ioc[.]one - OSINT Cyber Threat Intelligence Database

Asruex: Malware Infecting through Shortcut Files - JPCERT/CC Eyes

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	fad68072-9cfb-4e3d-89ef-81e44bd47db7
Fingerprint	56941c237ce7a7d8
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 30, 2016, midnight
Added to db	Jan. 18, 2023, 8:53 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	JPCERT/CC Eyes
Title	Asruex: Malware Infecting through Shortcut Files - JPCERT/CC Eyes
Detected Hints/Tags/Attributes	46/2/92

Source URLs

	Redirection	Url
Details	Source	https://blogs.jpcert.or.jp/en/2016/06/asruex-malware-infecting-through-shortcut-files.html

URL Provider

Details	Provider	Source level domain
Details	jpcert.or.jp	blogs.jpcert.or.jp

Attributes

Details	Type	#Events	Value
Details	Domain	339	system.net
Details	Domain	1	online-dropbox.com
Details	Domain	34	blogs.technet.microsoft.com
Details	Domain	1	vodsx.net
Details	Domain	1	office365-file.com
Details	Domain	1	service365-team.com
Details	Domain	1	datainfocentre.com
Details	Domain	1	eworldmagazine.org
Details	Domain	1	supportservice247.com
Details	Domain	1	seminarinfocenter.net
Details	Domain	1	vdswx.net
Details	Domain	1	housemarket21.com
Details	Domain	1	product-report24.com
Details	Domain	1	requestpg.net
Details	Domain	1	secu-docu.net
Details	Domain	1	send-error.net
Details	Domain	1	send-form.net
Details	Domain	1	wzixx.net
Details	Domain	1	login-confirm.com
Details	Domain	1	sendspaces.net
Details	Domain	1	institute-secu.org
Details	Domain	1	pb.media-total.org
Details	Domain	1	response-server.com
Details	Domain	1	enewscenters.com
Details	Domain	1	sbidnest.com
Details	Domain	1	servicemain.com
Details	File	1	gst.bat
Details	File	1	article_draft.docx
Details	File	55	dwm.exe
Details	File	6	sdiagnhost.exe
Details	File	6	wksprt.exe
Details	File	62	taskhost.exe
Details	File	5	winrshost.exe
Details	File	25	wsmprovhost.exe
Details	File	63	ctfmon.exe
Details	File	1260	explorer.exe
Details	File	64	list.php
Details	File	1	advprov.dll
Details	File	29	filemon.exe
Details	File	22	regmon.exe
Details	File	74	procmon.exe
Details	File	29	tcpview.exe
Details	File	71	wireshark.exe
Details	File	30	dumpcap.exe
Details	File	8	regshot.exe
Details	File	4	cports.exe
Details	File	2	smsniff.exe
Details	File	1	socketsniff.exe
Details	sha256	1	c60a93a712d0716a04dc656a0d1ba06be5047794deaa9769a2de5d0fcf843c2a
Details	sha256	1	ae421dd24306cbf498d4f82b650b9162689e6ef691d53006e8f733561d3442e2
Details	sha256	1	980cc01ec7b2bd7c1f10931822c7cfe2a04129588caece460e05dcc0bb1b6c34
Details	sha256	1	b175567800d62dcb00212860d23742290688cce37864930850522be586efa882
Details	sha256	1	c2e99eedf555959721ef199bf5b0ac7c68ea8205d0dff6c208adf8813411a456
Details	sha256	1	ac63703ea1b36358d2bec54bddfef28f50c635d1c7288c2b08cceb3608c1aa27
Details	sha256	1	5cfc67945dd39885991131f49f6717839a3541f9ba141a7a4b463857818d01e6
Details	sha256	1	e76c37b86602c6cc929dffe5df7b1056bff9228dde7246bf4ac98e364c99b688
