ioc[.]one - OSINT Cyber Threat Intelligence Database

Taking Microsoft Office by "Storm"

Tags

country:	Russia
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	0f4e9931-c3df-4e97-8fe0-0c770ae001d3
Fingerprint	365029130e0cfdc3
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 18, 2023, 6:05 p.m.
Added to db	Aug. 12, 2023, 9:13 a.m.
Last updated	Nov. 17, 2024, 12:52 p.m.
Headline	Taking Microsoft Office by "Storm"
Title	Taking Microsoft Office by "Storm"
Detected Hints/Tags/Attributes	61/2/48

Source URLs

	Redirection	Url
Details	Source	https://www.varonis.com/blog/taking-microsoft-office-by-storm

URL Provider

Details	Provider	Source level domain
Details	varonis.com	www.varonis.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	394	✔	Varonis Blog	https://www.varonis.com/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	119	cve-2023-36884
Details	Domain	5	ukrainianworldcongress.info
Details	Domain	2	ukrainianworldcongress.org
Details	File	1	_file001.zip
Details	File	1	2222.chm
Details	File	1	file1.htm
Details	File	1	file1.mht
Details	File	1	fileh.htm
Details	File	1	fileh.mht
Details	File	109	index.htm
Details	File	5	file001.url
Details	File	2	letter_nato_summit_vilnius_2023_eng.docx
Details	File	9	overview_of_uwcs_ukraineinnato_campaign.docx
Details	File	1	doc_dld.asp
Details	File	7	filename.doc
Details	File	7	afchunk.rtf
Details	File	2	_file001.htm
Details	File	5	start.xml
Details	File	3	o2010.asp
Details	File	2	rfile.asp
Details	File	3	zip_k.asp
Details	File	3	zip_k2.asp
Details	File	3	zip_k3.asp
Details	sha256	7	07377209fe68a98e9bca310d9749daa4eb79558e9fc419cf0b02a9e37679038d
Details	sha256	8	3a3138c5add59d2172ad33bc6761f2f82ba344f3d03a2269c623f22c1a35df97
Details	sha256	9	a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f
Details	sha256	1	ddf15e9ed54d18960c28fb9a058662e7a26867776af72900697400cb567c79be
Details	sha256	8	e7cfeb023c3160a7366f209a16a6f6ea5a0bc9a3ddc16c6cba758114dfe6b539
Details	IPv4	7	104.234.239.26
Details	IPv4	1	213.139.204.173
Details	IPv4	5	66.23.226.102
Details	IPv4	7	74.50.94.156
Details	IPv4	4	94.232.40.34
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	79	Storm-0978
Details	Url	1	http://74.50.94.156/mshtml_c7/doc_dld.asp?filename=<filename.doc
Details	Url	1	http://104.234.239.26/share1/mshtml_c7/1/<victim_ip>_<5_char_hex_id>_file001.htm?d=
Details	Url	1	http://104.234.239.26/share1/mshtml_c7/1/<victim_ip>_<5_char_hex_id>_file001.zip
Details	Url	1	http://104.234.239.26/share1/mshtml_c7/file001.url
Details	Url	1	http://66.23.226.102/mshtml_c7/start.xml
Details	Url	1	http://74.50.94.156/mshtml_c7/o2010.asp?d=
Details	Url	1	http://74.50.94.156/mshtml_c7/rfile.asp
Details	Url	3	http://74.50.94.156/mshtml_c7/start.xml
Details	Url	1	http://74.50.94.156/mshtml_c7/zip_k.asp?d=
Details	Url	1	http://74.50.94.156/mshtml_c7/zip_k2.asp?d=
Details	Url	1	http://74.50.94.156/mshtml_c7/zip_k3.asp?d=
Details	Url	1	http://94.232.40.34/mshtml_c7/start.xml
Details	Url	1	http://www.ukrainianworldcongress.info/sites/default/files/document/forms/2023/letter_nato_summit_vilnius_2023_eng.docx
Details	Url	1	https://www.ukrainianworldcongress.info/sites/default/files/document/forms/2023/overview_of_uwcs_ukraineinnato_campaign.docx