Inside the EquationDrug Espionage Platform
Tags
Common Information
| Type | Value |
|---|---|
| UUID | dde2b9f8-1b27-4c76-89f9-d634c3126804 |
| Fingerprint | be3d1853edbfb8c1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 11, 2015, 11 a.m. |
| Added to db | Jan. 18, 2023, 9:40 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Inside the EquationDrug Espionage Platform |
| Title | Inside the EquationDrug Espionage Platform |
| Detected Hints/Tags/Attributes | 112/2/92 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.waeservices.com |
|
| Details | Domain | 1 | www.pcreview.co.uk |
|
| Details | File | 2 | msndsrv.sys |
|
| Details | File | 1 | mscfg32.exe |
|
| Details | File | 1 | mscfg32.dll |
|
| Details | File | 1 | c:\windows\system\svchost32.exe |
|
| Details | File | 1 | %systemroot%\system32\mslog32.dat |
|
| Details | File | 1 | %systemroot%\system32\msperf32.dat |
|
| Details | File | 306 | services.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 3 | svchost32.exe |
|
| Details | File | 32 | %systemroot%\system32\svchost.exe |
|
| Details | File | 10 | %systemroot%\system32\lsass.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 1 | svchost32.dll |
|
| Details | File | 2 | yh56816.tmp |
|
| Details | File | 1 | unilay.dll |
|
| Details | File | 1 | winproc.exe |
|
| Details | File | 1 | wshcom.dll |
|
| Details | File | 1 | vnetapi32.dll |
|
| Details | File | 1 | perfcom.dll |
|
| Details | File | 1 | khlp680w.dll |
|
| Details | File | 1 | cmib158w.dll |
|
| Details | File | 1 | cmib456w.dll |
|
| Details | File | 1 | nls_874w.dll |
|
| Details | File | 1 | khlp807w.dll |
|
| Details | File | 1 | mstkpr.dll |
|
| Details | File | 1 | khlp760w.dll |
|
| Details | File | 1 | khlp733w.dll |
|
| Details | File | 1 | khlp747w.dll |
|
| Details | File | 1 | mscoreep32.dll |
|
| Details | File | 1 | khlp866w.dll |
|
| Details | File | 1 | nls933w.dll |
|
| Details | File | 1 | wpl913h.dll |
|
| Details | File | 1 | vnetapi.dll |
|
| Details | File | 1 | webmgr.dll |
|
| Details | File | 1 | wshapi.dll |
|
| Details | File | 2 | atmdkdrv.sys |
|
| Details | File | 2 | mstcp32.sys |
|
| Details | File | 2 | tdip.sys |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 1 | fat32.sys |
|
| Details | File | 14 | lsasrv.dll |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 1 | mstcp32-t1445152.html |
|
| Details | File | 1 | msrtvd.sys |
|
| Details | File | 165 | csrss.exe |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 115 | win32k.sys |
|
| Details | File | 1 | msrstd.sys |
|
| Details | File | 1 | volrec.sys |
|
| Details | File | 1 | scsi2mgr.sys |
|
| Details | File | 1 | win32m.sys |
|
| Details | File | 5 | nls_933w.dll |
|
| Details | md5 | 1 | 0a5e9b15014733ee7685d8c8be81fb0d |
|
| Details | md5 | 1 | c4f8671c1f00dab30f5f88d684af1927 |
|
| Details | md5 | 1 | c3af66b9ce29efe5ee34e87b6e136e3a |
|
| Details | md5 | 1 | 5767b9d851d0c24e13eca1bfd16ea424 |
|
| Details | md5 | 1 | EF4405930E6071AE1F7F6FA7D4F3397D |
|
| Details | md5 | 1 | 8d87a1845122bf090b3d8656dc9d60a8 |
|
| Details | md5 | 1 | 214f7a2c95bdc265888fbcd24e3587da |
|
| Details | md5 | 1 | 74DE13B5EA68B3DA24ADDC009F84BAEE |
|
| Details | md5 | 1 | B2C7339E87C932C491E34CDCD99FEB07 |
|
| Details | md5 | 1 | 311D4923909E07D5C703235D83BF4479 |
|
| Details | md5 | 1 | 21C278C88D8F6FAEA64250DF3BFFD7C6 |
|
| Details | md5 | 1 | 20506375665a6a62f7d9dd22d1cc9870 |
|
| Details | md5 | 1 | 60dab5bb319281747c5863b44c5ac60d |
|
| Details | md5 | 1 | 98dea1bce37bf7087360e1958400589b |
|
| Details | md5 | 1 | bb8f56874189d5dfe9294f0553a49b83 |
|
| Details | md5 | 1 | f6bf3ed3bcd466e5fd1cbaf6ba658716 |
|
| Details | md5 | 1 | 69e7943f3d48233de4a39a924c59ed2c |
|
| Details | md5 | 1 | 15d39578460e878dd89e8911180494ff |
|
| Details | md5 | 1 | a6662b8ebca61ca09ce89e1e4f43665d |
|
| Details | md5 | 1 | c17e16a54916d3838f63d208ebab9879 |
|
| Details | md5 | 1 | 2b444ac5209a8b4140dd6b747a996653 |
|
| Details | md5 | 1 | b3487fdd1efd2d1ea1550fef5b749037 |
|
| Details | md5 | 3 | 11fb08b9126cdb4668b3f5135cf7a6c5 |
|
| Details | md5 | 1 | 9f3f6f46c67d3fad2479963361cf118b |
|
| Details | IPv4 | 11 | 2.1.1.1 |
|
| Details | IPv4 | 1 | 213.198.79.49 |
|
| Details | IPv4 | 2 | 4.0.1.0 |
|
| Details | IPv4 | 59 | 1.0.0.1 |
|
| Details | Url | 1 | http://www.pcreview.co.uk/forums/mstcp32-t1445152.html |
|
| Details | Windows Registry Key | 19 | HKLM\SYSTEM\CurrentControlSet\Control\Session |
|
| Details | Windows Registry Key | 8 | HKLM\System\CurrentControlSet\Services |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Clients\StartMenuInternet |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\Spooler |
|
| Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Classes\htmlfile\shell\open\command |
|
| Details | Windows Registry Key | 4 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App |
|
| Details | Windows Registry Key | 7 | HKLM\SOFTWARE\Classes\CLSID |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdip |