Into the Fog - The Return of ICEFOG APT
Tags
Common Information
| Type | Value |
|---|---|
| UUID | d40fde38-a0a5-4a5b-89ec-3a0b580ea54a |
| Fingerprint | df08ddd1bd6d16ee |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 3, 2019, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:30 p.m. |
| Headline | Into the Fog - The Return of ICEFOG APT |
| Title | Into the Fog - The Return of ICEFOG APT |
| Detected Hints/Tags/Attributes | 147/3/182 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | Domain | 17 | www.anomali.com |
|
| Details | Domain | 15 | foo.com |
|
| Details | Domain | 2 | 100911.com |
|
| Details | Domain | 1 | sinkhole.yourtrap.com |
|
| Details | Domain | 1 | 153.xxx.xxx.xxx |
|
| Details | Domain | 1 | dnservers.itemdb.com |
|
| Details | Domain | 1 | russion.dnsedc.com |
|
| Details | Domain | 1 | bulgaa.sportsnewsa.net |
|
| Details | Domain | 1 | zaluu.dellnewsup.net |
|
| Details | Domain | 1 | win.dellnewsup.net |
|
| Details | Domain | 1 | mn.dellnewsup.net |
|
| Details | Domain | 1 | news.dellnewsup.net |
|
| Details | Domain | 1 | date.dellnewsup.net |
|
| Details | Domain | 1 | dwm.dnsedc.com |
|
| Details | Domain | 1 | dellnewsup.net |
|
| Details | Domain | 1 | sportsnewsa.net |
|
| Details | Domain | 1 | dnsedc.com |
|
| Details | Domain | 1 | dnsqaz.com |
|
| Details | Domain | 2 | systemupdate5.dtdns.net |
|
| Details | Domain | 2 | transactiona.com |
|
| Details | Domain | 1 | googlenewsup.net |
|
| Details | Domain | 2 | futuresgolda.com |
|
| Details | Domain | 1 | googltrend.com |
|
| Details | Domain | 1 | financenewsu.net |
|
| Details | Domain | 1 | micronewsup.net |
|
| Details | Domain | 1 | dellindustry.com |
|
| Details | Domain | 1 | newsupdatea.net |
|
| Details | Domain | 22 | 126.com |
|
| Details | Domain | 5 | 2014.zeronights.org |
|
| Details | Domain | 1 | ddns.epac.to |
|
| Details | Domain | 1 | poff.wha.la |
|
| Details | Domain | 1 | zorsoft.ns1.name |
|
| Details | Domain | 4 | tajikstantravel.dynamic-dns.net |
|
| Details | Domain | 1 | cospation.net |
|
| Details | Domain | 1 | mitian123.com |
|
| Details | Domain | 1 | mocus.cospation.net |
|
| Details | Domain | 4 | tele.zyns.com |
|
| Details | Domain | 4 | uzwatersource.dynamic-dns.net |
|
| Details | Domain | 4 | trendiis.sixth.biz |
|
| Details | Domain | 3 | laugh.toh.info |
|
| Details | Domain | 3 | aries.epac.to |
|
| Details | Domain | 3 | kastygost.compress.to |
|
| Details | Domain | 1 | yahzee.eyellowarm.com |
|
| Details | Domain | 1 | eyellowarm.com |
|
| Details | Domain | 1 | news.eyellowarm.com |
|
| Details | Domain | 1 | meal.eyellowarm.com |
|
| Details | Domain | 1 | www.benzerold.com |
|
| Details | Domain | 1 | ph4.01transport.com |
|
| Details | Domain | 1 | durian.appleleveno.com |
|
| Details | Domain | 1 | adove.benzerold.com |
|
| Details | Domain | 1 | benzerold.com |
|
| Details | Domain | 1 | mailback.benzerold.com |
|
| Details | Domain | 1 | ph2.01transport.com |
|
| Details | Domain | 1 | phldt.appleleveno.com |
|
| Details | Domain | 1 | mecaf.benzerold.com |
|
| Details | Domain | 1 | ipad.appleleveno.com |
|
| Details | Domain | 1 | course.appleleveno.com |
