ioc[.]one - OSINT Cyber Threat Intelligence Database

Study of a targeted attack on a Russian enterprise in the mechanical-engineering sector

Show in Graph

Common Information

Type	Value
UUID	04bd9fac-18d1-41b8-801b-7efd9386997c
Fingerprint	fc4b118f6c60a643343ca7a7eaa6bbb08a7802a9f0b311bc0df576dda56e78a8
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 7, 2024, 12:11 p.m.
Added to db	Nov. 17, 2024, 6:30 p.m.
Last updated	Nov. 17, 2024, 6:33 p.m.
Headline	Study of a targeted attack on a Russian enterprise in the mechanical-engineering sector
Title	Study of a targeted attack on a Russian enterprise in the mechanical-engineering sector
Detected Hints/Tags/Attributes	117/3/176

Source URLs

	Redirection	Url
Details	Source	https://st.drweb.com/static/new-www/news/2024/march/study_of_a_targeted_attack_on_a_russian_enterprise_in_the_mechanical_engineering_sector_en.pdf

URL Provider

Details	Provider	Source level domain
Details	drweb.com	st.drweb.com

Attributes

Details	Type	#Events	Value
Details	sha1	1	3f34031b923dc68667859162260b22830cbce521
Details	IPv4	1441	127.0.0.1
Details	IPv4	2	1.6.1.3
Details	IPv4	1	213.232.255.61
Details	Domain	15	www.drweb.com
Details	Domain	1	123123123.zip
Details	Domain	150	www.w3.org
Details	Domain	145	api.telegram.org
Details	Domain	11	10.zip
Details	Domain	4127	github.com
Details	Domain	1	openssh-win32.zip
Details	Domain	1	ssh-000.zip
Details	Domain	3	serveo.net
Details	Domain	1	rembo.solkvize.com
Details	Domain	1	punto.zip
Details	Domain	1	7z.zip
Details	Domain	1	nircmd.zip
Details	Domain	129	api.ipify.org
Details	Domain	358	pastebin.com
Details	Domain	1	ragulya.amoibius.com
Details	Domain	1	skalioz.zenoizen.com
Details	Domain	1	zalupakonya.clonckure.com
Details	Domain	1	kishka.vivostark.com
Details	Domain	1	pizda.eckliptic.com
Details	Domain	1	aran.quonovap.com
Details	Domain	1	barmaley.quoonity.com
Details	Domain	1	muflon.zorroiz.com
Details	File	1	123123123.zip
Details	File	1	123123123.odt
Details	File	376	wscript.exe
Details	File	2125	cmd.exe
Details	File	41	sample.exe
Details	File	1	path_sample.exe
Details	File	3	db.json
Details	File	2	service.json
Details	File	11	sitemanager.xml
Details	File	34	recentservers.xml
Details	File	5	token.txt
Details	File	1	session-store.json
Details	File	153	config.json
Details	File	13	db.sql
Details	File	25	accounts.xml
Details	File	4	app.json
Details	File	13	conf.json
Details	File	21	exodus.wallet
Details	File	1	tor-real.exe
Details	File	10	10.zip
Details	File	1	torrc.txt
Details	File	1	openssh-win32.zip
Details	File	1	ssh-000.zip
Details	File	28	ssh.exe
Details	File	1	ndows_amd64.exe
Details	File	7	proxy.exe
Details	File	17	__utm.gif
Details	File	6	nircmd.exe
Details	File	41	msxml2.xml
Details	File	46	microsoft.xml
Details	File	4	%windir%\system32\wscript.exe
Details	File	1	2023-10-06_135209.js
Details	File	1	2023-10-06_135225.js
Details	File	1	2023-10-06_135235.js
Details	File	1	c:\programdata\microsoftsecuritychecker\securitycheck.js
Details	File	1	c:\program files\microsoftsecuritychecker\securitycheck.js
Details	File	1	2023-09-06_121321.js
Details	File	1	c:\programdata\updater.js
Details	File	1	updater.js
Details	File	1	securitycheck.js
Details	File	1	path_updater.js
Details	File	1	path_securitycheck.js
Details	File	1	2023-09-06_121358.js
Details	File	249	schtasks.exe
Details	File	40	7z.exe
Details	File	2	preferences.xml
Details	File	1	punto.zip
Details	File	1	7z.zip
Details	File	1	c:\users\public\puntoswitcher\preferences.xml
Details	File	1	typerus.wav
Details	File	1	typeeng.wav
Details	File	1	switch.wav
Details	File	1	misprint.wav
Details	File	1	ru.wav
Details	File	1	en.wav
