Threat Advisory
Common Information
| Type | Value |
|---|---|
| UUID | ac8561ca-bb78-4e55-a6d8-fa0d2d7c83e2 |
| Fingerprint | 78f41a584aebad9b8bd5bcca42417b10db85ba1cbf129ebd0466031bfce82e73 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 2, 2024, 7:18 p.m. |
| Added to db | Feb. 7, 2024, 7:47 p.m. |
| Last updated | Aug. 31, 2024, 2:49 a.m. |
| Headline | Threat Advisory |
| Title | Threat Advisory |
| Detected Hints/Tags/Attributes | 105/3/60 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 19 | UAC-0028 |
|
| Details | Domain | 19 | client.py |
|
| Details | Domain | 3 | czyrqdnvpujmmjkfhhvs4knf1av02demj.oast.fun |
|
| Details | Domain | 3 | czyrqdnvpujmmjkfhhvsclx05sfi23bfr.oast.fun |
|
| Details | Domain | 2 | czyrqdnvpujmmjkfhhvsgapqr3hclnhhj.oast.fun |
|
| Details | Domain | 3 | czyrqdnvpujmmjkfhhvsvlaax17vd5r6v.oast.fun |
|
| Details | Domain | 2 | wody.zip |
|
| Details | Domain | 3 | nas-files.firstcloudit.com |
|
| Details | Domain | 3 | ua-calendar.firstcloudit.com |
|
| Details | Domain | 3 | e-nas.firstcloudit.com |
|
| Details | Domain | 3 | bahouholdings.com |
|
| Details | Domain | 3 | facadesolutionsuae.com |
|
| Details | Domain | 3 | webmail.facadesolutionsuae.com |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 435 | www.hivepro.com |
|
| Details | 2 | jrb@bahouholdings.com |
||
| Details | 2 | qasim.m@facadesolutionsuae.com |
||
| Details | File | 19 | client.py |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 2 | strategyua.pdf |
|
| Details | md5 | 2 | 9724cecaa8ca38041ee9f2a42cc5a297 |
|
| Details | md5 | 2 | 5f126b2279648d849e622e4be910b96c |
|
| Details | md5 | 2 | 47f4b4d8f95a7e842691120c66309d5b |
|
| Details | md5 | 2 | 8d1b91e8fb68e227f1933cfab99218a4 |
|
| Details | md5 | 2 | 6fdd416a768d04a1af1f28ecaa29191b |
|
| Details | md5 | 2 | 5db75e816b4cef5cc457f0c9e3fc4100 |
|
| Details | md5 | 2 | 6128d9bf34978d2dc7c0a2d463d1bcdd |
|
| Details | md5 | 2 | 825a12e2377dd694bbb667f862d60c43 |
|
| Details | md5 | 2 | acd9fc44001da67f1a3592850ec09cb7 |
|
| Details | IBM X-Force - Threat Group Enumeration | 12 | ITG05 |
|
| Details | IPv4 | 2 | 173.239.196.66 |
|
| Details | IPv4 | 3 | 194.126.178.8 |
|
| Details | IPv4 | 2 | 88.209.251.6 |
|
| Details | IPv4 | 3 | 74.124.219.71 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1095 |
|
| Details | MITRE ATT&CK Techniques | 126 | T1567 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1021 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 106 | T1204.001 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | MITRE ATT&CK Techniques | 207 | T1547 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 534 | T1005 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 14 | T1071.003 |
|
| Details | MITRE ATT&CK Techniques | 96 | T1132 |
|
| Details | MITRE ATT&CK Techniques | 99 | T1132.001 |
|
| Details | MITRE ATT&CK Techniques | 95 | T1572 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Threat Actor Identifier by NSA | 9 | SIG40 |
|
| Details | Threat Actor Identifier by Recorded Future | 6 | TAG-0700 |
|
| Details | Threat Actor Identifier by SecureWorks | 15 | TG-4127 |
|
| Details | Threat Actor Identifier by Tencent | 6 | T-APT-12 |
|
| Details | Threat Actor Identifier by Thales | 6 | ATK 5 |
|
| Details | Url | 5 | https://cert.gov.ua/article/6276894 |
|
| Details | Url | 2 | https://www.hivepro.com/threat-advisory/apt28s-tactical-exploitation-of-critical- |