Study of targeted attacks on Russian research institutes
Show in Graph
Image Description
Common Information
Type Value
UUID 622d552e-6ff9-4dd2-8e95-c3fd1ccd2753
Fingerprint 653313db392541653a67206f65747d4ab84a759a8989fc58c2868b0f572ca344
Analysis status DONE
Considered CTI value 2
Text language
Published April 2, 2021, 1:58 p.m.
Added to db April 14, 2024, 2:22 a.m.
Last updated Aug. 31, 2024, 5:24 a.m.
Headline Study of targeted attacks on Russian research institutes
Title Study of targeted attacks on Russian research institutes
Detected Hints/Tags/Attributes 109/3/73
Source URLs
Redirection Url
Details Source https://st.drweb.com/static/new-www/news/2021/april/drweb_research_attacks_on_russian_research_institutes_en.pdf
URL Provider
Details Provider Source level domain
Details drweb.com st.drweb.com
Attributes
Details Type #Events CTI Value
Details Domain 15 
www.drweb.com
Details Domain 1 
kommesantor.com
Details Domain 2 
7b296fb0.cab
Details Domain 707 
google.com
Details Domain 1 
atob.kommesantor.com
Details Domain 2 
www.mail.ru
Details Domain 1 
term.internnetionfax.com
Details Domain 1 
rps.news-click.net
Details Domain 1 
www2.morgoclass.com
Details Domain 2 
www1.dotomater.club
Details Domain 3 
ns02.ns02.us
Details Domain 1 
eye.darknightcloud.com
Details Domain 1 
snow.swingfished.com
Details Domain 1 
mcutil.dll.bbc
Details Domain 1 
skype.swingfished.com
Details Domain 1 
dog.darknightcloud.com
Details Domain 1 
home.sysclearprom.space
Details Domain 1 
tick.sysclearprom.space
Details Domain 1 
atlas.golianbooks.com
Details Domain 1 
dm.golianbooks.com
Details File 14 
backdoor.pl
Details File 2 
backdoor.log
Details File 1 
%temp%\wz9jan10.tmp
Details File 2 
7b296fb0.cab
Details File 1 
%temp%\wcrypt32.dll
Details File 2 
%windir%\debug\netlogon.cfg
Details File 2126 
cmd.exe
Details File 1 
sk.exe
Details File 1 
wcrypt32.dll
Details File 1 
test0.dat
Details File 1 
stager.dll
Details File 1 
%windir%\\system32\\dllhost.exe
Details File 2 
www1.dot
Details File 2 
client_dll.dll
Details File 1 
0xd.html
Details File 1 
0.htm
Details File 1 
%s.htm
Details File 3 
o.html
Details File 1 
state.dll
Details File 1 
%appdata%\wins.tmp
Details File 1260 
explorer.exe
Details File 459 
regsvr32.exe
Details File 1 
ssdtvrs.dll
Details File 1 
acess.exe
Details File 1 
skeye.exe
Details File 2 
ccl100u.dll
Details File 3 
ftps.dll
Details File 1 
irmon32.dll
Details File 1 
dnvdisp32.dll
Details File 12 
mcutil.dll
Details md5 1 
0b33a10c0b286c6ffa1d45b261d8a338
Details sha1 2 
2f80f51188dc9aea697868864d88925d64c26abc
Details sha1 1 
9ea2488f07bf3edda23d9b7759c2d0c3c8501f92
Details sha1 2 
81bb895a833594013bc74b429fb1f24f9ec9df26
Details sha1 1 
a259db436aa8883cc99af1d59f05f4b1d97c178b
Details sha1 1 
b0ff476e3a273af600840d0f3dcd099274035e76
Details sha1 1 
14a652b5b9d71171224541ce2b950cf55da38190
Details sha1 1 
f76ae6ee508cf22f52b8533d704667a1893860d9
Details sha1 1 
fffec74a6330e25f97b687f989bb287aeb5fbb76
Details sha1 1 
bfa1e457afbb1f160094f65b456503b64832d249
Details sha1 1 
ce3fc5b40231b5a9dd4aeeb0f0c7ef6f7779c53e
Details sha1 1 
b33e65fd1790260ad47a0dbdad2f12f555a0d6ca
Details sha1 1 
fc698eb0d7d6948605a7e5ba6708752b691a3fec
Details sha1 1 
ad5fc8dfe8341d08c118abe72caa7cc8d40efa11
Details IPv4 1 
103.97.124.193
Details IPv4 1 
144.34.145.168
Details IPv4 1 
103.91.67.251
Details IPv4 1 
185.70.185.231
Details IPv4 1 
45.76.34.147
Details Url 1 
https://atob.kommesantor.com/?t=%d&&s=%d&&p=%s&&k=%d
Details Url 1 
https://atob.kommesantor.com/?e=%d&&t=%d&&k=%
Details Windows Registry Key 31 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Details Windows Registry Key 1 
HKCU\Software\Microsoft\Keyboard