Хактивисты C.A.S атакуют российские организации при помощи редких RAT
Tags
Common Information
Type | Value |
---|---|
UUID | 0d5a8b34-874a-45cc-920f-3ce60e2657f9 |
Fingerprint | 1599fd8343b38d42 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Dec. 18, 2024, 1 p.m. |
Added to db | Dec. 18, 2024, 11:13 a.m. |
Last updated | Dec. 23, 2024, 6:09 p.m. |
Headline | Сквозь тени анархии: разбираем атаки Cyber Anarchy Squad |
Title | Хактивисты C.A.S атакуют российские организации при помощи редких RAT |
Detected Hints/Tags/Attributes | 50/2/39 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 224 | ✔ | Securelist | https://securelist.ru/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 39 | intptr.zero |
|
Details | Domain | 4 | itsfreerepublic.com |
|
Details | File | 2335 | cmd.exe |
|
Details | File | 129 | sqlservr.exe |
|
Details | File | 1356 | powershell.exe |
|
Details | File | 3 | rm.ps1 |
|
Details | File | 3 | sdc.exe |
|
Details | File | 288 | net.exe |
|
Details | File | 437 | c:\windows\system32\cmd.exe |
|
Details | File | 3 | rpchost.exe |
|
Details | File | 17 | application.exe |
|
Details | File | 45 | svhost.exe |
|
Details | File | 3 | svxhost.exe |
|
Details | File | 3 | program.sys |
|
Details | File | 305 | msiexec.exe |
|
Details | File | 3 | c:\windows\system32\svxhost.exe |
|
Details | File | 3 | c:\windows\system32\svrhost.exe |
|
Details | File | 3 | c:\windows\system32\drivers\etc\rpchost.exe |
|
Details | File | 3 | c:\windows\panther\ssbyt.exe |
|
Details | File | 3 | 3119.exe |
|
Details | File | 3 | ovpmhnjotowtj.exe |
|
Details | File | 9 | sysinfo.exe |
|
Details | File | 3 | ssbyt.exe |
|
Details | File | 5 | svrhost.exe |
|
Details | md5 | 3 | 48210CA2408DC76815AD1B7C01C1A21A |
|
Details | md5 | 3 | FC3A8EABD07A221B478A4DDD77DDCE43 |
|
Details | md5 | 3 | 6CBC93B041165D59EA5DED0C5F377171 |
|
Details | md5 | 3 | A2D098F44ABA4967826C3002541E3BB8 |
|
Details | md5 | 3 | BCEC17275114C6A87D8B7110AECEC5CC |
|
Details | md5 | 3 | 7E101596EEB43ED2DE78BB45D7031F7B |
|
Details | md5 | 3 | 23B873BB66DC09E91127E20825B6CBC7 |
|
Details | md5 | 3 | 8C70377554B291D4A231CF113398C00D |
|
Details | md5 | 3 | 1FCD4F83BF6414D79D5F29AD1E795B3D |
|
Details | IPv4 | 5 | 185.117.75.3 |
|
Details | IPv4 | 5 | 194.36.188.94 |
|
Details | IPv4 | 3 | 185.117.75.35 |
|
Details | MITRE ATT&CK Techniques | 592 | T1190 |
|
Details | Url | 3 | http://185.117.75.3:8092/sdc.exe |
|
Details | Windows Registry Key | 50 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |