TLP: WHITE
Common Information
| Type | Value |
|---|---|
| UUID | a7c8d72d-bb28-433f-89e2-36b457b2469e |
| Fingerprint | 585f519ef975f707b0200241c96dd121bded307b2ff7efaad8befc484c1bd3b9 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Dec. 16, 2016, 10:17 a.m. |
| Added to db | March 10, 2024, 6:24 a.m. |
| Last updated | Aug. 31, 2024, 7:53 a.m. |
| Headline | TLP: WHITE |
| Title | TLP: WHITE |
| Detected Hints/Tags/Attributes | 124/3/51 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 48 | cve-2015-1641 |
|
| Details | CVE | 57 | cve-2016-4117 |
|
| Details | Domain | 57 | www.ptsecurity.com |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | Domain | 16 | www.group-ib.ru |
|
| Details | Domain | 202 | krebsonsecurity.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 6 | cobaltstrike.com |
|
| Details | Domain | 2 | curs.md |
|
| Details | Domain | 2 | mail.peacedatamap.com |
|
| Details | Domain | 2 | temp-mail.ru |
|
| Details | Domain | 2 | lackmail.ru |
|
| Details | Domain | 246 | mail.ru |
|
| Details | Domain | 29 | sendspace.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 5 | ammyy.com |
|
| Details | Domain | 2 | 40kasperskyc.com |
|
| Details | Domain | 4 | www.ammyy.com |
|
| Details | Domain | 226 | ptsecurity.com |
|
| Details | 2 | sesati@lackmail.ru |
||
| Details | 57 | info@ptsecurity.com |
||
| Details | File | 1 | corporate_vulnerability_2016_eng.pdf |
|
| Details | File | 9 | cobalt.html |
|
| Details | File | 6 | gib-buhtrap-report.pdf |
|
| Details | File | 5 | group-ib-corkow-report-en.pdf |
|
| Details | File | 6 | anunak_apt_against_financial_institutions.pdf |
|
| Details | File | 48 | documents.exe |
|
| Details | File | 3 | backdoor.bat |
|
| Details | File | 4 | aa_v3.exe |
|
| Details | File | 2 | winapma.exe |
|
| Details | File | 2 | atm.exe |
|
| Details | File | 6 | crss.exe |
|
| Details | File | 3 | crss.dll |
|
| Details | File | 17 | artifact.exe |
|
| Details | File | 2 | tkg.exe |
|
| Details | File | 2 | offer.doc |
|
| Details | File | 29 | jusched.exe |
|
| Details | File | 40 | netscan.exe |
|
| Details | IPv4 | 2 | 23.249.164.26 |
|
| Details | IPv4 | 2 | 149.56.115.70 |
|
| Details | IPv4 | 2 | 142.91.104.135 |
|
| Details | IPv4 | 2 | 173.254.204.67 |
|
| Details | IPv4 | 3 | 23.152.0.210 |
|
| Details | IPv4 | 2 | 185.82.202.232 |
|
| Details | Url | 4 | http://www.group-ib.com/cobalt.html |
|
| Details | Url | 2 | http://www.group-ib.ru/brochures/gib-buhtrap-report.pdf |
|
| Details | Url | 2 | http://www.group-ib.ru/brochures/group-ib-corkow-report-en.pdf |
|
| Details | Url | 3 | http://www.group-ib.com/files/anunak_apt_against_financial_institutions.pdf |
|
| Details | Url | 2 | https://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-sale-division |
|
| Details | Url | 3 | https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks |
|
| Details | Url | 2 | https://cobaltstrike.com |