Targeted attack on industrial enterprises and public institutions
Common Information
| Type | Value |
|---|---|
| UUID | 0cd9e1e2-724a-46a2-a221-78f5dd269a6e |
| Fingerprint | c051639a827af11d8c7fdaf910e69c5623c654bcb1c6f6e716b2a462a53c5def |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 11, 2023, 3:12 p.m. |
| Added to db | March 10, 2024, 1:37 a.m. |
| Last updated | Aug. 31, 2024, 7:51 a.m. |
| Headline | Targeted attack on industrial enterprises and public institutions |
| Title | Targeted attack on industrial enterprises and public institutions |
| Detected Hints/Tags/Attributes | 135/3/220 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | Domain | 338 | kaspersky.com |
|
| Details | Domain | 1 | wam.dll.cab |
|
| Details | Domain | 1 | oemprint.cat |
|
| Details | Domain | 2 | ace.cab |
|
| Details | Domain | 9 | sam.save |
|
| Details | Domain | 7 | security.save |
|
| Details | Domain | 85 | 163.com |
|
| Details | Domain | 1 | conhost.exe.cab |
|
| Details | Domain | 1 | ps.cab |
|
| Details | Domain | 1 | remediation.exe.cab |
|
| Details | Domain | 1 | mcutil.dll.cab |
|
| Details | Domain | 1 | mc.cab |
|
| Details | Domain | 1 | backdoor.win32.agentb.ca |
|
| Details | Domain | 1 | backdoor.win32.agentb.cc |
|
| Details | Domain | 1 | hacktool.win64.agent.hk |
|
| Details | Domain | 1 | trojan.win64.dllhijacker.km |
|
| Details | Domain | 1 | www1.nppnavigator.net |
|
| Details | Domain | 1 | www3.vpkimplus.com |
|
| Details | Domain | 2 | custom.songuulcomiss.com |
|
| Details | Domain | 1 | tech.songuulcomiss.com |
|
| Details | Domain | 1 | video.nicblainfo.net |
|
| Details | Domain | 1 | doc.redstrpela.net |
|
| Details | Domain | 1 | fax.internnetionfax.com |
|
| Details | Domain | 1 | www2.defensysminck.net |
|
| Details | Domain | 1 | info.ntcprotek.com |
|
| Details | Domain | 2 | www1.dotomater.club |
|
| Details | Domain | 1 | www2.sdelanasnou.com |
|
| Details | Domain | 1 | server.dotomater.club |
|
| Details | 68 | ics-cert@kaspersky.com |
||
| Details | File | 1 | 78936077.tmp |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1 | wam.dll |
|
| Details | File | 172 | dllhost.exe |
|
| Details | File | 9 | powercfg.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 33 | wwlib.dll |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 48 | applaunch.exe |
|
| Details | File | 1 | setting.cfg |
|
| Details | File | 2 | ace.cab |
|
| Details | File | 32 | expand.exe |
|
| Details | File | 2 | ace.exe |
|
| Details | File | 12 | xcopy.exe |
|
| Details | File | 2 | wmic.vbs |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 54 | install.exe |
|
| Details | File | 2 | c:\programdata\microsoft\sc64.exe |
|
| Details | File | 1 | c:\1\mcinsupd.cfg |
|
| Details | File | 1 | c:\1\mcinsupd.exe |
|
| Details | File | 1 | c:\1\mytilus3.dll |
|
| Details | File | 1 | c:\1c\ace.exe |
|
| Details | File | 1 | c:\2\liveupdate.exe |
|
| Details | File | 1 | c:\2\safestore64.dll |
|
| Details | File | 1 | c:\3\mcinsupd.cfg |
|
| Details | File | 1 | c:\3\mcinsupd.exe |
|
| Details | File | 1 | c:\3\mytilus3.dll |
|
| Details | File | 1 | c:\4\liveupdate.exe |
|
| Details | File | 1 | c:\4\safestore64.dll |
|
