May 3 CVE-2010-3333 DOC Courier who led U.S. to Osama bin Laden's hideout identified
Tags
| country: | China Germany Taiwan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | e93beaae-a1e4-41bc-877e-2ca6033f891b |
| Fingerprint | eda088516c988596 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 3, 2011, 1:33 p.m. |
| Added to db | Jan. 18, 2023, 7:45 p.m. |
| Last updated | Nov. 17, 2024, 6:50 p.m. |
| Headline | UNKNOWN |
| Title | May 3 CVE-2010-3333 DOC Courier who led U.S. to Osama bin Laden's hideout identified |
| Detected Hints/Tags/Attributes | 49/3/60 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 79 | cve-2010-3333 |
|
| Details | Domain | 1 | protech.com.tw |
|
| Details | Domain | 1 | notess1.protech.com.tw |
|
| Details | Domain | 1 | protux.tg |
|
| Details | Domain | 1 | virut.ai |
|
| Details | Domain | 1 | backdoor.win32.protux.tg |
|
| Details | Domain | 4 | www.cyberesi.com |
|
| Details | Domain | 1 | checkerror.ucparlnet.com |
|
| Details | Domain | 1 | ssi.ucparlnet.com |
|
| Details | Domain | 1 | www.dnswatch.info |
|
| Details | Domain | 1 | picture.ucparlnet.com |
|
| Details | Domain | 1 | planet-hosting.cz |
|
| Details | Domain | 1 | ucparlnet.com |
|
| Details | 1 | 000c01cc0998$15c8ec70$0201a8c0@protech.com.tw |
||
| Details | File | 1 | death.doc |
|
| Details | File | 63 | report.html |
|
| Details | File | 18 | entry.aspx |
|
| Details | File | 1 | exe_decoded.bin |
|
| Details | File | 1 | virut.ai |
|
| Details | File | 1 | dhcpsrv.dll |
|
| Details | File | 3 | dnswatch.inf |
|
| Details | md5 | 1 | dad4f2a0f79db83f8976809a88d260c5 |
|
| Details | md5 | 1 | 30c8c4c9943044287cf06996863c2261 |
|
| Details | md5 | 1 | 06ddf39bc4b5c7a8950f1e8d11c44446 |
|
| Details | md5 | 1 | 5c8b018d10792fdb74b5f289f97c5d06 |
|
| Details | md5 | 1 | 88003ece00266ee44c21ac6242a7eafd |
|
| Details | md5 | 1 | 1d745a13a1f55e75b2f68adee97c6f59 |
|
| Details | md5 | 1 | e437cc92e10504181d7b712478db6af3 |
|
| Details | sha1 | 1 | d563029a2dfe3cfcddc7326b1b486213095e58e5 |
|
| Details | sha1 | 1 | e7addde85f18c6ce22f7a1abc1ed78e662ce90f2 |
|
| Details | sha1 | 1 | b8c11c68f3e92b60cc4b208bd5905c0365f28978 |
|
| Details | sha256 | 1 | 4cec9ef7f39d43c7a137d0422c8e6568a2d9e18320d1b376086bcc7327ea1342 |
|
| Details | sha256 | 1 | a40b5cf0689aebaaf2352b61e8a9f4544ec69ef8ea3dc558f53646964a85755b |
|
| Details | IPv4 | 1 | 220.228.120.62 |
|
| Details | IPv4 | 17 | 5.3.2.6 |
|
| Details | IPv4 | 2 | 7.11.7.150 |
|
| Details | IPv4 | 16 | 4.6.2.117 |
|
| Details | IPv4 | 3 | 3.1.1.103 |
|
| Details | IPv4 | 19 | 10.0.3.5 |
|
| Details | IPv4 | 39 | 7.0.3.5 |
|
| Details | IPv4 | 6 | 101.3.2.89 |
|
| Details | IPv4 | 3 | 3.12.16.0 |
|
| Details | IPv4 | 1 | 203.67.127.165 |
|
| Details | IPv4 | 1 | 58.34.152.233 |
|
| Details | IPv4 | 1 | 82.96.118.210 |
|
| Details | IPv4 | 1 | 58.34.152.162 |
|
| Details | IPv4 | 1 | 58.37.54.66 |
|
| Details | IPv4 | 1 | 58.34.148.241 |
|
| Details | IPv4 | 1 | 220.246.76.125 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 58.37.182.29 |
|
| Details | IPv4 | 1 | 58.34.149.104 |
|
| Details | IPv4 | 1 | 58.34.152.202 |
|
| Details | IPv4 | 1 | 125.141.233.16 |
|
| Details | Url | 1 | http://contagiodump.blogspot |
|
| Details | Url | 1 | http://www.virustotal.com/file-scan/report.html?id=4cec9ef7f39d43c7a137d0422c8e6568a2d9e18320d1b376086bcc7327ea1342 |
|
| Details | Url | 1 | http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=backdoor:win32/protux.a |
|
| Details | Url | 1 | http://www.virustotal.com/file-scan/report.html?id=a40b5cf0689aebaaf2352b61e8a9f4544ec69ef8ea3dc558f53646964a85755b |
|
| Details | Url | 1 | http://www.cyberesi.com/2011/05/03/ladens-death-doc-cve-2010-3333 |
|
| Details | Url | 1 | http://www.cyberesi.com |