Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 | Mandiant
Tags
cmtmf-attack-pattern: Application Layer Protocol Command And Scripting Interpreter Exploit Public-Facing Application Obfuscated Files Or Information
attack-pattern: Data Direct Application Layer Protocol - T1437 Code Signing - T1553.002 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 File Deletion - T1070.004 File Deletion - T1630.002 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Network Service Scanning - T1423 System Information Discovery - T1426 Powershell - T1059.001 Python - T1059.006 Remote Desktop Protocol - T1021.001 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Standard Encoding - T1132.001 Vnc - T1021.005 Timestomp - T1070.006 Tool - T1588.002 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Code Signing - T1116 Command-Line Interface - T1059 Connection Proxy - T1090 Exploit Public-Facing Application - T1190 External Remote Services - T1133 File Deletion - T1107 Remote File Copy - T1105 Network Service Scanning - T1046 Obfuscated Files Or Information - T1027 Powershell - T1086 Remote Desktop Protocol - T1076 Scripting - T1064 Security Software Discovery - T1063 System Information Discovery - T1082 Timestomp - T1099 Exploit Public-Facing Application External Remote Services Network Service Scanning Scripting
Show in Graph
Common Information
Type Value
UUID 4a7ed5fe-62cd-4eab-9fb5-e892b716fa88
Fingerprint 34790d134a3fb6a9
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 2, 2020, midnight
Added to db Nov. 19, 2023, 1:57 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
Title Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 | Mandiant
Detected Hints/Tags/Attributes 133/2/39
Source URLs
Redirection Url
Details Source https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html
Details Source https://www.mandiant.com/resources/blog/live-off-the-land-an-overview-of-unc1945
URL Provider
Details Provider Source level domain
Details fireeye.com www.fireeye.com
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 10 
cve-2020-14871
Details CVE 197 
cve-2019-0708
Details Domain 1 
auth.info
Details Domain 33 
start.sh
Details Domain 1 
libxbleach.so
Details Domain 1 
librpmio.so
Details Domain 1 
libyaml-0.so
Details Domain 73 
ransomware.win
Details File 1 
auth.inf
Details File 115 
auth.log
Details md5 1 
d5b9a1845152d8ad2b91af044ff16d0b
Details md5 2 
0845835e18a3ed4057498250d30a11b1
Details md5 5 
6983f7001de10f4d19fc2d794c3eb534
Details md5 1 
2eff2273d423a7ae6c68e3ddd96604bc
Details md5 1 
d505533ae75f89f98554765aaf2a330a
Details md5 1 
abaf1d04982449e0f7ee8a34577fe8af
Details IPv4 1 
1.239.171.32
Details IPv4 1441 
127.0.0.1
Details IPv4 1 
46.30.189.0
Details IPv4 1 
66.172.12.0
Details Mandiant Uncategorized Groups 18 
UNC1945
Details MITRE ATT&CK Techniques 191 
T1133
Details MITRE ATT&CK Techniques 542 
T1190
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 80 
T1064
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 59 
T1021.004
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 93 
T1070.006
Details MITRE ATT&CK Techniques 55 
T1553.002
Details MITRE ATT&CK Techniques 168 
T1046
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 141 
T1518.001
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 152 
T1090
Details MITRE ATT&CK Techniques 492 
T1105
Details MITRE ATT&CK Techniques 99 
T1132.001