The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks
Tags
| cmtmf-attack-pattern: | Process Injection |
| country: | North Korea Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Credentials - T1589.001 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | 22b0df69-5dba-4b2f-ab69-1dadd051755a |
| Fingerprint | 4cc4099b8d25f7c2 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 23, 2020, 2 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 4, 2024, 10:59 p.m. |
| Headline | The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks |
| Title | The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks |
| Detected Hints/Tags/Attributes | 74/4/42 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 246 | mail.ru |
|
| Details | Domain | 5 | handicap.eu5.org |
|
| Details | Domain | 119 | yandex.ru |
|
| Details | Domain | 4 | panda2019.eu5.org |
|
| Details | Domain | 1 | downplease.c1.biz |
|
| Details | Domain | 1 | lookplease.c1.biz |
|
| Details | Domain | 1 | downyes.c1.biz |
|
| Details | 1 | 0tdelkorei@mail.ru |
||
| Details | 1 | kargarnova@mail.ru |
||
| Details | 1 | rusrnirasaf@yandex.ru |
||
| Details | 1 | pryakhin20l0@mail.ru |
||
| Details | File | 2 | dprk.doc |
|
| Details | File | 1 | материалы.doc |
|
| Details | File | 2 | materials.doc |
|
| Details | File | 1 | alive.bat |
|
| Details | File | 3 | bpu.dll |
|
| Details | File | 1 | mama.bat |
|
| Details | File | 1 | syssec.bin |
|
| Details | File | 1 | syssec.dll |
|
| Details | sha256 | 2 | 4c201f9949804e90f94fe91882cb8aad3e7daf496a7f4e792b9c7fed95ab0726 |
|
| Details | sha256 | 1 | 63c3817a5e9984aaf59e8a61ddd54793ffed11ac5becef438528447f6b2823af |
|
| Details | sha256 | 1 | 9dfe3afccada40a05b8b34901cb6a63686d209e2b92630596646dba8ee619225 |
|
| Details | sha256 | 2 | ed63e84985e1af9c4764e6b6ca513ec1c16840fb2534b86f95e31801468be67a |
|
| Details | sha256 | 1 | a4f858c6b54683d3b7455c9adcf2bb6b7ddc1f4d35d0f8f38a0f131c60d1790f |
|
| Details | sha256 | 1 | c1a9b923fc1f81d69bd0494d296c75887e4a0f9abfc1cdfbfa9c0f4ab6c95db7 |
|
| Details | sha256 | 1 | 42e874d96cb9046cd4113d04c1c5463b1d43a4e828ca872de11c08cd314e650f |
|
| Details | sha256 | 1 | a761b47ab25dc2aa66b2f8ad4ab9636e40ebbcaf67f8a34f3524456c09f47d76 |
|
| Details | sha256 | 1 | c3ac29e4b0c5e1a991d703769b94c0790fbf81fd38cf6acdb240c5246c2517ca |
|
| Details | sha256 | 1 | ad63b8677c95792106f5af0b99af04e623146c6206125c93cf1ec9fbfeafaac9 |
|
| Details | sha256 | 1 | bdd90ed7e40c8324894efe9600f2b26fd18b22dcbf3c72548fee647a81d3c099 |
|
| Details | sha256 | 1 | f3d3fa4c76adfabd239accb453512af33ae8667bf261758f402fff22d9df1f67 |
|
| Details | sha256 | 1 | 4b8790e9cb2f58293c28e695bec0a35e2ebd2da8e151c7e8c4513a1508c8bc94 |
|
| Details | sha256 | 1 | 56924402a17393e542f6bf5b02cd030cc3af73bc2e1c894a133cebb2ca9405ee |
|
| Details | sha256 | 2 | ceb8093507911939a17c6c7b39475f5d4db70a9ed3b85ef34ff5e6372b20a73e |
|
| Details | sha256 | 2 | 52ba17b90244a46e0ef2a653452b26bcb94f0a03b999c343301fef4e3c1ec5d2 |
|
| Details | sha256 | 1 | 4958fe8c106200da988c22957821513efd05803460e8e5fcfedb5cbca8d87a5b |
|
| Details | sha256 | 2 | 7d2b1af486610a45f78a573af9a9ad00414680ff8e958cfb5437a1b140acb60c |
|
| Details | sha256 | 1 | 6fa895d0472e87dea3c5c5bd6774488d2d7fe409ff9ae83870be3740fdfd40e8 |
|
| Details | sha256 | 1 | 989c042ab9a07b11026bce78dc091f25fa51cb5e310c668904afc7939b197624 |
|
| Details | IPv4 | 2 | 185.176.43.94 |
|
| Details | IPv4 | 2 | 69.197.143.12 |
|
| Details | IPv4 | 2 | 162.253.155.226 |