Details	File	1	reverse.wav
Details	File	1	replace.wav
Details	File	1	nircmd.zip
Details	File	1	cl.bin
Details	File	1	wd.bin
Details	File	2	db.bin
Details	sha1	1	9b75ef8a67b412122e03a8209c5d46ea5a8cd957
Details	sha1	1	847855b9240afb0b8e1e11de412cc779db51020e
Details	sha1	1	5f51e7319c582a8ccdd4971d22515977213b8639
Details	sha1	1	d45d42225db3ce5cd1407dff55d88dc5ffa843e2
Details	sha1	1	940390c98276ceda423574c7357188728ea83074
Details	sha1	1	b3d694a7832cd4f228df9cbeaee10e996b583d18
Details	sha1	1	db86d55f3394d82f10f9b17b2250d11bb38149c5
Details	sha1	1	5a17ed042b3209d993cd81b56f420a36bd1f3b3a
Details	sha1	1	0d2226f7cf71c8685f52d490586ed63bb3393fc1
Details	sha1	1	c402d069a92bbc552c3ac6497547e10f45aca4f3
Details	IPv4	1	88.99.71.225
Details	IPv4	2	51.178.53.191
Details	IPv4	1	78.46.66.9
Details	IPv4	1	135.181.206.12
Details	IPv4	1	217.145.238.175
Details	IPv4	1	164.90.185.9
Details	IPv4	1	94.156.6.209
Details	IPv4	1	104.248.253.214
Details	IPv4	1	141.94.175.31
Details	IPv4	1	34.207.71.126
Details	IPv4	1	192.99.44.107
Details	IPv4	1	107.161.20.142
Details	IPv4	1	52.86.18.77
Details	IPv4	1	192.99.196.191
Details	IPv4	2	216.250.190.139
Details	IPv4	2	205.185.123.66
Details	IPv4	1	52.26.63.10
Details	IPv4	1	24.199.110.250
Details	IPv4	1	45.55.65.93
Details	IPv4	1	139.99.123.53
Details	IPv4	1	44.228.161.50
Details	IPv4	1	162.33.178.113
Details	IPv4	1	167.71.106.175
Details	IPv4	1	45.76.190.214
Details	IPv4	2	154.31.165.232
Details	IPv4	1	168.138.211.88
Details	IPv4	1	52.193.176.117
Details	IPv4	1	52.196.241.27
Details	IPv4	1	54.249.142.23
Details	IPv4	1	121.63.250.132
Details	IPv4	1	0.4.5.10
Details	IPv4	1	1.3.3.0
Details	Pdb	1	scaner_load.pdb
Details	Url	22	http://www.w3.org/2001/xmlschema
Details	Url	50	http://www.w3.org/2001/xmlschema-instance
Details	Url	1	http://213.232.255.61:8080
Details	Url	1	http://88.99.71.225:8080
Details	Url	1	http://51.178.53.191:8080
Details	Url	1	http://78.46.66.9:8080
Details	Url	1	http://135.181.206.12:8080
Details	Url	1	http://217.145.238.175:80
Details	Url	1	https://164.90.185.9:443
Details	Url	1	http://94.156.6.209:80
Details	Url	1	http://104.248.253.214:80
Details	Url	1	http://141.94.175.31:8098
Details	Url	1	http://34.207.71.126:80
Details	Url	1	http://192.99.44.107:8080
Details	Url	1	http://107.161.20.142:8080
Details	Url	1	http://52.86.18.77:8080
Details	Url	1	https://192.99.196.191:443
Details	Url	1	http://216.250.190.139:80
Details	Url	1	http://205.185.123.66:8080
Details	Url	1	http://52.26.63.10:9999
Details	Url	1	http://24.199.110.250:8080
Details	Url	1	http://45.55.65.93:80
Details	Url	1	http://139.99.123.53:9191
Details	Url	1	https://44.228.161.50:443
Details	Url	1	http://162.33.178.113:80
Details	Url	1	http://167.71.106.175:80
Details	Url	1	http://45.76.190.214:1024
Details	Url	1	http://154.31.165.232:80
Details	Url	1	http://168.138.211.88:8099
Details	Url	1	https://52.193.176.117:443
Details	Url	1	https://52.196.241.27:443
Details	Url	1	https://54.249.142.23:443
Details	Url	1	http://121.63.250.132:88
Details	Url	1	https://api.telegram.org/bot660
Details	Url	1	http://127.0.0.1:18772/handleopenwsr?r=
Details	Url	1	https://github.com/powershell/win32-
Details	Url	1	https://rembo.solkvize.com/__utm.gif?
Details	Url	1	https://rembo.solkvize.com/tools/punto.zip
Details	Url	1	https://rembo.solkvize.com/tools/7z.zip
Details	Url	1	https://rembo.solkvize.com/tools/nircmd.zip
Details	Url	11	http://api.ipify.org
Details	Url	1	https://api.telegram
Details	Url	1	https://pastebin.com/y5nuqpwy
Details	Windows Registry Key	41	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	112	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run