| Details | File | 1 | c:\microsoft\mf\instsrv.exe |
|
| Details | File | 1 | c:\microsoft\mf\wus.dll |
|
| Details | File | 1 | c:\programdata\1c\ace.exe |
|
| Details | File | 1 | remediation.exe |
|
| Details | File | 1 | winhelp.tmp |
|
| Details | File | 1 | c:\programdata\2gis\conhost.exe |
|
| Details | File | 1 | c:\programdata\2gis\ps.cab |
|
| Details | File | 1 | c:\programdata\2gis\remediation.exe |
|
| Details | File | 1 | c:\programdata\2gis\research\conhost.exe |
|
| Details | File | 1 | c:\programdata\2gis\research\ps.exe |
|
| Details | File | 1 | c:\programdata\2gis\research\remediation.exe |
|
| Details | File | 1 | c:\programdata\aadconnect\1.bat |
|
| Details | File | 1 | c:\programdata\aadconnect\bdtkexec.cfg |
|
| Details | File | 1 | c:\programdata\aadconnect\ptwatchdog.exe |
|
| Details | File | 1 | c:\programdata\aadconnect\tmdbglog.dll |
|
| Details | File | 1 | c:\programdata\adobe\arm\mcsync.exe |
|
| Details | File | 1 | c:\programdata\adobe\arm\mcsync.log |
|
| Details | File | 1 | c:\programdata\adobe\arm\mcutil.dll |
|
| Details | File | 1 | c:\programdata\apple\asoelnch.exe |
|
| Details | File | 1 | c:\programdata\apple\cclib.dll |
|
| Details | File | 1 | c:\programdata\apple\nordlnch.cfg |
|
| Details | File | 1 | c:\programdata\asus\all\mcsync.exe |
|
| Details | File | 1 | c:\programdata\asus\all\mcsync.log |
|
| Details | File | 1 | c:\programdata\asus\all\mcutil.dll |
|
| Details | File | 1 | c:\programdata\intel\hccutils.dll |
|
| Details | File | 1 | c:\programdata\intel\hkcmd.exe |
|
| Details | File | 1 | c:\programdata\intel\hksetting.cfg |
|
| Details | File | 1 | c:\programdata\microsoft\appv\hccutils.dll |
|
| Details | File | 1 | c:\programdata\microsoft\appv\hkcmd.exe |
|
| Details | File | 1 | c:\programdata\microsoft\appv\hksetting.cfg |
|
| Details | File | 1 | c:\programdata\microsoft\crypto\rsa\asoelnch.exe |
|
| Details | File | 1 | c:\programdata\microsoft\crypto\rsa\cclib.dll |
|
| Details | File | 1 | c:\programdata\microsoft\crypto\rsa\mcsync.exe |
|
| Details | File | 1 | c:\programdata\microsoft\crypto\rsa\mcsync.log |
|
| Details | File | 1 | c:\programdata\microsoft\crypto\rsa\mcutil.dll |
|
| Details | File | 1 | c:\programdata\microsoft\crypto\rsa\nordlnch.cfg |
|
| Details | File | 1 | c:\programdata\microsoft\drm\liveupdate.exe |
|
| Details | File | 1 | c:\programdata\microsoft\drm\mcinsupd.cfg |
|
| Details | File | 1 | c:\programdata\microsoft\drm\mcinsupd.exe |
|
| Details | File | 1 | c:\programdata\microsoft\drm\mytilus3.dll |
|
| Details | File | 1 | c:\programdata\microsoft\drm\safestore64.dll |
|
| Details | File | 1 | c:\programdata\microsoft\mf\instsrv.exe |
|
| Details | File | 1 | c:\programdata\microsoft\mf\wus.dll |
|
| Details | File | 1 | c:\programdata\microsoft\uconhost.exe |
|
| Details | File | 1 | c:\programdata\oracle\ace.exe |
|
| Details | File | 1 | c:\programdata\sh.exe |
|
| Details | File | 1 | c:\users\default\appdata\roaming\winset\liveupdate.exe |
|
| Details | File | 1 | c:\users\default\appdata\roaming\winset\safestore64.dll |
|
| Details | File | 1 | c:\windows\system32\wam.dll |
|
| Details | File | 1 | c:\windows\system32\wus.dll |
|
| Details | File | 1 | c:\windows\syswow64\wus.dll |
