YoroTrooper APT IOCs - SEC-1275-1
Tags
attack-pattern: | Powershell - T1059.001 Python - T1059.006 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 11c59a1d-5df0-4cc4-8419-1b6d5f0408d9 |
Fingerprint | 2e8938f05b20da4a |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Oct. 30, 2023, midnight |
Added to db | Oct. 30, 2023, 6:56 a.m. |
Last updated | Nov. 17, 2024, 12:58 p.m. |
Headline | YoroTrooper APT IOCs |
Title | YoroTrooper APT IOCs - SEC-1275-1 |
Detected Hints/Tags/Attributes | 14/1/102 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://1275.ru/ioc/2775/yorotrooper-apt-iocs-2/?from=rss |
URL Provider
Details | Provider | Source level domain |
---|---|---|
Details | 1275.ru | 1275.ru |
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | tpp.tj |
|
Details | Domain | 2 | auth.mail-ru.link |
|
Details | Domain | 3 | mail.az-link.email |
|
Details | Domain | 3 | mail.asco.az-link.email |
|
Details | Domain | 3 | redirect.az-link.email |
|
Details | File | 3 | file.js |
|
Details | File | 1 | mshostss.rar |
|
Details | File | 1 | png.php |
|
Details | File | 1 | rat.js |
|
Details | File | 2 | rat.php |
|
Details | File | 1 | startpng.js |
|
Details | File | 1 | 2208281.pdf |
|
Details | File | 2 | az.pdf |
|
Details | File | 27 | file.php |
|
Details | File | 207 | login.php |
|
Details | File | 2 | c1.exe |
|
Details | File | 25 | main.exe |
|
Details | File | 1 | main2.exe |
|
Details | File | 1 | resoluton.exe |
|
Details | File | 1 | wwser.exe |
|
Details | File | 1 | uap.txt |
|
Details | File | 1 | bossmaster.txt |
|
Details | File | 1 | azərbaycan_litva.jpg |
|
Details | File | 20 | login.aspx |
|
Details | File | 1 | rightupsbot.txt |
|
Details | sha1 | 2 | 75676763663a2f2f31302e3130302e3230302e32 |
|
Details | sha256 | 2 | 0a9908d8c4de050149883ca17625bbe97830ba61c3fe6b0ef704c65361027add |
|
Details | sha256 | 2 | 1828e2df0ad76ea503af7206447e40482669bb25624a60b0f77743cd70f819f6 |
|
Details | sha256 | 2 | 1e350b316cbc42917f10f6f12fa2a0b8ed2fa6b0159c36141bce18edb6ea7aa0 |
|
Details | sha256 | 2 | 30a969fa0492479b1c6ef6d23f8fcccf3d7af35b235d74cab2c0c2fc8c212ad4 |
|
Details | sha256 | 2 | 37c369f9a9cac898af2668b1287dea34c753119071a1c447b0bfecd171709340 |
|
Details | sha256 | 2 | 56fc680799999e38ce84c80e27788839f35ee817816de15b90aa39332fcc5aee |
|
Details | sha256 | 2 | 57d0336c0dbaf455229d2689bf82f9678eb519e017d40ba60a6d6b90f87321f8 |
|
Details | sha256 | 2 | 5a6b089b1d2dd66948f24ed2d9464ce61942c19e98922dd77d36427f6cded634 |
|
Details | sha256 | 2 | 8131bd594aff4f4e233ac802799df3422f423dc28e96646a09a2656563c4ad7c |
|
Details | sha256 | 2 | 832d58d9e067730a5705c8c307fd51c044d9697911043be9564593e05216e82a |
|
Details | sha256 | 2 | 8921c20539fc019a9127285ca43b35610f8ecb0151872cdd50acdaa12c23722d |
|
Details | sha256 | 2 | 93829ee93688a31f90572316ecb21702eab04886c8899c0a59deda3b2f96c4be |
|
Details | sha256 | 2 | 941be28004afc2c7c8248a86b5857a35ab303beb33c704640852741b925558a1 |
|
Details | sha256 | 2 | 9b81c5811ef3742cd4f45b6c3ba1ace70a0ce661acc42d974beaeddf307dd53d |
|
Details | sha256 | 2 | a25db1457cf6b52be481929755dd9699ed8d009aa30295b2bf54710cb07a2f22 |
|
Details | sha256 | 2 | a3b1c3faa287f6ba2f307af954bb2503b787ae2cd59ec65e0bdd7a0595ea8c7e |
|
Details | sha256 | 2 | a5d8924f7f285f907e7e394635f31564a371dd58fad8fc621bacd5a55ca5929b |
|
Details | sha256 | 2 | ab6a8718dffbe48fd8b3a74f4bcb241cde281acf9e378b0c2370a040e4d827da |
|
Details | sha256 | 2 | b4eac90e866f5ad8af37b43f5e9459e59ee1e7e2cbb284703c0ef7b1a13ee723 |
|
Details | sha256 | 2 | b6a5d6696cbb1690f75b0d9a42df8cefd444cfd3749be474535948a70ff2efd2 |
|
Details | sha256 | 2 | da75326cfebcca12c01e4a51ef77547465e03316c5f6fbce901ddcfe6425b753 |
