ioc[.]one - OSINT Cyber Threat Intelligence Database

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Tags

country:	Azerbaijan Bulgaria Kazakhstan Kyrgyzstan Tajikistan Uzbekistan Russia Togo
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Trap - T1546.005 Vulnerabilities - T1588.006 Upload Malware - T1608.001 Powershell - T1086 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	40b97adf-a514-43ed-91a0-9ae11f903c99
Fingerprint	a7c930bb9073d629
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 25, 2023, 8:10 a.m.
Added to db	Oct. 25, 2023, 2:19 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Cisco Talos Intelligence Blog
Title	Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Detected Hints/Tags/Attributes	100/3/108

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/attributing-yorotrooper/
Details	Source	https://blog.talosintelligence.com/attributing-yorotrooper/?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	68	✔	Cisco Talos Blog	https://blog.talosintelligence.com/rss/	2024-08-30 22:08
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	alfachange.com
Details	Domain	5	mail.kz
Details	Domain	3	mail.asco.az-link.email
Details	Domain	1	mail.antikor.gov.kz.openingfile.net
Details	Domain	1	antikor.gov.kz
Details	Domain	3	mail.economy.qov.az-link.email
Details	Domain	3	mail.gov.az-link.email
Details	Domain	3	mail.mfa.az-link.email
Details	Domain	3	tpp.tj
Details	Domain	1	akn.tj
Details	Domain	1	kyrgyzkomur.gov.kg
Details	Domain	83	tuta.io
Details	Domain	1	darkstore.su
Details	Domain	246	mail.ru
Details	Domain	74	proton.me
Details	Domain	3	netx.hosting
Details	Domain	3	mail.az-link.email
Details	Domain	2	auth.mail-ru.link
Details	Domain	1	mail.ady.az.logiin.email
Details	Domain	1	remote.mfa.gov.az
Details	Domain	1	ru.auth.logiin.email
Details	Domain	1	mail.socar.az.logiin.email
Details	Domain	1	roundtomail.ru
Details	Domain	1	mail.mincom.gov-az.site
Details	Domain	904	snort.org
Details	Domain	3	redirect.az-link.email
Details	Email	1	anadozz@tuta.io
Details	Email	2	n.ayyubov@mail.ru
Details	Email	2	danyjackson120293@proton.me
Details	File	1	sample_mailru_trap.html
Details	File	2125	cmd.exe
Details	sha1	2	75676763663a2f2f31302e3130302e3230302e32
Details	sha256	2	8131bd594aff4f4e233ac802799df3422f423dc28e96646a09a2656563c4ad7c
Details	sha256	2	a3b1c3faa287f6ba2f307af954bb2503b787ae2cd59ec65e0bdd7a0595ea8c7e
Details	sha256	2	ed8c04a3e2d95d5ad8e2327a56d221715f06ed84eb9dc44ff86acff4076629d7
Details	sha256	2	9b81c5811ef3742cd4f45b6c3ba1ace70a0ce661acc42d974beaeddf307dd53d
Details	sha256	2	b6a5d6696cbb1690f75b0d9a42df8cefd444cfd3749be474535948a70ff2efd2
Details	sha256	2	f55b41ca475f411af10eaf082754c6e8b7a648da4fa72c23cbfea9fa13a91d88
Details	sha256	2	e0c7479e36b20cd7c3ca85966968b258b1148eb645a544230062ec5dff563258
Details	sha256	2	ab6a8718dffbe48fd8b3a74f4bcb241cde281acf9e378b0c2370a040e4d827da
Details	sha256	2	a5d8924f7f285f907e7e394635f31564a371dd58fad8fc621bacd5a55ca5929b
Details	sha256	2	e95e64e7ba4ef18df0282df15fc97cc76ba57ea250a0df51469337f561cc67d3
Details	sha256	2	832d58d9e067730a5705c8c307fd51c044d9697911043be9564593e05216e82a
Details	sha256	2	da75326cfebcca12c01e4a51ef77547465e03316c5f6fbce901ddcfe6425b753
Details	sha256	2	1e350b316cbc42917f10f6f12fa2a0b8ed2fa6b0159c36141bce18edb6ea7aa0
Details	sha256	2	57d0336c0dbaf455229d2689bf82f9678eb519e017d40ba60a6d6b90f87321f8
Details	sha256	2	30a969fa0492479b1c6ef6d23f8fcccf3d7af35b235d74cab2c0c2fc8c212ad4
Details	sha256	2	5a6b089b1d2dd66948f24ed2d9464ce61942c19e98922dd77d36427f6cded634