|
| Details | File | 1 | c:\windows\temp\conhost.dll |
|
| Details | File | 2 | c:\windows\temp\conhost.exe |
|
| Details | File | 1 | c:\windows\temp\mcoemcpy.exe |
|
| Details | File | 1 | c:\windows\temp\mcoemcpyrun.log |
|
| Details | File | 1 | c:\windows\temp\mcutil.dll |
|
| Details | File | 1 | c:\windows\temp\net.log |
|
| Details | File | 1 | c:\windows\temp\smcw.dll |
|
| Details | File | 1 | c:\windows\web\1.bat |
|
| Details | File | 1 | c:\windows\web\1\hccutils.dll |
|
| Details | File | 1 | c:\windows\web\1\hkcmd.exe |
|
| Details | File | 1 | c:\windows\web\1\hksetting.cfg |
|
| Details | File | 1 | c:\windows\web\ace.exe |
|
| Details | File | 1 | c:\windows\web\ladon.exe |
|
| Details | File | 1 | c:\windows\web\wmic.vbs |
|
| Details | File | 1 | c:\programdata\microsoft\network\downloader\client.cfg |
|
| Details | File | 1 | c:\programdata\microsoft\network\downloader\update.exe |
|
| Details | File | 1 | c:\programdata\mc.cab |
|
| Details | File | 1 | c:\programdata\my_capture.exe |
|
| Details | File | 1 | %appdata%\roaming\microsoft\windows\start menu\programs\startup\mpclient.dll |
|
| Details | File | 1 | %appdata%\roaming\microsoft\windows\start menu\programs\startup\msmpeng.exe |
|
| Details | File | 1 | %appdata%\roaming\microsoft\msmpeng.exe |
|
| Details | File | 1 | c:\programdata\temp\wcrypt32.dll |
|
| Details | File | 1 | c:\programdata\temp\wmic.dll |
|
| Details | File | 1 | c:\programdata\abbyy\finereader\client.cfg |
|
| Details | File | 1 | c:\programdata\abbyy\finereader\debug.log |
|
| Details | File | 1 | c:\programdata\abbyy\finereader\update.exe |
|
| Details | File | 1 | c:\programdata\abbyy\finereader\winword.exe |
|
| Details | File | 1 | c:\windows\temp\client.cfg |
|
| Details | File | 1 | c:\programdata\adobe\setup\mcinsupd.exe |
|
| Details | File | 1 | c:\programdata\adobe\setup\mcinsupd.cfg |
|
| Details | File | 4 | win64.dll |
|
| Details | File | 2 | www1.dot |
|
| Details | File | 1 | server.dot |
|
| Details | md5 | 1 | 170D73BE3FE846E9070CFAE530F5A31C |
|
| Details | md5 | 1 | 0A2E7C01B847D3B1C6EEBE6AF63DC140 |
|
| Details | md5 | 1 | 0A945587E0E11A89D72B4C0B45A4F77E |
|
| Details | md5 | 1 | 10818F47AA4DC2B39A7B5EEF652F3C68 |
|
| Details | md5 | 1 | 1157132504BE3BF556A80DB8A2FF9395 |
|
| Details | md5 | 1 | 11955356232DCF6834515BF111BB5138 |
|
| Details | md5 | 1 | 11BA5665EC1DBA660401AFDE64C2B125 |
|
| Details | md5 | 2 | 17FA7898D040FA647AFA4467921A66CF |
|
| Details | md5 | 1 | 180EE3E469BFCFC079E1A46D16440467 |
|
| Details | md5 | 1 | 1EA58FF469F5EE0FDCF5B30FC19E4CB8 |
|
| Details | md5 | 1 | 216D9F82BA2B9289E68F9778E1E40AC9 |
|
| Details | md5 | 1 | 29B62694DC9F720BD09438F37B7B358A |
|
| Details | md5 | 1 | 3953EB8F7825E756515BE79EF45655B0 |
|
| Details | md5 | 1 | 3A13B99B2567190AB87E8AB745761017 |
|
| Details | md5 | 1 | 40EB08F151859C1FE4DC8E6BC466B06F |
|
| Details | md5 | 1 | 413FA4AD3AFE00B34102C520A91F031C |
|
| Details | md5 | 1 | 4866622D249F3EA114495A4A249F3064 |
|
| Details | md5 | 1 | 4AD1AD14044BD2C5A5C5E7E7DD954B23 |
|
| Details | md5 | 1 | 4D42C314FF4341F2D1315D7810BD4E15 |
|
| Details | md5 | 1 | 51367DC409A7A7E5521C2F700C56A452 |
|
| Details | md5 | 1 | 51BEFD74AC3B8943DA58C841017A57A8 |