|
| Details | Domain | 1 | well.suverycool.com |
|
| Details | Domain | 1 | pldt.benzerold.com |
|
| Details | Domain | 1 | www.knightpal.com |
|
| Details | Domain | 1 | banana.appleleveno.com |
|
| Details | Domain | 1 | appleleveno.com |
|
| Details | Domain | 1 | node-ph-mnl2.kyssrcd.pw |
|
| Details | Domain | 1 | isafp.numnote.com |
|
| Details | Domain | 1 | ph1vip.blue-vpn.net |
|
| Details | Domain | 1 | news.numnote.com |
|
| Details | Domain | 1 | news.kaboolyn.com |
|
| Details | Domain | 1 | topic.numnote.com |
|
| Details | Domain | 1 | dns01.comesafe.com |
|
| Details | Domain | 1 | is01.knightpal.com |
|
| Details | Domain | 1 | news.yahzee.eyellowarm.com |
|
| Details | Domain | 1 | kaboolyn.com |
|
| Details | Domain | 1 | dns1.kaboolyn.com |
|
| Details | Domain | 1 | yahzee.yahzee.eyellowarm.com |
|
| Details | Domain | 1 | ds03.numnote.com |
|
| Details | Domain | 1 | message.benzerold.com |
|
| Details | Domain | 1 | pop3.numnote.com |
|
| Details | Domain | 1 | afp1.kaboolyn.com |
|
| Details | Domain | 1 | trans.numnote.com |
|
| Details | Domain | 1 | usiszero.benzerold.com |
|
| Details | Domain | 1 | numnote.com |
|
| Details | Domain | 1 | pldt.knightpal.com |
|
| Details | Domain | 1 | ph1.numnote.com |
|
| Details | Domain | 1 | ns1.01transport.com |
|
| Details | Domain | 1 | pldtcon.knightpal.com |
|
| Details | Domain | 1 | afp1.knightpal.com |
|
| Details | Domain | 1 | appdata.appleleveno.com |
|
| Details | Domain | 1 | ns2.01transport.com |
|
| Details | Domain | 1 | ns01.knightpal.com |
|
| Details | Domain | 1 | ph.01transport.com |
|
| Details | Domain | 1 | support.numnote.com |
|
| Details | Domain | 1 | ph1.01transport.com |
|
| Details | Domain | 1 | knightpal.com |
|
| Details | Domain | 1 | pnoc1.numnote.com |
|
| Details | Domain | 1 | 01transport.com |
|
| Details | Domain | 4 | nicodonald.accesscam.org |
|
| Details | Domain | 5 | skylineqaz.crabdance.com |
|
| Details | Domain | 3 | ylineqaz-y25ja.crabdance.com |
|
| Details | Domain | 1 | youareexcellent.kozow.com |
|
| Details | Domain | 1 | xn--uareexcellent-or3qa.kozow.com |
|
| Details | Domain | 1 | eagleoftajik.dynamic-dns.net |
|
| Details | Domain | 1 | tajikmusic.dynamic-dns.net |
|
| Details | Domain | 3 | https.ikwb.com |
|
| Details | Domain | 1 | nitec.ns1.name |
|
| Details | Domain | 1 | bluesky.zyns.com |
|
| Details | Domain | 1 | moonlight.compress.to |
|
| Details | Domain | 3 | niteast.strangled.net |
|
| Details | Domain | 1 | whitebirds.mefound.com |
|
| Details | Domain | 1 | game.sexidude.com |
|
| Details | Domain | 3 | honoroftajik.dynamic-dns.net |
|
| Details | Domain | 1 | www.ddns.epac.to |
|
| Details | File | 13 | view.asp |
|
| Details | File | 4 | update.asp |
|
| Details | File | 5 | upfile.asp |
|
| Details | File | 5 | upload.aspx |
|
| Details | File | 1 | fmonitor.dat |
|
| Details | File | 1 | filecfg_temp.dat |
|
| Details | File | 1 | 314.jpg |
|
| Details | File | 104 | sqlite3.dll |
|
| Details | File | 1 | tsalin.docx |
|
| Details | File | 1 | toot.docx |
|
| Details | File | 5 | roaming_tiger_zeronights_2014.pdf |
|
| Details | File | 1 | ddns.ep |
