ioc[.]one - OSINT Cyber Threat Intelligence Database

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine's Ministry Of Defence - Cyble

Tags

cmtmf-attack-pattern:	Application Layer Protocol
country:	Belarus Belgium Latvia Lithuania Poland Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 Phishing - T1660 Phishing - T1566 Registry Run Keys / Startup Folder - T1547.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Connection Proxy - T1090 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exploitation For Client Execution - T1203 Remote File Copy - T1105 Kerberoasting - T1208 Obfuscated Files Or Information - T1027 Process Discovery - T1057 Regsvr32 - T1117 Rundll32 - T1085 Scripting - T1064 Security Software Discovery - T1063 Scripting

Show in Graph

Common Information

Type	Value
UUID	22e28e8d-ff84-40d4-8d4c-519e46a426a9
Fingerprint	a44509b9b5bfa360
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 4, 2024, 8:29 a.m.
Added to db	Sept. 16, 2024, 11 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence
Title	UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine's Ministry Of Defence - Cyble
Detected Hints/Tags/Attributes	93/4/43

Source URLs

	Redirection	Url
Details	Source	https://cyble.com/blog/unc1151-strikes-again-unveiling-their-tactics-against-ukraines-ministry-of-defence/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com

Attributes

Details	Type	#Events	Value
Details	Domain	339	system.net
Details	Domain	1	goudieelectric.shop
Details	Domain	1	thevegan8.shop
Details	Domain	1	onyangdol.site
Details	Domain	261	blog.talosintelligence.com
Details	Domain	83	cert.gov.ua
Details	File	1	f072d76c85a40hjf9a3c0ab.dll
Details	File	1018	rundll32.exe
Details	File	185	shell32.dll
Details	File	1	ac83faafb23919ae9.dll
Details	File	459	regsvr32.exe
Details	File	1	chunk.svg
Details	File	1	micro-grants.svg
Details	File	1	runtimebinder.bin
Details	sha256	1	815c1571356cf328a18e0b1f3779d52e5ba11e5e4aac2d216b79bb387963c2be
Details	sha256	1	6f4642a203541426d504608eed7927718207f29be2922a4c9aa7e022f22e0deb
Details	sha256	1	88c97af92688d03601e4687b290d4d7f9f29492612e29f714f26a9278c6eda5b
Details	sha256	1	9649d58a220ed2b4474a37d6eac5f055e696769f87baf58b1d3d0b5da69cbce5
Details	sha256	1	af8104e567c6d614547acb36322ad2ed6469537cd1d78ae1be65fbde1d578abc
Details	sha256	1	de1bceb00c23e468f4f49a79ec69ec8ad3ed622a3ffc08f84c0481ad0f6f592b
Details	sha256	1	d90f6e12a917ba42f7604362fafc4e74ed3ce3ffca41ed5d3456de28b2d144bf
Details	sha256	1	83545b07d74087acd8408d7810cafdb6c2200a72ae7dd990af40b082ad533368
Details	sha256	1	9ac5fa37f5cf3d0201f0e70a3e6527e58250ddcff77370262b8cb377e8c5995f
Details	sha256	1	08fa6aaf064470dbfac7894469457b2d78541adccba3f1bb278dd4c3f936131a
Details	Mandiant Uncategorized Groups	65	UNC1151
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	44	T1218.010
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	1	T1208.011
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	492	T1105
Details	Url	1	https://goudieelectric.shop/cms/svg/6364.2809640e.chunk.svg
Details	Url	1	https://thevegan8.shop/first-gen-network/micro-grants.svg
Details	Url	1	https://onyangdol.site/thumb_d_f3d14f4982a256b5cdae9bd579429ae7.jpg
Details	Url	1	https://cloud.google.com/blog/topics/threat-intelligence/espionage-group-unc1151-likely-conducts-ghostwriter-influence-activity
Details	Url	2	https://blog.talosintelligence.com/malicious-campaigns-target-entities-in-ukraine-poland
Details	Url	1	https://cert.gov.ua/article/861292