ioc[.]one - OSINT Cyber Threat Intelligence Database

APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere

Tags

cmtmf-attack-pattern:	Application Layer Protocol Automated Exfiltration Boot Or Logon Autostart Execution Command And Scripting Interpreter Develop Capabilities Masquerading Obfuscated Files Or Information
country:	Belarus Canada Germany Finland France Norway Mongolia Russia United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Command And Scripting Interpreter - T1623 Commonly Used Port - T1436 Data From Local System - T1533 Data Hiding - T1320 Develop Capabilities - T1587 Dll Search Order Hijacking - T1574.001 Encrypted Channel - T1521 Exfiltration Over C2 Channel - T1646 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Native Api - T1575 Phishing - T1660 Phishing - T1566 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Standard Application Layer Protocol - T1071 Automated Exfiltration - T1020 Code Signing - T1116 Command-Line Interface - T1059 Commonly Used Port - T1043 Data From Local System - T1005 Data Obfuscation - T1001 Deobfuscate/Decode Files Or Information - T1140 Dll Search Order Hijacking - T1038 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Registry Run Keys / Start Folder - T1060 Standard Cryptographic Protocol - T1032 System Information Discovery - T1082 User Execution - T1204 Commonly Used Port Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	4070a667-7aac-4487-88c6-ad8dc434487b
Fingerprint	b5741d99a9be23d3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 17, 2024, midnight
Added to db	Oct. 17, 2024, 11:29 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Get in touch
Title	APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
Detected Hints/Tags/Attributes	129/4/75

Source URLs

	Redirection	Url
Details	Source	https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/apt31-new-attacks

URL Provider

Details	Provider	Source level domain
Details	ptsecurity.com	global.ptsecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	inst.rsnet-devel.com
Details	Domain	2	gitcloudcache.com
Details	Domain	2	edgecloudc.com
Details	Domain	2	api.hostupoeui.com
Details	Domain	2	api.flushcdn.com
Details	Domain	2	const.be-government.com
Details	Domain	2	drmtake.tk
Details	Domain	4127	github.com
Details	File	2	информация_рб_июнь_2021_года_2021062826109.exe
Details	File	42	msvcr100.dll
Details	File	2	c:\\programdata\\apacha\\ssvagent.dll
Details	File	2	ssvagent.exe
Details	File	4	jconsole.exe
Details	File	6	news.exe
Details	File	2	president_email.exe
Details	Github username	4	ptresearch
Details	md5	2	3f5ea95a5076b473cf8218170e820784
Details	md5	2	db1673a1e8316287cb940725bb6caa68
Details	md5	2	2798b66475cf0794e9b868d656defca7
Details	md5	2	626270d5bf16eb2c4dda2d9f6e0c4ef9
Details	md5	2	56450799fe4e44d7c5aff84d173760e8
Details	md5	2	d919fed03ec53654be59e15525c1448f
Details	md5	2	d22670ab9b13de79e442100f56985032
Details	md5	2	8e744f7b07484afcf87c454c6292e944
Details	md5	2	49bca397674f67e4c069068b596cab3e
Details	md5	2	8cefaa146178f5c3a297a7895cd3d1fc
Details	md5	2	326024bc9222ebec281ec53ca5598cc1
Details	md5	2	6f3047277719e2351ce14a54a39f7b15
Details	sha1	2	765bd2fd32318a4cb9e4658194fe0fb5d94568e0
Details	sha1	2	6a358afdd2c59f0bbfc7b1982ae6b0a782399923
Details	sha1	2	0c3e0a5553cc29049fd8c5fc3a1af3ae6c0c298e
Details	sha1	2	f585917fdb89b9dc849621676376b0b1e6b348fa
Details	sha1	2	10037b4533df13983a75d74dcea32dc73665700c
Details	sha1	2	9db9fe7b04bc5b2fc10f78da3891eb30c19a48b6
Details	sha1	2	6e7540fa001fc992d2050b97ea17686d34863740
Details	sha1	2	da845d8219d3315c02f84c27094965d02cdaa76c
Details	sha1	2	d13d6d683855f5a547b96b6e2365c6f49a899d62
Details	sha1	2	81779c94dbe2887ff1ff0fd4c15ee0c373bd0b40
Details	sha1	2	5c25b93ebcedafcff0c85bcde2a0857ca72dc73e
Details	sha1	2	7de335e005b0766268df918e7e3b64f4b3521c1e
Details	sha256	2	33f136069d7c3a030b2e0738a5ee80d442dee1a202f6937121fa4e92a775fead
Details	sha256	2	2affdebbaa4f0cfa64e5c42e70d78665ef9ccb2c731c5fe07582ccdfdc05b0cc
Details	sha256	2	002dc9f6823ad8d3de23bcb5e41bcefd895df573ed3d89e0821243aa9b7bb4a8
Details	sha256	2	2b495829b8b3319f98e22f35d7bd48c4dea1b9bafe80749d628da99fede6d694
Details	sha256	2	679955ff2a97ea11a181ae60c775eff78fadd767bc641ca0d1cff86a26df8ac8
Details	sha256	2	efdbb19fb65bcf5c4a8feb3eab784682d01f3e75f711674e4d469d4dfe4a21f3
Details	sha256	2	78cc364e761701455bdc4bce100c2836566e662b87b5c28251c178eba2e9ce7e
Details	sha256	2	5d0872d07c6837dbc3bfa85fd8f79da3d83d7bb7504a6de7305833090b214f2c
Details	sha256	2	874b946b674715c580e7b379e9597e48c85c04cca3a2790d943f56600b575d2f
Details	sha256	2	c15a475f8324fdfcd959ffc40bcbee655cbdc5ab9cbda0caf59d63700989766f
Details	sha256	2	0229404a146bb43ebc6d25d2145b493e950b2f92483be1b964f4f1c90ec6cf70
Details	sha256	2	640128a35efc0ad83fe5b1461090f1b869c7a6ed0a8a661be403359d48a78085
Details	IPv4	2	20.11.11.67
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	16	T1587.002
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	164	T1574
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	75	T1001
Details	MITRE ATT&CK Techniques	6	T1521
Details	MITRE ATT&CK Techniques	60	T1043
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	422	T1041
Details	Threat Actor Identifier - APT	166	APT31
Details	Url	2	https://github.com/ptresearch/attackdetection/tree/master/apt31