ioc[.]one - OSINT Cyber Threat Intelligence Database

202402151300_Russian Threat Actors Targeting the HPH Sector_TLPCLEAR

Show in Graph

Common Information

Type	Value
UUID	6244e483-ba17-450c-a9a3-ec34f2628456
Fingerprint	8e2ec677a18305c7ed85225da45e817fc015f58ed83ccf212fce053b1c6562da
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2024, 1:45 p.m.
Added to db	May 14, 2024, 10:04 p.m.
Last updated	Aug. 31, 2024, 7:21 a.m.
Headline	202402151300_Russian Threat Actors Targeting the HPH Sector_TLPCLEAR
Title	202402151300_Russian Threat Actors Targeting the HPH Sector_TLPCLEAR
Detected Hints/Tags/Attributes	268/3/132

Source URLs

	Redirection	Url
Details	Source	https://www.hhs.gov/sites/default/files/russian-threat-actors-targeting-the-hph-sector-tlpclear.pdf

URL Provider

Details	Provider	Source level domain
Details	hhs.gov	www.hhs.gov

Attributes

Details	Type	#Events	Value
Details	CVE	53	cve-2023-42793
Details	CVE	176	cve-2023-23397
Details	CVE	12	cve-2022-34721
Details	CVE	184	cve-2021-26855
Details	CVE	91	cve-2021-34527
Details	CVE	68	cve-2020-14882
Details	CVE	71	cve-2020-0688
Details	Domain	40	xss.is
Details	Domain	110	exploit.in
Details	Domain	27	flare.io
Details	Domain	251	www.bleepingcomputer.com
Details	Domain	36	www.hackread.com
Details	Domain	12	www.dni.gov
Details	Domain	78	socradar.io
Details	Domain	37	www.blackberry.com
Details	Domain	177	www.wired.com
Details	Domain	3	www.fiercehealthcare.com
Details	Domain	124	www.sentinelone.com
Details	Domain	124	www.ibm.com
Details	Domain	83	www.theguardian.com
Details	Domain	23	www.gov.uk
Details	Domain	2	munit.io
Details	Domain	21	cyware.com
Details	Domain	469	www.cisa.gov
Details	Domain	128	www.fbi.gov
Details	Domain	1	isac.org
Details	Domain	15	www.healthcareitnews.com
Details	Domain	6	statescoop.com
Details	Domain	99	therecord.media
Details	Domain	224	unit42.paloaltonetworks.com
Details	Domain	17	www.varonis.com
Details	Domain	26	flashpoint.io
Details	Domain	5	www.defense.gov
Details	Domain	2	www.thecipherbrief.com
Details	Domain	604	www.trendmicro.com
Details	Domain	1	www.govinfosecurity.com
Details	Domain	172	www.crowdstrike.com
Details	Domain	8	www.csis.org
Details	Domain	45	www.bankinfosecurity.com
Details	Domain	137	securityaffairs.com
Details	Domain	1	www.slcyber.io
Details	Domain	1	www.axel.org
Details	Domain	2	globalinitiative.net
Details	Domain	71	cybernews.com
Details	Domain	111	www.justice.gov
Details	Domain	4	cepa.org
Details	Domain	13	www.rferl.org
Details	Domain	53	blogs.blackberry.com
Details	Domain	41	www.hhs.gov
Details	Domain	151	www.bbc.com
Details	Domain	768	www.youtube.com
Details	Domain	7	www.truesec.com
Details	Domain	1	buzzmeter.in
Details	Domain	202	krebsonsecurity.com
Details	Domain	3	www.techfinitive.com
Details	Domain	8	www.zerofox.com
Details	Domain	23	hhs.gov
Details	Email	18	hc3@hhs.gov
Details	File	1	unclassified-report.pdf
Details	File	1	0networks.pdf
Details	File	252	www.cs
Details	File	1	varian-medical-systems-lockbit-ransomware.html
Details	File	1	31590996.html
Details	File	1	black-basta-threat-profile.pdf
Details	File	1	us-healthcare-industry-threat-landscape-report.pdf
Details	Mandiant Uncategorized Groups	25	UNC2165
Details	Threat Actor Identifier - APT	783	APT28
Details	Threat Actor Identifier - APT	665	APT29
Details	Threat Actor Identifier by NSA	5	SIG23
Details	Threat Actor Identifier by Recorded Future	24	TAG-53
Details	Threat Actor Identifier by SecureWorks	15	TG-4127
Details	Threat Actor Identifier - FIN	377	FIN7
Details	Threat Actor Identifier - FIN	127	FIN11
Details	Url	1	https://flare.io/learn/resources/blog/dark-web-forums
Details	Url	2	https://www.bleepingcomputer.com/news/security/blackmatter-
Details	Url	1	https://www.hackread.com/cl0p-ransomware-moveit-data-clearweb-sites
Details	Url	1	https://www.dni.gov/files/odni/documents/assessments/ata-2023-
Details	Url	1	https://socradar.io/apt-profile-cozy-bear-
