ioc[.]one - OSINT Cyber Threat Intelligence Database

Turkish espionage campaigns in the Netherlands

Tags

country:

Belgium Denmark Netherlands Turkey

attack-pattern:

Data Clear Command History - T1070.003 Clear Linux Or Mac System Logs - T1070.002 Cloud Accounts - T1078.004 Control Panel - T1218.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Exfiltration Over Web Service - T1567 Local Email Collection - T1114.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Unix Shell - T1059.004 Web Protocols - T1071.001 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Unix Shell - T1623.001 Brute Force - T1110 External Remote Services - T1133 Standard Non-Application Layer Protocol - T1095

Show in Graph

Common Information

Type	Value
UUID	4b3de4b9-09e3-4ba7-bded-b7ee2e25bbab
Fingerprint	25ac12dd82998481
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 5, 2024, 9:02 a.m.
Added to db	Oct. 1, 2024, 3:46 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Turkish espionage campaigns in the Netherlands
Title	Turkish espionage campaigns in the Netherlands
Detected Hints/Tags/Attributes	112/2/34

Source URLs

	Redirection	Url
Details	Source	https://www.huntandhackett.com/blog/turkish-espionage-campaigns

URL Provider

Details	Provider	Source level domain
Details	huntandhackett.com	www.huntandhackett.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		forward.boord.info
Details	Domain	2		lo0.systemctl.network
Details	Domain	24		dns.google
Details	Domain	1		snel.com
Details	Domain	107		talosintelligence.com
Details	Domain	369		microsoft.com
Details	Domain	7		pwc.com
Details	Domain	1		blog.strikeready.com
Details	Domain	4127		github.com
Details	File	2		sy.php
Details	File	1		lo0.sys
Details	File	2		ssl.php
Details	Github username	1		jacksp7
Details	IPv4	2		82.102.19.88
Details	IPv4	3		193.34.167.245
Details	IPv4	295		8.8.8.8
Details	IPv4	3		93.115.22.212
Details	IPv4	2		95.179.176.250
Details	IPv4	2		62.115.255.163
Details	MITRE ATT&CK Techniques	42		T1588.001
Details	MITRE ATT&CK Techniques	191		T1133
Details	MITRE ATT&CK Techniques	34		T1078.004
Details	MITRE ATT&CK Techniques	86		T1059.004
Details	MITRE ATT&CK Techniques	104		T1505.003
Details	MITRE ATT&CK Techniques	21		T1070.003
Details	MITRE ATT&CK Techniques	12		T1070.002
Details	MITRE ATT&CK Techniques	34		T1114.001
Details	MITRE ATT&CK Techniques	442		T1071.001
Details	MITRE ATT&CK Techniques	159		T1095
Details	MITRE ATT&CK Techniques	126		T1567
Details	Url	1		http://193.34.167.245/c00n/connn.c
Details	Url	1		http://193.34.167.245/c00n/socat
Details	Url	1		https://dns.google/ssl.php
Details	Url	1		https://github.com/jacksp7/webtest