ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Masquerading
country:	Pakistan Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Data From Local System - T1533 Double File Extension - T1036.007 Exfiltration Over C2 Channel - T1646 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 Local Groups - T1069.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Space After Filename - T1036.006 Spearphishing Attachment - T1566.001 Timestomp - T1070.006 Web Protocols - T1071.001 Web Protocols - T1437.001 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Data From Local System - T1005 Exfiltration Over Command And Control Channel - T1041 Exploitation For Client Execution - T1203 Masquerading - T1036 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Space After Filename - T1151 Timestomp - T1099 User Execution - T1204 Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	25b15862-4cdb-463f-b0d3-fb2e304c7bba
Fingerprint	80060d03a11ad802
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 10, 2023, midnight
Added to db	Oct. 23, 2023, 1:28 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers
Title	Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers
Detected Hints/Tags/Attributes	120/4/31

Source URLs

	Redirection	Url
Details	Source	https://cyble.com/2023/10/10/threat-actor-deploys-mythics-athena-agent-to-target-russian-semiconductor-suppliers/
Details	Source	https://cyble.com/blog/threat-actor-deploys-mythics-athena-agent-to-target-russian-semiconductor-suppliers/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	98	✔	Cyble	https://cyble.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	12	UAC-0063
Details	CVE	133	cve-2023-38831
Details	Domain	103	www.mcafee.com
Details	File	2	resultati_sovehchaniya_11_09_2023.rar
Details	File	2	resultati_sovehchaniya_11_09_2023.pdf
Details	File	1	aimp2.exe
Details	File	2125	cmd.exe
Details	sha256	1	0fead8db0ee27f906d054430628bd8fd3b09ca75ff6067720a5b179f6a674c12
Details	sha256	1	5261425cf389ed3a77ec5f03f73daf711e80d4918be3f0fba0152b424af7b684
Details	sha256	1	07f8af85b8bbfb432d98b398b4393761c37596ee2cf3931564784bd3e8c2b1cc
Details	sha256	1	86079a2d12b28a340281453efa0a7fd31c65ead11bab98edd94fe19aaff436eb
Details	sha256	1	17269514f520cda20ecc78bdb0b3341a97bb03e155640704a87efff832555b14
Details	sha256	1	79c78466d61b05466289f91122d2b7dbd56e895c15fe80d385885f9eddf31ca5
Details	IPv4	3	45.142.212.34
Details	IPv4	3	162.159.137.232
Details	IPv4	15	162.159.129.233
Details	IPv4	1	162.159.122.233
Details	IPv4	2	162.159.128.233
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	3	T1036.006
Details	MITRE ATT&CK Techniques	19	T1036.007
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	17	T1437.001
Details	MITRE ATT&CK Techniques	422	T1041
Details	Url	1	http://45.142.212.34:80/resultati_soveschaniya30_08_2023.pdf
Details	Url	1	http://45.142.212.34:80/aimp2.exe
Details	Url	2	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/exploring-winrar-vulnerability-cve-2023-38831