Details	sha256	1	606e98df9a206537d35387858cff62eb763af20853ac3fa61aee8f3c280aaafe
Details	sha256	1	fdf3b42ac9fdbcabc152b200ebaae0a8275123111f25d4a68759f8b899e5bdd6
Details	sha256	1	dd2cba1a0d54a486a39f63cbd4df6129755a84580c21e767c44c0a7b60aff600
Details	sha256	1	d89e2cc604ac7da05feeb802ed6ec78890b1ef0a3a59a8735f5f772fc72c12ef
Details	sha256	1	caefcdf2b4e5a928cdf9360b70960337f751ec4a5ab8c0b75851fc9a1ab507a8
Details	sha256	1	8ca8067dfef13f10e657d299b517008ad7523aacf7900a1afeb0a8508a6e11d3
Details	sha256	1	77ca1148503def0d8e9674a37e1388e5c910da4eda9685eabe68fd0ee227b727
Details	sha256	1	05f241784e673f2af8a2a423fb66e783a97f123fc3d982144c39e92f191d138d
Details	sha256	1	a77d1c452291a6f2f6ed89a4bac88dd03d38acde709b0061efd9f50e6d9f3827
Details	sha256	1	2273236013c1ae52bfc6ea327330a4eba24cc6bc562954854ae37fe55a78310b
Details	sha256	1	36581a19160f2a06c617a7e555ad8ec3280692442fd81bde3d47a59aea2be09a
Details	sha256	1	a3f1a4a5fea81a6f12ef2e5735bb845fb9599df50ffd644b25816f24c79f53b6
Details	sha256	1	24b587280810fba994865d27f59a01f4bbdaf29a14de50e1fc2fadac841c299e
Details	sha256	1	2c68cf821c4eabb70f28513c5e98fa11b1c6db6ed959f18e9104c1c882590ad2
Details	sha256	1	3f2168a9a51d6d6fe74273ebfc618ded3957c33511435091885fa8c5f854e11e
Details	sha256	1	df72a289d535ccf264a04696adb573f48fe5cf27014affe65da8fd98750029db
Details	sha256	1	eacc46f54fa8c8a8cf51368305803d949fa2625066ec634da9a41d08f2855617
Details	sha256	1	e139a8916f99ce77dbdf57eaeac5b5ebe23367e91f96d7af59bee7e5919a7a81
Details	sha256	1	8a6d76bd21e70a91abb30b138c12d0f97bb4971bafa072d54ce4155bea775109
Details	sha256	1	35fc95ec78e2a5ca3c7a332db9ca4a5a5973607a208b9d637429fe1f5c760dd5
Details	sha256	1	8af41d303db8a975759f7b35a236eb3e9b4bd2ef65b070d19bd1076ea96fa5c4
Details	sha256	1	a9ce1f4533aeec680a77d7532de5f6b142eb8d9aec4fdbe504c37720befe9ce3
Details	sha256	1	9350f7eb28f9d72698216105c51a4c5ad45323f907db9936357d6914fc992c90
Details	sha256	1	694de22c0b1a45c0e43caaa91486bc71a905443b482f2d22ded16b5ce3b0e738
Details	sha256	1	18e12feeb3fb4117ca99e152562eada2eb057c09aab8f7a424e6d889f70feb6c
Details	sha256	1	148a834e2717d029a4450dfa7206fd7d36c420edb95068c57766da0f61b288e8
Details	sha256	1	d869ce2ba491713e4c3f405ad500245d883b0e7b66abeee2522e701c8493388a
Details	sha256	1	fca19a78fc71691f3f97808624b24f00dd1f19ccadcc6e3a7e2be5b976d8937b
Details	sha256	1	eb31f931f0e2abf340f3f95861a51e30677fd4216b2e4ee4d8570b41cb41249c
Details	sha256	1	7a95930aa732d24b4c62191247dcdc4cb483d8febaab4e21ca71fec8f29b1b7c
Details	sha256	1	f06000dceb4342630bf9195c2475fcd822dfe3910b0fa21691878071d0bb10fc
Details	sha256	1	6d4e7d190f4d7686fd06c823389889d226ea9c8524c82c59a765bba469f2f723
Details	sha256	1	e7d51bb718c31034b597aa67408a015729be85fc3aefcc42651c57d673a4fe5a
Details	sha256	1	7074a6d3ab049f507088e688c75bae581fad265ebb6da07b0efd789408116ec8
Details	Url	1	http://online-dropbox.com/online/a
Details	Url	1	https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2