CHAMELGANG & FRIENDS | CYBERESPIONAGE GROUPS ATTACKING CRITICAL INFRASTRUCTURE WITH RANSOMWARE
Common Information
| Type | Value |
|---|---|
| UUID | 3c2dd03b-1878-425e-8709-85d691eaf93b |
| Fingerprint | b403ea3c3eed310e87d52fed4a2bf811798dc948cd282b98a23a4cdafdb0fac6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 25, 2024, 5:13 p.m. |
| Added to db | June 26, 2024, 2:38 p.m. |
| Last updated | Aug. 31, 2024, 7:57 a.m. |
| Headline | CHAMELGANG & FRIENDS | CYBERESPIONAGE GROUPS ATTACKING CRITICAL INFRASTRUCTURE WITH RANSOMWARE |
| Title | CHAMELGANG & FRIENDS | CYBERESPIONAGE GROUPS ATTACKING CRITICAL INFRASTRUCTURE WITH RANSOMWARE |
| Detected Hints/Tags/Attributes | 173/3/102 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 1 | presidencia.gov.br |
|
| Details | Domain | 47 | microsoft.exchange |
|
| Details | Domain | 3 | postgresql.auto |
|
| Details | Domain | 1 | resources.albaclass.com |
|
| Details | Domain | 15 | labs.sentinelone.com |
|
| Details | 2 | fisha001@protonmail.com |
||
| Details | 2 | 4}@protonmail.com |
||
| Details | 1 | mouse62309@protonmail.com |
||
| Details | 1 | doga2839@protonmail.com |
||
| Details | 1 | doga2398@protonmail.com |
||
| Details | 1 | mouse63209@protonmail.com |
||
| Details | 2 | timisoarahackerteam@protonmail.com |
||
| Details | File | 55 | msdtc.exe |
|
| Details | File | 12 | svchosts.exe |
|
| Details | File | 38 | debug.log |
|
| Details | File | 1 | cfz_index.dat |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 3 | old.bak |
|
| Details | File | 1 | current_logfiles.bak |
|
| Details | File | 5 | conf.bak |
|
| Details | File | 1 | pg_version.bak |
|
| Details | File | 3 | postmaster.opt |
|
| Details | File | 1 | s.bak |
|
| Details | File | 1 | temp_restult_file_to_db_xml.bak |
|
| Details | File | 1 | temp_restult_file_to_db.xml |
|
| Details | File | 1 | file_to_db.xml |
|
| Details | File | 1 | db.xml |
|
| Details | File | 1 | to_db.xml |
|
| Details | File | 6 | home.jsp |
|
| Details | File | 22 | oci.dll |
|
| Details | File | 1 | ocilib.dll |
|
| Details | File | 1 | ocilib80.dll |
|
| Details | File | 10 | tsvipsrv.dll |
|
| Details | File | 1 | tpwinprn.dll |
|
| Details | File | 1 | c:\program files\vmware\vmware tools\win64\vmguestlib.exe |
|
| Details | File | 1 | c:\program files\vmware\vmware tools\win64\vmguestlib.ini |
|
| Details | File | 1 | c:\windows\mpcmdrun.dat |
|
| Details | File | 1 | c:\windows\mil.dat |
|
| Details | File | 1 | c:\windows\tmpcache.log |
|
| Details | File | 3 | content.dll |
|
| Details | File | 1 | c:\perflogs\info.txt |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 1 | ls.dmp |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 20 | 3.txt |
|
| Details | File | 29 | ip.txt |
|
| Details | File | 8 | o.txt |
|
| Details | File | 15 | p.exe |
|
| Details | File | 61 | 1.bat |
|
| Details | File | 2 | copys.bat |
|
| Details | File | 1 | end.bat |
|
| Details | File | 15 | test.bat |
|
| Details | File | 2 | bcfmgr.exe |
|
| Details | File | 2 | manage-bde.exe |
