	Url	2	http://99.1.23.71:443/uokpr.php?id=022892121212121212
Details	Url	2	http://65.87.199.102:443/uokpr.php?id=016839121212121212
Details	Url	2	http://99.1.23.71:443/tfbop.php?id=001928121212121212
Details	Url	2	http://65.87.199.102:443/tfbop.php?id=019181121212121212
Details	Url	2	http://99.1.23.71:443/mctvb.php?id=016834121212121212
Details	Url	2	http://65.87.199.102:443/mctvb.php?id=020153121212121212
Details	Url	2	http://99.1.23.71:443/qkyqc.php?id=017507121212121212
Details	Url	2	http://65.87.199.102:443/qkyqc.php?id=022713121212121212
Details	Url	2	http://99.1.23.71:443/balzi.php?id=010407121212121212
Details	Url	2	http://65.87.199.102:443/balzi.php?id=001853121212121212
Details	Url	2	http://99.1.23.71:443/nacey.php?id=017409121212121212
Details	Url	2	http://65.87.199.102:443/nacey.php?id=007558121212121212
Details	Url	2	http://99.1.23.71:443/udgnd.php?id=000997121212121212
Details	Url	2	http://65.87.199.102:443/udgnd.php?id=030448121212121212
Details	Url	2	http://99.1.23.71:443/lwcnf.php?id=019193121212121212
Details	Url	2	http://65.87.199.102:443/lwcnf.php?id=013732121212121212
Details	Url	2	http://99.1.23.71:443/zlkqq.php?id=023888121212121212
Details	Url	2	http://65.87.199.102:443/zlkqq.php?id=024162121212121212
Details	Url	2	http://99.1.23.71:443/goydj.php?id=029390121212121212
Details	Url	2	http://65.87.199.102:443/goydj.php?id=006897121212121212
Details	Url	2	http://99.1.23.71:443/adljt.php?id=011083121212121212
Details	Url	2	http://65.87.199.102:443/adljt.php?id=022793121212121212
Details	Url	2	http://99.1.23.71:443/bzymc.php?id=017084121212121212
Details	Url	2	http://65.87.199.102:443/bzymc.php?id=004077121212121212
Details	Url	2	http://99.1.23.71:443/otcvx.php?id=020400121212121212
Details	Url	2	http://65.87.199.102:443/otcvx.php?id=021512121212121212
Details	Url	2	http://99.1.23.71:443/yjzbo.php?id=026078121212121212
Details	Url	2	http://65.87.199.102:443/yjzbo.php?id=018125121212121212
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run