|
| Details | md5 | 1 | 56AF3279253E4A60BD080DD6A5CA7BA8 |
|
| Details | md5 | 1 | 5EA338D71D2A49E7B3259BC52F424303 |
|
| Details | md5 | 1 | 5EB42E1BA99FACE02CE50EA1AAF72AB5 |
|
| Details | md5 | 1 | 6038583B155F73FAF1B5EF8135154278 |
|
| Details | md5 | 1 | 64EF950D1F31A41FE60C0FD10CA46109 |
|
| Details | md5 | 1 | 6652923CE80A073FD985E20B8580E703 |
|
| Details | md5 | 1 | 6BDF1C294B6A34A5769E872D49AFD9E7 |
|
| Details | md5 | 1 | 6DFC3BDD2B70670BF29506E5828F627E |
|
| Details | md5 | 1 | 70DA6872B6B2DA9DDC94D14B02302917 |
|
| Details | md5 | 1 | 7101FE9E82E9B0E727B64608C9FD5DF1 |
|
| Details | md5 | 1 | 7C383C9CA29F78FCC815EAEA9373B4BB |
|
| Details | md5 | 2 | 7FE40325F0CEF8A32E69A6087EBC7157 |
|
| Details | md5 | 1 | 84DF335EBC10633DA1524C7DBB836994 |
|
| Details | md5 | 2 | 87AA0BEDF293E9B16A93E4411353F367 |
|
| Details | md5 | 1 | 94AF1B400FDBDEBD8EDA337474C07479 |
|
| Details | md5 | 1 | AA7231904A125273F5E5EE55A1441BA4 |
|
| Details | md5 | 1 | AB26F4C877A7357CABF95FB5033A5BEF |
|
| Details | md5 | 1 | AB55A08ED77736CE6D26874187169BC9 |
|
| Details | md5 | 1 | AE11F7218E919DF5B8A9A2C0DC247F56 |
|
| Details | md5 | 1 | B2C9F5CAE72AF5A50940D55BB5B92E98 |
|
| Details | md5 | 1 | C6D6CFFD56638A68A0DE11035B9C9097 |
|
| Details | md5 | 1 | CBECDFA1D0708D60500864A2A9DE4992 |
|
| Details | md5 | 1 | CCC9482A7BEE777BBB08172DCCDAB8AA |
|
| Details | md5 | 1 | D394F005416A20505C597ECF7882450F |
|
| Details | md5 | 1 | D44A276529343F7AC291AD7AD0B99378 |
|
| Details | md5 | 1 | D669B03807102B4AF87B20EC3731909A |
|
| Details | md5 | 1 | DA765E4E6B0D2544FE3F71E384812C40 |
|
| Details | md5 | 1 | E005F5DA3BA5D6726DA4E6671605B814 |
|
| Details | md5 | 1 | E2A3CD2B3C2E43CA08D2B9EE78D4919B |
|
| Details | md5 | 1 | E8800D59C411A948EE966FF745FBD5C9 |
|
| Details | md5 | 1 | E8A16193BCD477D8231E6FC1A484DC8A |
|
| Details | md5 | 1 | EBCFFECE1B1AF517743D3DFFDE72CB43 |
|
| Details | md5 | 1 | F01A9A2D1E31332ED36C1A4D2839F412 |
|
| Details | md5 | 1 | FB2B4C9CA6A7871A98C6E2405E27A21F |
|
| Details | md5 | 1 | FF6D8578BE65A31F3624B62E07BEF795 |
|
| Details | md5 | 1 | 6860189B79FF35199F99171548F5CD65 |
|
| Details | md5 | 1 | 9EC56A18333D4D4E4D3C361D487C05BD |
|
| Details | md5 | 1 | E5B6571E1512D3896F8C2367DDC5A02D |
|
| Details | md5 | 1 | 7CB0D8CFFE48DF7B531B6BEDE8137199 |
|
| Details | md5 | 1 | 86BB8FA0D00FD94F15AE1BD001037C6C |
|
| Details | md5 | 1 | 9F5BBA1ACEF3CCBBDC789F8813B99067 |
|
| Details | md5 | 1 | 4EA2B943A1D9539E42C5BDBA3D3CA7A0 |
|
| Details | md5 | 1 | 5934B7E24D03E92B3DBACBE49F6E677C |
|
| Details | md5 | 1 | C8F13C9890CEB695538FDC44AD817278 |
|
| Details | md5 | 1 | BABDF6FA73E48345F00462C3EF556B86 |
|
| Details | md5 | 1 | CBB7E0B8DDE2241480B71B9C648C1501 |
|
| Details | IPv4 | 3 | 45.63.27.162 |
|
| Details | IPv4 | 1 | 172.22.0.0 |
|
| Details | IPv4 | 1 | 45.151.180.178 |
|
| Details | IPv4 | 1 | 160.202.162.122 |
|
| Details | IPv4 | 1 | 192.248.182.121 |
|
| Details | IPv4 | 1 | 54.36.189.105 |
|
| Details | IPv4 | 1 | 5.180.174.10 |
|
| Details | Windows Registry Key | 31 | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet |
|
| Details | Windows Registry Key | 24 | HKLM\SAM |
|
| Details | Windows Registry Key | 14 | HKLM\SECURITY |