|
| Details | sha1 | 1 | 098e60cd5053ec9613d32a7ced68e44f1a417353 |
|
| Details | sha1 | 1 | 09959be9b5f8ca21caa55577ce620034632a3f92 |
|
| Details | sha1 | 1 | 0c762bff5b4a0bf5abbdf28afc15cfc6dce575b1 |
|
| Details | sha1 | 1 | 15b0a25b4e55241b12d09633465d3109c324fb98 |
|
| Details | sha1 | 1 | 19114f25a5681149ae3950fb0c52d59a69d031dc |
|
| Details | sha1 | 1 | 1e12b053a643895e071be3538bb9950667134563 |
|
| Details | sha1 | 1 | 1fa6de645e7146a0a1b64e17d260546e598acd17 |
|
| Details | sha1 | 1 | 24eb404a8daaace36a2cf5fb0f7b8608d2a3963a |
|
| Details | sha1 | 1 | 33009aaea3d58d8f72dfaf45dd8016707599d6c0 |
|
| Details | sha1 | 1 | 374882c4752a05ec52e41943d7e3de8c1cccef10 |
|
| Details | sha1 | 1 | 398c4c0ba6f5ea78175dd2846067f10d3864a2cc |
|
| Details | sha1 | 1 | 44759a6597bad3a287a7b82724a763208c599135 |
|
| Details | sha1 | 1 | 57373d25527b3adf54eefcbfb69b41a513605af0 |
|
| Details | sha1 | 1 | 5c15b0ad93f2a4ae08a2a8e070afb99795855e0f |
|
| Details | sha1 | 1 | 5d43ee1f75781033cd5accf298583529bdd12fa1 |
|
| Details | sha1 | 1 | 608c2a64c9d41b891c18cb682a01eabf035a7f50 |
|
| Details | sha1 | 1 | 65867d738ee978811a098a766810726e39d1391e |
|
| Details | sha1 | 1 | 782b157e901326d67a783e3e7dac9694a87dc7c2 |
|
| Details | sha1 | 1 | 8052fcd408d9bd9e7594accdabb161ba8c4a9bd7 |
|
| Details | sha1 | 1 | 882efb1b8093c46223e71e2be353b6a95dc24e7a |
|
| Details | sha1 | 1 | 8ce96c0eb64db6856908fde2a1e9bcc387ce2744 |
|
| Details | sha1 | 1 | 8e76a2cc57fa5390462839c0471f522db3882c66 |
|
| Details | sha1 | 2 | 951e603af10ec366ef0f258bf8d912efedbb5a4b |
|
| Details | sha1 | 1 | 9d1076b58f30142fe1c693b4edcec9816b3cb3c6 |
|
| Details | sha1 | 1 | a2a81d5fcc0012e78fe4fe1b681a82c3158ce2bf |
|
| Details | sha1 | 1 | a566e410144d5972a92dc21de37e2b8617bfc347 |
|
| Details | sha1 | 1 | a79bc5e91761c98d99dc028401cd284c3b340474 |
|
| Details | sha1 | 1 | bd22ce42492bdad203ce1c712e075d422f70bbd3 |
|
| Details | sha1 | 1 | c1eb7d5b772635d519cb6f4f575ada709d626c1a |
|
| Details | sha1 | 1 | d4828b63b596cf8d069b97a8a9396928ec3ad216 |
|
| Details | sha1 | 2 | db99fc79a64873bef25998681392ac9be2c1c99c |
|
| Details | sha1 | 1 | dcd3f2a8ec1e63cb1bfcaa622ae48373ce0a01ce |
|
| Details | sha1 | 1 | de8bf4153bd72ef668b9a60419794ccabbe87c4f |
|
| Details | sha1 | 1 | dfab55758b195d1d30d89ba9175da3a49dc180be |
|
| Details | sha1 | 1 | e7ee9c41a1137b50d81238ae35b927f6ebbaae83 |
|
| Details | sha1 | 1 | efa16441d95984bb5b278aa510e9942a40356f84 |
|
| Details | sha1 | 1 | f4529b672eec3f629184fa4c62c3743ae5354f95 |
|
| Details | IPv4 | 1 | 192.168.15.14 |
|
| Details | IPv4 | 1 | 185.225.19.61 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 24 | DEV-0401 |
|
| Details | Pdb | 1 | miping.pdb |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Url | 1 | http://192.168.15.14:8085/ehospitallis/home.jsp |
|
| Details | Url | 1 | http://185.225.19.61:80/3.txt |
|
| Details | Url | 4 | https://labs.sentinelone.com |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Microsoft\ADs\Providers\LDAP |