TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies
Common Information
| Type | Value |
|---|---|
| UUID | 96a0d09d-578f-4a2f-8408-822ab0b32990 |
| Fingerprint | 12b6bbddcf80113e7cad60891db048b82d89aad6528afb007accc24a0c6a292f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 15, 2024, 2:46 p.m. |
| Added to db | July 23, 2024, 11:20 a.m. |
| Last updated | Aug. 31, 2024, 7:32 a.m. |
| Headline | TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies |
| Title | TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies |
| Detected Hints/Tags/Attributes | 140/3/45 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2024-0716.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 38 | cve-2024-3400 |
|
| Details | CVE | 6 | cve-2019-9621 |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 1 | www.megtech.xyz |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | File | 1 | ntmssvc.dll |
|
| Details | File | 1 | removablestorage.dll |
|
| Details | File | 41 | svhost.exe |
|
| Details | sha1 | 1 | e3aab908800cb4601bc4a87ac9ac48d816ced57c |
|
| Details | sha1 | 1 | 8eb3617768ce4693b726bb8187e5cccea3359de0 |
|
| Details | sha256 | 1 | 9b6bc9e7ed924900e5dfb8df2ac0916fbe6913a7717c341152f5c17ae017278c |
|
| Details | sha256 | 1 | e3aab908800cb4601bc4a87ac9ac48d816ced57cdb409b6e2468956cc50bdf04 |
|
| Details | sha256 | 1 | 8eb3617768ce4693b726bb8187e5cccea3359de0196d6f2bbe555c31f12d1234 |
|
| Details | sha256 | 1 | 23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6 |
|
| Details | sha256 | 1 | ec45da0ca70a9b71652cc95d51665f7ad568294bd5652c395a119bccd613e9b4 |
|
| Details | sha256 | 1 | b8cab11421eb4731c16cf3c34ca2b3f2a758d5e112f877b90a18b3e146c8add0 |
|
| Details | IPv4 | 1 | 209.141.57.75 |
|
| Details | IPv4 | 1 | 216.238.68.36 |
|
| Details | IPv4 | 1 | 209.141.50.215 |
|
| Details | IPv4 | 1 | 209.141.46.83 |
|
| Details | IPv4 | 1 | 205.185.126.208 |
|
| Details | IPv4 | 1 | 38.54.115.34 |
|
| Details | IPv4 | 1 | 209.141.42.131 |
|
| Details | IPv4 | 1 | 104.244.79.119 |
|
| Details | IPv4 | 1 | 207.246.108.119 |
|
| Details | IPv4 | 1 | 38.54.15.164 |
|
| Details | IPv4 | 1 | 198.98.49.41 |
|
| Details | IPv4 | 1 | 205.185.127.12 |
|
| Details | IPv4 | 1 | 205.185.117.73 |
|
| Details | IPv4 | 1 | 209.141.37.217 |
|
| Details | IPv4 | 1 | 205.185.121.169 |
|
| Details | IPv4 | 1 | 144.202.125.201 |
|
| Details | IPv4 | 1 | 173.254.229.93 |
|
| Details | IPv4 | 1 | 205.185.122.35 |
|
| Details | IPv4 | 1 | 209.141.47.6 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | MITRE ATT&CK Techniques | 62 | T1583.003 |
|
| Details | MITRE ATT&CK Techniques | 56 | T1595.002 |
|
| Details | MITRE ATT&CK Techniques | 542 | T1190 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 40 | T1027.009 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1027.013 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 33 | T1102.002 |
|
| Details | Threat Actor Identifier by Recorded Future | 2 | TAG-100 |