Monthly Cyber Threat Intelligence report January 2024
Show in Graph
Image Description
Common Information
Type Value
UUID 5acad359-113d-47dd-86c0-9a83d9a263ae
Fingerprint 6df5b7bcb274e8645b828c922438c35dc359d70807d281fb395abab05bd0ad87
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 29, 2024, 9:27 p.m.
Added to db July 17, 2024, 9:53 a.m.
Last updated Aug. 31, 2024, 9 a.m.
Headline Monthly Cyber Threat Intelligence report January 2024
Title Monthly Cyber Threat Intelligence report January 2024
Detected Hints/Tags/Attributes 125/3/100
Source URLs
Redirection Url
Details Source https://media.advens.com/wp-content/uploads/2024/02/CERT-aDvens-Jan-2024-CTI-Report-EN-1_compressed.pdf
URL Provider
Details Provider Source level domain
Details advens.com media.advens.com
Attributes
Details Type #Events CTI Value
Details CVE 6 
cve-2024-0204
Details CVE 2 
cve-2024-20253
Details CVE 2 
cve-2023-34063
Details CVE 1 
cve-2023-47211
Details CVE 2 
cve-2024-0402
Details CVE 1 
cve-2024-0669
Details CVE 1 
cve-2023-40463
Details CVE 1 
cve-2023-40458
Details CVE 1 
cve-2023-40460
Details CVE 2 
cve-2018-4063
Details CVE 1 
cve-2023-41101
Details Domain 3 
nas-files.firstcloudit.com
Details Domain 1 
5cvinnic.search
Details Domain 3 
czyrqdnvpujmmjkfhhvs4knf1av02demj.oast.fun
Details Domain 19 
client.py
Details Domain 3 
czyrqdnvpujmmjkfhhvsclx05sfi23bfr.oast.fun
Details Domain 71 
aes.new
Details Domain 2 
wody.zip
Details Domain 3 
ua-calendar.firstcloudit.com
Details Domain 3 
e-nas.firstcloudit.com
Details Domain 2 
czyrqdnvpujmmjkfhhvsgapqr3hclnhhj.oast.fun
Details Domain 3 
czyrqdnvpujmmjkfhhvsvlaax17vd5r6v.oast.fun
Details Domain 3 
bahouholdings.com
Details Domain 3 
facadesolutionsuae.com
Details Domain 3 
webmail.facadesolutionsuae.com
Details Domain 28 
wigle.net
Details Domain 99 
therecord.media
Details Domain 83 
cert.gov.ua
Details Domain 9 
www.abuseipdb.com
Details Domain 55 
otx.alienvault.com
Details Domain 182 
www.mandiant.com
Details Domain 128 
www.fbi.gov
Details Domain 469 
www.cisa.gov
Details Domain 27 
www.forescout.com
Details Domain 280 
thehackernews.com
Details Domain 403 
securelist.com
Details File 1 
україни.pdf
Details File 1208 
powershell.exe
Details File 2 
strategyua.pdf
Details File 65 
python.exe
Details File 19 
client.py
Details File 1 
stratégyua.pdf
Details File 4 
random.sys
Details File 35 
2.txt
Details File 9 
2.ps1
Details File 16 
sfx.exe
Details File 2 
vmsearch.exe
Details File 16 
2023.pdf
Details File 1 
581.pdf
Details File 2 
wody.pdf
Details File 1 
wody.zip
Details File 1 
231130n581.pdf
Details File 1 
iranian-hackers-exploit-plcs-in-attack.html
Details md5 2 
9724cecaa8ca38041ee9f2a42cc5a297
Details md5 2 
5f126b2279648d849e622e4be910b96c
Details md5 2 
47f4b4d8f95a7e842691120c66309d5b
Details md5 2 
8d1b91e8fb68e227f1933cfab99218a4
Details md5 2 
6fdd416a768d04a1af1f28ecaa29191b
Details md5 2 
5db75e816b4cef5cc457f0c9e3fc4100
Details md5 2 
6128d9bf34978d2dc7c0a2d463d1bcdd
Details md5 2 
825a12e2377dd694bbb667f862d60c43
Details md5 2 
acd9fc44001da67f1a3592850ec09cb7
Details sha256 3 
18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6
Details sha256 1 
00e2a60295ffada2fabb759f8aa0f5840e67b137733cc22b0bcc4b503612b598
Details ICS-CERT ADVISORY 1 
ICSA-23-341-06
Details IPv4 3 
194.126.178.8
Details IPv4 2 
88.209.251.6
Details IPv4 3 
74.124.219.71
Details IPv4 2 
173.239.196.66
Details Threat Actor Identifier - APT 783 
APT28
Details Url 1 
https://nas-files.firstcloudit.com/.