Details	Url	1	https://socradar.io/apt-profile-sandworm
Details	Url	1	https://socradar.io/apt-profile-turla
Details	Url	2	https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-
Details	Url	3	https://www.wired.com/story/russia-hacking-xaknet-killnet
Details	Url	1	https://www.fiercehealthcare.com/health-tech/attack-notorious-ransomware-group-
Details	Url	1	https://flare.io/learn/resources/initial-
Details	Url	1	https://www.sentinelone.com/anthology/conti
Details	Url	1	https://www.ibm.com/downloads/cas/e3g5jmbp
Details	Url	1	https://www.theguardian.com/commentisfree/2018/jul/24/darknet-dark-web-hacking-forum-
Details	Url	1	https://www.gov.uk/government/publications/russias-
Details	Url	1	https://socradar.io/dark-web-
Details	Url	1	https://munit.io/a-deep-dive-into-the-russian-cybercrime-forums-shaping-2023s-landscape
Details	Url	1	https://cyware.com/news/fancy-bear-and-venomous-bear-whats-the-difference-between-
Details	Url	1	https://www.cisa.gov/sites/default/files/publications/conti%2520ransomware%2520healthcare%252
Details	Url	1	https://www.fbi.gov/wanted/cyber/andrey-stanislavovich-korinets
Details	Url	1	https://www.fbi.gov/wanted/cyber/ruslan-aleksandrovich-peretyatko
Details	Url	1	https://www.healthcareitnews.com/news/russians-who-deployed-
Details	Url	1	https://statescoop.com/ransomware-gang-dallas-offshoot-conti-group
Details	Url	1	https://www.bleepingcomputer.com/news/security/dallas-says-royal-ransomware-breached-its-
Details	Url	1	https://www.wired.com/story/russia-gru-sandworm-serebriakov
Details	Url	1	https://therecord.media/blackbasta-ransom-payments
Details	Url	1	https://unit42.paloaltonetworks.com/conti-ransomware-gang
Details	Url	1	https://www.varonis.com/blog/blackcat-ransomware
Details	Url	1	https://flashpoint.io/blog/lockbit
Details	Url	1	https://www.defense.gov/news/news-stories/article/article/2618386/in-
Details	Url	1	https://www.thecipherbrief.com/main-enemy-russian-active-measures-united-states-1090
Details	Url	2	https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-
Details	Url	1	https://www.govinfosecurity.com/russian-apts-stakes-are-so-high-for-
Details	Url	1	https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-
Details	Url	1	https://www.csis.org/analysis/russian-
Details	Url	1	https://www.bankinfosecurity.com/how-conti-ransomware-works-a-15763
Details	Url	1	https://securityaffairs.com/149307/cyber-
Details	Url	1	https://www.slcyber.io/dark-web-hub/?loader=false#hacking_forums
Details	Url	1	https://www.axel.org/2020/11/27/ransomware-is-big-business-for-revil-hacker-group
Details	Url	1	https://globalinitiative.net/analysis/conti-ransomware-group-
Details	Url	1	https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-
Details	Url	2	https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a
Details	Url	2	https://unit42.paloaltonetworks.com/royal-ransomware
Details	Url	1	https://cybernews.com/news/summit-health-lockbit-ransomware-
Details	Url	1	https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-
Details	Url	1	https://cepa.org/comprehensive-reports/russian-
Details	Url	1	https://www.rferl.org/a/russia-china-
Details	Url	1	https://blogs.blackberry.com/en/2022/12/cybers-most-
Details	Url	1	https://www.hhs.gov/sites/default/files/black-basta-threat-profile.pdf
Details	Url	1	https://www.bbc.com/news/technology-60378009
Details	Url	1	https://socradar.io/under-the-spotlight-
Details	Url	4	https://www.cisa.gov/news-
Details	Url	1	https://socradar.io/wp-content/uploads/2023/06/us-healthcare-industry-threat-landscape-report.pdf
Details	Url	1	https://www.youtube.com/watch?v=a_5htiae9la
Details	Url	1	https://www.truesec.com/hub/blog/russian-hacktivism
Details	Url	1	https://buzzmeter.in/what-is-star-blizzard-in-news
Details	Url	2	https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain
Details	Url	1	https://www.techfinitive.com/explainers/what-is-alphv-blackcat
Details	Url	1	https://www.zerofox.com/advisories/22551