ioc[.]one - OSINT Cyber Threat Intelligence Database

Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations

Tags

attack-pattern:

Data Indirect Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Installutil - T1218.004 Internal Proxy - T1090.001 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Ntds - T1003.003 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Credential Dumping - T1003 Installutil - T1118 Rundll32 - T1085 Scheduled Task - T1053 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	47fcd26d-6de0-4abf-b2ab-40bdf31e419b
Fingerprint	b570355935ffac03
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 8, 2024, midnight
Added to db	Nov. 8, 2024, 11:37 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations
Title	Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations
Detected Hints/Tags/Attributes	108/1/71

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	go4.cab
Details	Domain	228	system.io
Details	Domain	1	mail.ocac.org.pk
Details	Domain	285	microsoft.net
Details	Domain	1	api.anonfiles.com
Details	Domain	34	file.io
Details	File	1	c:\program files\qlogic corporation\nqagent\netqlremote.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	c:\users\public\music\go4.cab
Details	File	1	go4.cab
Details	File	1	c:\users\public\music\psexec.exe
Details	File	1	c:\programdata\microsoft\drm\g2.bat
Details	File	15	tomcat6.exe
Details	File	2125	cmd.exe
Details	File	1	c:\programdata\microsoft\drm\182.bat
Details	File	1	c:\users\public\music\rar.exe
Details	File	1	c:\users\public\music\pdf0412.rar
Details	File	269	msiexec.exe
Details	File	3	'msiexec.exe
Details	File	3	winstore.exe
Details	File	10	k7sysmon.exe
Details	File	1	hxtsk.exe
Details	File	1	msmsrng.exe
Details	File	104	sqlite3.dll
Details	File	11	k7sysmn1.dll
Details	File	4	d3d8.dll
Details	File	3	datastate.dll
Details	File	1	k7sysmn2.dll
Details	File	20	msimg32.dll
Details	File	5	datast.dll
Details	File	1	k7sysmn3.dll
Details	File	1	k7sysmon.dll
Details	File	1	c:\users\public\music\temp\wget.exe
Details	File	96	rar.exe
Details	File	1	322.rar
Details	File	1	his231.rar
Details	File	1	0311.rar
Details	File	24	msseces.exe
Details	File	1	vxtr.txt
Details	File	1	c:\programdata\unbcl.dll
Details	File	1	unbcl.docx
Details	File	1	c:\programdata\portscan.exe
Details	File	1	portscan.docx
Details	File	12	1.log
Details	File	1	c:\programdata\setupplatform.exe
Details	File	1	setupplatform.docx
Details	File	83	installutil.exe
Details	File	1	c:\programdata\vmware\vmvssrv.exe
Details	File	1	vmvssrv.exe
Details	File	1	intallutil.exe
Details	File	1	c:\programdata\vmware\vmtools.exe
Details	File	1	vmtool.exe
Details	File	8	vmtools.exe
Details	File	1	msvsct.obj
Details	File	1018	rundll32.exe
Details	File	48	c:\\windows\\system32\\cmd.exe
Details	File	11	vmtools.dll
Details	File	1	c:\windows\pla\performance.dll
Details	File	1	c:\windows\ime\out1.tmp
Details	File	1	c:\windows\ime\out3.tmp
Details	File	70	web.config
Details	File	1	svcchost.exe
Details	File	13	shfolder.dll
Details	File	1	svcchost.dll
Details	IPv4	2	96.44.160.181
Details	Url	1	http://172.16.xx.xx
Details	Url	1	http://96.44.160.181/vxtr.txt
Details	Url	1	http://mail.ocac.org.pk/unbcl.docx
Details	Url	1	http://mail.ocac.org.pk/portscan.docx
Details	Url	1	http://mail.ocac.org.pk/setupplatform.docx
Details	Url	1	https://api.anonfiles.com/upload