Details Url 1 
https://nas-files.firstcloudit.com
Details Url 1 
https://czyrqdnvpujmmjkfhhvs4knf1av02demj.oast.fun
Details Url 1 
http://194.126.178.8/webdav/strategyua.pdf');\\194.126.178.8
Details Url 1 
http://194.126.178.8/webdav/strategyua.pdf
Details Url 1 
https://czyrqdnvpujmmjkfhhvsclx05sfi23bfr.oast.fun
Details Url 2 
http://194.126.178.8/webdav/wody.pdf
Details Url 1 
http://194.126.178.8/webdav/wody.zip
Details Url 1 
http://194.126.178.8/webdav/231130n581.pdf
Details Url 1 
https://ua-calendar.firstcloudit.com
Details Url 1 
https://e-nas.firstcloudit.com
Details Url 1 
https://therecord.media/fancy-bear-apt28-ukraine-new-malware-masepie
Details Url 5 
https://cert.gov.ua/article/6276894
Details Url 1 
https://www.virustotal.com/gui/file/18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6
Details Url 1 
https://www.hybrid-analysis.com/sample/18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6
Details Url 1 
https://www.bleepingcomputer.com/news/security/russian-military-hackers-target-ukraine-with-new-masepie-malware
Details Url 1 
https://socprime.com/blog/apt28-adversary-activity-detection-new-phishing-attacks-targeting-ukrainian-and-polish-
Details Url 1 
https://www.abuseipdb.com/check/194.126.178.8
Details Url 1 
https://otx.alienvault.com/indicator/ip/194.126.178.8
Details Url 1 
https://www.virustotal.com/gui/url-new/00e2a60295ffada2fabb759f8aa0f5840e67b137733cc22b0bcc4b503612b598
Details Url 1 
https://www.mandiant.com/resources/blog/apt28-a-window-into-russias-cyber-espionage-operations
Details Url 1 
https://www.fbi.gov/wanted/cyber/sergey-aleksandrovich-morgachev
Details Url 4 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Details Url 1 
https://www.tanium.com/blog/russian-threat-actor-apt28-exploits-outlook-vulnerability-cyber-threat-intelligence-
Details Url 1 
https://www.forescout.com/resources/sierra21-vulnerabilities
Details Url 1 
https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-06
Details Url 2 
https://www.fortinet.com/blog/threat-research/iz1h9-campaign-enhances-arsenal-with-scores-of-exploits
Details Url 1 
https://thehackernews.com/2023/11/iranian-hackers-exploit-plcs-in-attack.html
Details Url 1 
https://securelist.com/ksb-ics-predictions-2024/111835
Details Yara rule 1 
rule MASEPIE_Specific_strings {
	meta:
		author = "ADVENS"
		source = "ADVENS"
		status = "RELEASED"
		sharing = "TLP:CLEAR"
		malware = "MASEPIE"
		description = "Yara_rule_that_detects_MASEPIE_malware."
		info = "MASEPIE_Trojan_Downloader"
	strings:
		$Masepie_string1 = "czyrqdnvpujmmjkfhhvsclx05sfi23bfr.oast.fun"
		$Masepie_string2 = "194.126.178.8"
		$Masepie_string3 = "{user}{SEPARATOR}{k}"
	condition:
		$Masepie_string1 and $Masepie_string2 and $Masepie_string3
}