|
Details | sha256 | 2 | e0c7479e36b20cd7c3ca85966968b258b1148eb645a544230062ec5dff563258 |
|
Details | sha256 | 2 | e95e64e7ba4ef18df0282df15fc97cc76ba57ea250a0df51469337f561cc67d3 |
|
Details | sha256 | 2 | ed8c04a3e2d95d5ad8e2327a56d221715f06ed84eb9dc44ff86acff4076629d7 |
|
Details | sha256 | 2 | f55b41ca475f411af10eaf082754c6e8b7a648da4fa72c23cbfea9fa13a91d88 |
|
Details | IPv4 | 3 | 168.100.8.21 |
|
Details | IPv4 | 5 | 46.161.27.151 |
|
Details | IPv4 | 3 | 168.100.8.242 |
|
Details | IPv4 | 3 | 168.100.8.36 |
|
Details | IPv4 | 3 | 206.166.251.146 |
|
Details | IPv4 | 5 | 46.161.40.164 |
|
Details | Url | 3 | http://168.100.8.21/file.js |
|
Details | Url | 3 | http://168.100.8.21/mshostss.rar |
|
Details | Url | 3 | http://168.100.8.21/png.php |
|
Details | Url | 3 | http://168.100.8.21/rat.js |
|
Details | Url | 3 | http://168.100.8.21/rat.php |
|
Details | Url | 3 | http://168.100.8.21/startpng.js |
|
Details | Url | 3 | http://168.100.8.21/win.hta |
|
Details | Url | 2 | http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32 |
|
Details | Url | 2 | http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/2208281.pdf |
|
Details | Url | 2 | http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/az.pdf |
|
Details | Url | 2 | http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout |
|
Details | Url | 3 | http://168.100.8.36 |
|
Details | Url | 2 | http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/file.php |
|
Details | Url | 2 | http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/login.php |
|
Details | Url | 2 | http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout |
|
Details | Url | 2 | http://206.166.251.146/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/az.pdf |
|
Details | Url | 2 | http://206.166.251.146/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout |
|
Details | Url | 3 | http://46.161.27.151:80/c1.exe |
|
Details | Url | 3 | http://46.161.40.164/main.exe |
|
Details | Url | 3 | http://46.161.40.164/main2.exe |
|
Details | Url | 3 | http://46.161.40.164/resoluton.exe |
|
Details | Url | 3 | http://46.161.40.164/wwser.exe |
|
Details | Url | 3 | http://tpp.tj/285/file.js |
|
Details | Url | 3 | http://tpp.tj/285/png.php |
|
Details | Url | 3 | http://tpp.tj/285/startpng.js |
|
Details | Url | 3 | http://tpp.tj/285/uap.txt |
|
Details | Url | 3 | http://tpp.tj/285/update.hta |
|
Details | Url | 3 | http://tpp.tj/bossmaster.txt |
|
Details | Url | 3 | http://tpp.tj/t/rat.js |
|
Details | Url | 3 | http://tpp.tj/t/rat.php |
|
Details | Url | 2 | https://auth.mail-ru.link/public_html/home/files/login.php?email=1 |
|
Details | Url | 3 | https://e.mail.az-link.email |
|
Details | Url | 2 | https://e.mail.az-link.email/public/security/files/azərbaycan_litva.jpg |
|
Details | Url | 2 | https://e.mail.az-link.email/public/security/files/login.php?email=1 |
|
Details | Url | 2 | https://mail.asco.az-link.email/5676763663a2f2f31302e3130302e3230302e32/75676763663a2f2f31302e3130302e3230302e32/login.php |
|
Details | Url | 3 | https://mail.asco.az-link.email/login.aspx |
|
Details | Url | 3 | https://redirect.az-link.email |
|
Details | Url | 2 | https://redirect.az-link.email/5676763663a2f2f31302e3130302e3230302e32/75676763663a2f2f31302e3130302e3230302e32/login.aspx |
|
Details | Url | 3 | https://tpp.tj/main.exe |
|
Details | Url | 3 | https://tpp.tj/rightupsbot.txt |
|
Details | Url | 3 | https://tpp.tj/t/file.js |
|
Details | Url | 3 | https://tpp.tj/t/png.php |
|
Details | Url | 3 | https://tpp.tj/t/rat.php |
|
Details | Url | 3 | https://tpp.tj/t/startpng.js |
|
Details | Url | 3 | https://tpp.tj/t/sys.hta |