EPS Processing Zero-Days Exploited by Multiple Threat Actors | Mandiant
Tags
| country: | Russia Syria |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 02151bfe-1c8f-49a5-84d9-89dd2be5b182 |
| Fingerprint | b67529fa80b287c4 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 9, 2017, midnight |
| Added to db | Nov. 6, 2023, 7:09 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | EPS Processing Zero-Days Exploited by Multiple Threat Actors |
| Title | EPS Processing Zero-Days Exploited by Multiple Threat Actors | Mandiant |
| Detected Hints/Tags/Attributes | 53/3/22 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 13 | cve-2017-0261 |
|
| Details | CVE | 14 | cve-2017-0262 |
|
| Details | CVE | 17 | cve-2017-0263 |
|
| Details | CVE | 5 | cve-2017-0001 |
|
| Details | CVE | 22 | cve-2016-7255 |
|
| Details | CVE | 269 | cve-2017-0199 |
|
| Details | Domain | 1 | tnsc.webredirect.org |
|
| Details | Domain | 3 | wmdmediacodecs.com |
|
| Details | File | 5 | fltldr.exe |
|
| Details | File | 1 | en17.docx |
|
| Details | File | 1 | confirmation_letter.docx |
|
| Details | File | 2 | trump's_attack_on_syria_english.docx |
|
| Details | File | 1 | confirmation_letter_acm.docx |
|
| Details | md5 | 1 | 2abe3cc4bff46455a945d56c27e9fb45 |
|
| Details | md5 | 1 | e091425d23b8db6082b40d25e938f871 |
|
| Details | md5 | 1 | 006bdb19b6936329bffd4054e270dc6a |
|
| Details | md5 | 1 | 15660631e31c1172ba5a299a90938c02 |
|
| Details | md5 | 2 | f8e92d8b5488ea76c40601c8f1a08790 |
|
| Details | IPv4 | 1 | 84.200.2.12 |
|
| Details | IPv4 | 1 | 138.201.44.30 |
|
| Details | IPv4 | 1 | 185.106.122.113 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |