Head Mare Group Intensifies Attacks on Russia with PhantomCore Backdoor
Tags
cmtmf-attack-pattern: Application Layer Protocol Command And Scripting Interpreter
country: Belarus Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Native Api - T1575 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Execution Through Api - T1106 Powershell - T1086 Scripting - T1064 System Information Discovery - T1082 Scripting
Show in Graph
Common Information
Type Value
UUID 19f18ff5-525e-43a8-9bb1-6d733720ee8c
Fingerprint 8c8c9fdb0f3186d3
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 10, 2024, 1:50 p.m.
Added to db Dec. 10, 2024, 3:29 p.m.
Last updated Dec. 26, 2024, 8:03 a.m.
Headline Head Mare Group Intensifies Attacks on Russia with PhantomCore Backdoor
Title Head Mare Group Intensifies Attacks on Russia with PhantomCore Backdoor
Detected Hints/Tags/Attributes 78/4/48
Source URLs
Redirection Url
Details Source https://malware.news/t/head-mare-group-intensifies-attacks-on-russia-with-phantomcore-backdoor/89204
URL Provider
Details Provider Source level domain
Details malware.news malware.news
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 161 
cve-2023-38831
Details Domain 13 
doc.zip
Details Domain 19 
filetransfer.io
Details Domain 4 
city-tuning.ru
Details Domain 65 
cyble.com
Details File 9 
doc.zip
Details File 2340 
cmd.exe
Details File 3 
услуг.pdf
Details File 5 
services.pdf
Details File 6 
счет-фактура.pdf
Details File 37 
invoice.pdf
Details File 3 
оплаты.pdf
Details File 7 
payment.pdf
Details File 12 
srvhost.exe
Details sha256 4 
6ac2d57d066ef791b906c3b4c6b5e5c54081d6657af459115eb6abb1a9d1085d
Details sha256 4 
0f578e437f5c09fb81059f4b5e6ee0b93cfc0cdf8b31a29abc8396b6137d10c3
Details sha256 4 
dd49fd0e614ac3f6f89bae7b7a6aa9cdab3b338d2a8d11a11a774ecc9d287d6f
Details sha256 4 
57848d222cfbf05309d7684123128f9a2bffd173f48aa3217590f79612f4c773
Details sha256 4 
4b62da75898d1f685b675e7cbaec24472eb7162474d2fd66f3678fb86322ef0a
Details sha256 4 
44b1f97e1bbdd56afeb1efd477aa4e0ecaa79645032e44c7783f997f377d749f
Details sha256 4 
2dccb526de9a17a07e39bdedc54fbd66288277f05fb45c7cba56f88df00e86a7
Details sha256 4 
1a2d1654d8ff10f200c47015d96d2fcb1d4d40ee027beb55bb46199c11b810cc
Details sha256 4 
8aad7f80f0120d1455320489ff1f807222c02c8703bd46250dd7c3868164ab70
Details sha256 4 
9df6afb2afbd903289f3b4794be4768214c223a3024a90f954ae6d2bb093bea3
Details IPv4 6 
45.10.247.152
Details IPv4 4 
185.80.91.84
Details IPv4 4 
45.87.245.53
Details MITRE ATT&CK Techniques 469 
T1566
Details MITRE ATT&CK Techniques 511 
T1059.001
Details MITRE ATT&CK Techniques 368 
T1059.003
Details MITRE ATT&CK Techniques 254 
T1106
Details MITRE ATT&CK Techniques 1062 
T1082
Details MITRE ATT&CK Techniques 480 
T1071.001
Details Url 4 
https://filetransfer.io/data-package/aivegg6u/download
Details Url 4 
https://city-tuning.ru/collection/srvhost.exe
Details Url 4 
http://45.10.247.152/init
Details Url 4 
http://45.10.247.152/check
Details Url 4 
http://45.10.247.152/connect
Details Url 4 
http://45.10.247.152/command
Details Url 4 
http://185.80.91.84/command
Details Url 4 
http://185.80.91.84/connect
Details Url 4 
http://185.80.91.84/check
Details Url 4 
http://185.80.91.84/init
Details Url 4 
http://45.87.245.53/init
Details Url 4 
http://45.87.245.53/check
Details Url 4 
http://45.87.245.53/connect
Details Url 4 
http://45.87.245.53/command
Details Url 2 
https://cyble.com/blog/head-mare-deploys-phantomcore-against-russia