ioc[.]one - OSINT Cyber Threat Intelligence Database

Highlighting TA866/Asylum Ambuscade Activity Since 2021

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Application Layer Protocol Command And Scripting Interpreter Compromise Accounts Stage Capabilities Traffic Distribution
country:	Austria Canada Netherlands Germany Italy Russia United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Direct Acquire Infrastructure - T1583 Software Discovery - T1418 Application Layer Protocol - T1437 Botnet - T1583.005 Botnet - T1584.005 Business Relationships - T1591.002 Command And Scripting Interpreter - T1623 Compromise Accounts - T1586 Credentials - T1589.001 Dll Side-Loading - T1574.002 Domain Groups - T1069.002 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Gather Victim Identity Information - T1589 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ingress Tool Transfer - T1544 Javascript - T1059.007 System Network Configuration Discovery - T1422 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 System Information Discovery - T1426 Msiexec - T1218.007 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Remote Access Software - T1663 Screen Capture - T1513 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Seo Poisoning - T1608.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Stage Capabilities - T1608 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Tool - T1588.002 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Dll Side-Loading - T1073 Remote File Copy - T1105 Permission Groups Discovery - T1069 Powershell - T1086 Process Discovery - T1057 Remote Access Tools - T1219 Remote System Discovery - T1018 Screen Capture - T1113 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Spearphishing Attachment - T1193 Spearphishing Link - T1192 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 System Service Discovery - T1007 System Time Discovery - T1124 Windows Management Instrumentation - T1047 Remote System Discovery Screen Capture Spearphishing Attachment

Show in Graph

Common Information

Type	Value
UUID	291f3f98-7411-498c-9c45-67cbfcdd9a0f
Fingerprint	a4be99b59d37af85
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 23, 2024, 6:02 a.m.
Added to db	Oct. 23, 2024, 12:21 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Cisco Talos Blog
Title	Highlighting TA866/Asylum Ambuscade Activity Since 2021
Detected Hints/Tags/Attributes	192/4/44

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/highlighting-ta866-asylum-ambuscade/

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	68	✔	Cisco Talos Blog	https://blog.talosintelligence.com/rss/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	perfectsystems-ltd.com
Details	Domain	32	temp.sh
Details	Domain	904	snort.org
Details	Domain	127	pua.win
Details	File	2	cd.msi
Details	File	82	taskkill.exe
Details	File	2125	cmd.exe
Details	File	5	c:\windows\system32\bitsadmin.exe
Details	File	226	certutil.exe
Details	File	1	c:\programdata\res.exe
Details	File	6	win.inf
Details	File	2	txt.inf
Details	File	2	malware.css
Details	IPv4	4	185.73.124.164
Details	IPv4	4	109.236.80.191
Details	MITRE ATT&CK Techniques	22	T1589.002
Details	MITRE ATT&CK Techniques	19	T1586.002
Details	MITRE ATT&CK Techniques	12	T1608.006
Details	MITRE ATT&CK Techniques	1	T2583.008
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	39	T1218.007
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	100	T1007
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	86	T1124
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	Url	2	https://perfectsystems-ltd.com/x-css/cd.msi
Details	Url	2	https://temp.sh/thunj/2.dll
Details	Url	2	https://temp.sh/esujb/resident.exe
Details	Url	4	https://temp.sh