Details	sha256	2	a25db1457cf6b52be481929755dd9699ed8d009aa30295b2bf54710cb07a2f22
Details	sha256	2	56fc680799999e38ce84c80e27788839f35ee817816de15b90aa39332fcc5aee
Details	sha256	2	37c369f9a9cac898af2668b1287dea34c753119071a1c447b0bfecd171709340
Details	sha256	2	93829ee93688a31f90572316ecb21702eab04886c8899c0a59deda3b2f96c4be
Details	sha256	2	0a9908d8c4de050149883ca17625bbe97830ba61c3fe6b0ef704c65361027add
Details	sha256	2	1828e2df0ad76ea503af7206447e40482669bb25624a60b0f77743cd70f819f6
Details	sha256	2	941be28004afc2c7c8248a86b5857a35ab303beb33c704640852741b925558a1
Details	sha256	2	8921c20539fc019a9127285ca43b35610f8ecb0151872cdd50acdaa12c23722d
Details	sha256	2	b4eac90e866f5ad8af37b43f5e9459e59ee1e7e2cbb284703c0ef7b1a13ee723
Details	IPv4	3	168.100.8.242
Details	IPv4	3	206.166.251.146
Details	IPv4	3	168.100.8.21
Details	IPv4	5	46.161.27.151
Details	IPv4	5	46.161.40.164
Details	IPv4	3	168.100.8.36
Details	Url	2	https://e.mail.az-link.email/public/security/files/login.php?email=1
Details	Url	2	http://206.166.251.146/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/az.pdf
Details	Url	3	https://mail.asco.az-link.email/login.aspx
Details	Url	2	https://auth.mail-ru.link/public_html/home/files/login.php?email=1
Details	Url	3	http://46.161.27.151:80/c1.exe
Details	Url	3	http://46.161.40.164/wwser.exe
Details	Url	3	http://tpp.tj/t/rat.php
Details	Url	3	https://tpp.tj/t/rat.php
Details	Url	3	http://46.161.40.164/resoluton.exe
Details	Url	3	http://tpp.tj/285/file.js
Details	Url	3	http://tpp.tj/285/png.php
Details	Url	3	http://tpp.tj/285/startpng.js
Details	Url	3	http://tpp.tj/285/uap.txt
Details	Url	3	http://tpp.tj/285/update.hta
Details	Url	3	http://168.100.8.21/file.js
Details	Url	3	http://168.100.8.21/mshostss.rar
Details	Url	3	http://168.100.8.21/png.php
Details	Url	3	http://168.100.8.21/rat.js
Details	Url	3	http://168.100.8.21/rat.php
Details	Url	3	http://168.100.8.21/startpng.js
Details	Url	3	http://168.100.8.21/win.hta
Details	Url	3	http://46.161.40.164/main2.exe
Details	Url	3	http://46.161.40.164/main.exe
Details	Url	3	http://tpp.tj/bossmaster.txt
Details	Url	3	http://tpp.tj/t/rat.js
Details	Url	3	https://tpp.tj/main.exe
Details	Url	3	https://tpp.tj/t/file.js
Details	Url	3	https://tpp.tj/t/png.php
Details	Url	3	https://tpp.tj/t/startpng.js
Details	Url	3	https://tpp.tj/t/sys.hta
Details	Url	3	https://tpp.tj/rightupsbot.txt
Details	Url	2	http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32
Details	Url	2	http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/2208281.pdf
Details	Url	2	http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/az.pdf
Details	Url	2	http://168.100.8.242/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout
Details	Url	3	http://168.100.8.36
Details	Url	2	http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/file.php
Details	Url	2	http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/index_files/login.php
Details	Url	2	http://168.100.8.36/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout
Details	Url	2	http://206.166.251.146/0075676763663a2f2f31302e3130302e3230302e32/0075676763663a2f2f31302e3130302e3230302e32/logout
Details	Url	3	https://e.mail.az-link.email
Details	Url	2	https://e.mail.az-link.email/public/security/files/azərbaycan_litva.jpg
Details	Url	2	https://mail.asco.az-link.email/5676763663a2f2f31302e3130302e3230302e32/75676763663a2f2f31302e3130302e3230302e32/login.php
Details	Url	3	https://redirect.az-link.email
Details	Url	2	https://redirect.az-link.email/5676763663a2f2f31302e3130302e3230302e32/75676763663a2f2f31302e3130302e3230302e32/login.aspx