|
| Details | File | 5 | 2018.doc |
|
| Details | File | 1 | workplan.doc |
|
| Details | File | 1 | al_dt_20-spr_14.doc |
|
| Details | File | 1 | listesi.doc |
|
| Details | File | 1 | agat.doc |
|
| Details | File | 1 | счет.doc |
|
| Details | File | 1 | задание.doc |
|
| Details | File | 1 | корее.doc |
|
| Details | File | 5 | toh.inf |
|
| Details | File | 3 | aries.ep |
|
| Details | File | 8 | nvsmartmax.dll |
|
| Details | File | 76 | netsh.exe |
|
| Details | File | 4 | outllib.dll |
|
| Details | File | 2 | doc.rtf |
|
| Details | File | 1 | doc20190301018.doc |
|
| Details | md5 | 1 | 9ca6d45643f89bf233f08b7d74910346 |
|
| Details | md5 | 1 | d00a34baad19d40dcefbadb0942a2e4d |
|
| Details | md5 | 1 | 71e5b89d5a804ddbe84fa4950bf97ac7 |
|
| Details | md5 | 1 | 88d667cc01c4d8ee32e9de116f3bfdeb |
|
| Details | md5 | 1 | 6fffdb88292eeed0483b4030e58f401e |
|
| Details | md5 | 2 | 46d91a91ecdf9c0abc7355c4e7cf08fc |
|
| Details | md5 | 1 | 80883df4e89d5632fa72a85057773538 |
|
| Details | md5 | 1 | 7fa8c07634f937a1fcef9180531dc2e4 |
|
| Details | md5 | 1 | e7c5307691772a058fa7d9e8ea426a59 |
|
| Details | md5 | 1 | c2893fefcadbc7fed4fe74ea56133901 |
|
| Details | md5 | 1 | 63f9eaf7a80231480687b134b1915bd0 |
|
| Details | md5 | 2 | 30528dc0c1e123dff51f40301cc03204 |
|
| Details | md5 | 2 | c65b73dde66184bae6ead97afd1b4c4b |
|
| Details | IPv4 | 1 | 45.125.13.1 |
|
| Details | IPv4 | 1 | 118.193.228.32 |
|
| Details | IPv4 | 1 | 45.77.134.195 |
|
| Details | IPv4 | 1 | 118.193.158.53 |
|
| Details | IPv4 | 2 | 103.242.134.146 |
|
| Details | IPv4 | 1 | 45.125.13.199 |
|
| Details | IPv4 | 1 | 27.255.80.226 |
|
| Details | IPv4 | 1 | 103.243.24.149 |
|
| Details | IPv4 | 1 | 103.242.134.140 |
|
| Details | IPv4 | 2 | 45.252.63.244 |
|
| Details | IPv4 | 1 | 103.242.132.197 |
|
| Details | IPv4 | 2 | 154.223.167.20 |
|
| Details | Mandiant Temporary Group Assumption | 3 | TEMP.CONIMES |
|
| Details | Pdb | 1 | e:\zc\https\https\86authenticateproxy\exeloader\release\rastls.pdb |
|
| Details | Pdb | 1 | rastls.pdb |
|
| Details | Pdb | 1 | c:\0426\86authenticateproxy\exeloader\release\rastls.pdb |
|
| Details | Pdb | 1 | d:\vvvvv\downloadccc0301\chen_http0301\source\server\64\exeloader\x64\release\linkinfo.pdb |
|
| Details | Pdb | 1 | linkinfo.pdb |
|
| Details | Pdb | 1 | myserver.pdb |
|
| Details | Pdb | 2 | uccodepiecego.pdb |
|
| Details | Pdb | 1 | d:\undercurrent\服务端\代码片服务端\过uac版本\专用代码片调用程序 \release\uccodepiecego.pdb |
|
| Details | Pdb | 1 | c:\0426\86authenticateproxy\exe loader\release\rastls.pdb |
|
| Details | Pdb | 1 | e:\zc\https\https\86authentic ateproxy\exeloader\release\ras tls.pdb |
|
| Details | Pdb | 1 | c:\users\sun\desktop \new_test\nvsmart\r elease\nvsmart.pdb |
|
| Details | Threat Actor Identifier - APT | 143 | APT40 |
|
| Details | Threat Actor Identifier - APT | 9 | APT9 |
|
| Details | Threat Actor Identifier - APT | 278 | APT10 |
|
| Details | Threat Actor Identifier - APT | 85 | APT15 |
|
| Details | Url | 3 | https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do- |
|
| Details | Url | 5 | http://2014.zeronights.org/assets/files/slides/roaming_tiger_zeronights_2014.pdf |