Nov 19 CVE-2010-2883 with Flash JIT Spray (PDF in PDF) Event Invitation from The Heritage Foundation from spoofed Heritage address
Tags
| country: | Thailand Taiwan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Network Topology - T1590.004 Vulnerabilities - T1588.006 Connection Proxy - T1090 Denial Of Service |
Common Information
| Type | Value |
|---|---|
| UUID | dde516da-97e3-495a-b5f5-d7f5f7816e32 |
| Fingerprint | dc37ab0f89214483 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 3, 2010, 6:07 p.m. |
| Added to db | Jan. 18, 2023, 7:45 p.m. |
| Last updated | Nov. 15, 2024, 12:49 a.m. |
| Headline | UNKNOWN |
| Title | Nov 19 CVE-2010-2883 with Flash JIT Spray (PDF in PDF) Event Invitation from The Heritage Foundation from spoofed Heritage address |
| Detected Hints/Tags/Attributes | 47/3/50 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 38 | cve-2010-2883 |
|
| Details | CVE | 19 | cve-2010-1297 |
|
| Details | Domain | 3 | heritage.org |
|
| Details | Domain | 2 | msr19.hinet.net |
|
| Details | Domain | 2 | 61-222-104-222.hinet-ip.hinet.net |
|
| Details | Domain | 287 | yahoo.com |
|
| Details | Domain | 1 | w32.small.32768.gw |
|
| Details | Domain | 22 | anubis.iseclab.org |
|
| Details | Domain | 8 | www.vicheck.ca |
|
| Details | Domain | 1 | 202-3-167-6-static.unigate.net.tw |
|
| Details | 1 | xxxxx@heritage.org |
||
| Details | 2 | newscomeon@yahoo.com |
||
| Details | File | 12 | cooltype.dll |
|
| Details | File | 2 | heritage.pdf |
|
| Details | File | 37 | exploit.pdf |
|
| Details | File | 33 | 1.pdf |
|
| Details | File | 1 | jit-egg.swf |
|
| Details | File | 1 | %temp%\a9r1aa.tmp |
|
| Details | File | 1 | %temp%\ctfmon.exe |
|
| Details | File | 63 | ctfmon.exe |
|
| Details | File | 63 | report.html |
|
| Details | File | 5 | md5query.php |
|
| Details | md5 | 2 | 529AE8C6AC75E555402AA05F7960EB0D |
|
| Details | md5 | 1 | 529ae8c6ac75e555402aa05f7960eb0d |
|
| Details | md5 | 1 | 9F7DF03346B2A4799ADF0EE158A1F80C |
|
| Details | md5 | 1 | 73E8F3BB63B16E5830528D226FBC9998 |
|
| Details | md5 | 1 | 818bcf2a6c0680e91f774de404a2ad99 |
|
| Details | md5 | 1 | 73e8f3bb63b16e5830528d226fbc9998 |
|
| Details | sha1 | 1 | d793f0c3e051bc03b0cd5e2c2f87f3be33612d49 |
|
| Details | sha256 | 1 | fb0dc16f74061304d50f2404913ad836d59a92b9543c3a3aef91da4c2b8511aa |
|
| Details | sha256 | 1 | 18d3b53694cdd4674af02f336e939bc4a6f0dbae80f860a3266a74ba81a4f6a2 |
|
| Details | IPv4 | 2 | 168.95.4.119 |
|
| Details | IPv4 | 2 | 61.222.104.222 |
|
| Details | IPv4 | 2 | 4.6.6.0 |
|
| Details | IPv4 | 1 | 7.10.14.99 |
|
| Details | IPv4 | 41 | 2.0.3.7 |
|
| Details | IPv4 | 16 | 4.6.2.117 |
|
| Details | IPv4 | 59 | 7.0.0.125 |
|
| Details | IPv4 | 39 | 7.0.3.5 |
|
| Details | IPv4 | 5 | 101.2.0.161 |
|
| Details | IPv4 | 3 | 5.0.0.50 |
|
| Details | IPv4 | 5 | 3.1.1.90 |
|
| Details | IPv4 | 26 | 10.0.2.7 |
|
| Details | IPv4 | 4 | 4.2.254.0 |
|
| Details | IPv4 | 1 | 202.3.167.6 |
|
| Details | IPv4 | 1 | 202.60.203.229 |
|
| Details | Url | 1 | http://www.virustotal.com/file-scan/report.html?id=fb0dc16f74061304d50f2404913ad836d59a92b9543c3a3aef91da4c2b8511aa |
|
| Details | Url | 1 | http://anubis.iseclab.org/?action=result&task_id=1c849d6ba2acff7848d1db3986dd317ac&call=first |
|
| Details | Url | 1 | http://www.virustotal.com/file-scan/report.html?id=18d3b53694cdd4674af02f336e939bc4a6f0dbae80f860a3266a74ba81a4f6a2 |
|
| Details | Url | 1 | https://www.vicheck.ca/md5query.php?hash=73e8f3bb63b16e5830528d226fbc9998 |