Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
Common Information
| Type | Value |
|---|---|
| UUID | 9eb910aa-f81e-48b9-b491-663f592ecde4 |
| Fingerprint | 69f3a9277b550c61997961c27928eb98d7a2713260c44c9a73f1b1def8b5df87 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 18, 2022, 11:54 a.m. |
| Added to db | March 10, 2024, 1:12 a.m. |
| Last updated | Aug. 31, 2024, 2:52 a.m. |
| Headline | Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine |
| Title | Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine |
| Detected Hints/Tags/Attributes | 162/3/94 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2022-0919.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 11 | UAC-0113 |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 6 | warzone.ws |
|
| Details | Domain | 2 | datagroup.ddns.net |
|
| Details | Domain | 2 | kyiv-star.ddns.net |
|
| Details | Domain | 134 | shodan.io |
|
| Details | Domain | 2 | ett.ddns.net |
|
| Details | Domain | 2 | darkett.ddns.net |
|
| Details | Domain | 2 | ett.ua |
|
| Details | Domain | 41 | ddns.net |
|
| Details | Domain | 2 | kievstar.online |
|
| Details | Domain | 2 | ett.hopto.org |
|
| Details | Domain | 2 | star-link.ddns.net |
|
| Details | Domain | 23 | hopto.org |
|
| Details | Domain | 2 | star-cz.ddns.net |
|
| Details | Domain | 2 | kyivstar.online |
|
| Details | Domain | 3 | porodicno.ba |
|
| Details | Domain | 2 | fr3d.hk |
|
| Details | Domain | 1 | jkvgvcguygytfigj.cc |
|
| Details | Domain | 1 | ghbbgyv.cx |
|
| Details | Domain | 1 | darkfox.ddns.net |
|
| Details | Domain | 1 | darksea.ddns.net |
|
| Details | Domain | 2 | yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx |
|
| Details | Domain | 2 | zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc |
|
| Details | Domain | 1 | whatportis.com |
|
| Details | Domain | 1 | account.adfs.kyivstar.online |
|
| Details | Domain | 1 | adfs.kyivstar.online |
|
| Details | Domain | 1 | login.adfs.kyivstar.online |
|
| Details | Domain | 1 | login.kyivstar.online |
|
| Details | Domain | 1 | outlook.adfs.kyivstar.online |
|
| Details | Domain | 1 | www.kyivstar.online |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | File | 1 | 3_заява-на-отримання-компенсації.iso |
|
| Details | File | 1 | компенсації.iso |
|
| Details | File | 1 | jfilyg7.exe |
|
| Details | File | 1 | сімям-загиблих2.doc |
|
| Details | File | 1 | families-of-the-deceased2.doc |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 4 | c:\programdata\conhost.exe |
|
| Details | File | 137 | conhost.exe |
|
| Details | File | 1 | variable.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 101 | gate.php |
|
| Details | File | 3 | programs.bat |
|
| Details | File | 1 | mscommondriver.exe |
|
| Details | File | 1 | додаткової-знижки-сімям-загиблих2.doc |
|
| Details | File | 1 | компенсації-додаткової-знижки-сімям-загиблих2.doc |
|
| Details | File | 1 | discount-for-the-families-of-the-deceased2.doc |
|
| Details | File | 1 | 3_заява-на-отримання-компенсації-додаткової-знижки-сімям-загиблих2.doc |
|
| Details | File | 1 | advtool.dll |
|
| Details | File | 1 | dhcp.dll |
|
| Details | File | 1 | hotspot.dll |
|
| Details | File | 1 | mpls.dll |
|
| Details | File | 1 | pim.dll |
|
| Details | File | 1 | ppp.dll |
|
| Details | File | 1 | roteros.dll |
|
| Details | File | 1 | roting4.dll |
|
| Details | File | 1 | secure.dll |
|
| Details | File | 57 | system.dll |
|
| Details | File | 1 | wlan6.dll |
|
| Details | File | 1 | icons.png |
|
| Details | File | 1 | icons24.png |
|
| Details | File | 1 | icons32.png |
|
| Details | File | 2 | get-variable.exe |
|
| Details | File | 1 | знижки-сімям-загиблих2.doc |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 2 | ellocnak.xml |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 64 | logins.json |
|
| Details | File | 2 | c:\\users\\vitali kremez\\documents\\midgetporn\\workspace\\msgbox.exe |
|
| Details | File | 1 | c:\\users\\louis\\documents\\workspace\\mortycrypter\\msgbox.exe |
|
| Details | sha1 | 1 | bc4cab14e4b378a7b98185367b4778f92eb4335f |
|
| Details | sha1 | 1 | a5a20063c8699c66f5292ed1da7c860360baf6cf |
|
| Details | sha256 | 2 | 1c6643b479614340097a8071c9f880688af5a82db7b6e755beafe7301eea1abf |
|
| Details | sha256 | 1 | 44673a8ff098f12910c441c5697d27889dd1c5fd4aef875d4cf381227eac3a2b |
|
| Details | sha256 | 1 | aa2d97b5be06be67ec04774ad681da6113ee2b4929c0539929bbac19926682c8 |
|
| Details | sha256 | 1 | 722c36abd195cce70ee25b48d6e64873262e046eae7433976120a1496f01487d |
|
| Details | sha256 | 1 | 98c9e85c013d0404e2c595958a77f4d1cafeb122efde9efc3a83a59b1233b58f |
|
| Details | sha256 | 1 | ed8894af2c305e46c5fc8cdefa21e4535a601aa58d06d1beed17bb2c9e51b271 |
|
| Details | sha256 | 1 | bc4cab14e4b378a7b98185367b4778f92eb4335faba1a4503f4cfb7aba8f13e7 |
|
| Details | sha256 | 1 | a5a20063c8699c66f5292ed1da7c860360baf6cf2a52f33c2c0b8873a995397c |
|
| Details | IPv4 | 2 | 31.7.58.82 |
|
| Details | IPv4 | 2 | 103.150.187.121 |
|
| Details | IPv4 | 2 | 94.153.171.42 |
|
| Details | IPv4 | 2 | 217.77.221.199 |
|
| Details | IPv4 | 2 | 103.27.202.127 |
|
| Details | IPv4 | 1 | 65.108.213.210 |
|
| Details | IPv4 | 1 | 94.158.156.4 |
|
| Details | IPv4 | 1 | 91.200.114.141 |
|
| Details | IPv4 | 18 | 127.0.0.2 |
|
| Details | IPv4 | 79 | 1.2.3.4 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Url | 1 | https://fr3d.hk/blog/colibri-loader-back-to-basics |
|
| Details | Url | 1 | https://whatportis.com/ports/8291_winbox-default-on-a-mikrotik- |