ioc[.]one - OSINT Cyber Threat Intelligence Database

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware - Microsoft Security Blog

Tags

country:	Armenia United Arab Emirates Iran Israel Saudi Arabia Spain Lebanon Singapore Uzbekistan Yemen United Kingdom
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	5c8663c3-5b62-46ca-93e6-42537147d1f7
Fingerprint	8ca08b1aa4e6a687
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 15, 2021, 8:21 a.m.
Added to db	Sept. 11, 2022, 12:36 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
Title	Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware - Microsoft Security Blog
Detected Hints/Tags/Attributes	92/2/47

Source URLs

	Redirection	Url
Details	Source	https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	www.microsoft.com

Attributes

Details	Type	#Events	Value
Details	CVE	7	cve-2021-31979
Details	CVE	7	cve-2021-33771
Details	Domain	246	mail.ru
Details	Domain	1	noc-service-streamer.com
Details	Domain	1	fbcdnads.live
Details	Domain	1	hilocake.info
Details	Domain	1	backxercise.com
Details	Domain	1	winmslaf.xyz
Details	Domain	1	service-deamon.com
Details	Domain	1	online-affiliate-mon.com
Details	Domain	1	codeingasmylife.com
Details	Domain	1	kenoratravels.com
Details	Domain	1	weathercheck.digital
Details	Domain	1	colorpallatess.com
Details	Domain	1	library-update.com
Details	Domain	1	online-source-validate.com
Details	Domain	1	grayhornet.com
Details	Domain	1	johnshopkin.net
Details	Domain	1	eulenformacion.com
Details	Domain	1	pochtarossiy.info
Details	File	1	c:\windows\system32\config\ with a .dat
Details	File	3	physmem.sys
Details	File	1	wimbootconfigurations.ini
Details	File	1122	svchost.exe
Details	File	1	%appdata%\apple computer\safari\cookies\cookies.bin
Details	File	60	cookies.sql
Details	File	1	c:\windows\system32\drivers\physmem.sys
Details	File	3	c:\windows\system32\ime\imejp\imjpueact.dll
Details	File	3	c:\windows\system32\ime\imetc\imtcprot.dll
Details	File	3	c:\windows\system32\ime\shared\imecpmeid.dll
Details	File	1	c:\windows\system32\config\ and have a .dat
Details	File	1	c:\windows\system32\config\spp\servicestate\recovery\pac.dat
Details	File	1	c:\windows\system32\config\cy-gb\setup\skb\inputmethod\tuptask.dat
Details	File	1	c:\windows\system32\config\config\startwus.dat
Details	File	1	c:\windows\system32\ime\shared\wimbootconfigurations.ini
Details	File	1	c:\windows\system32\ime\imejp\wimbootconfigurations.ini
Details	File	1	c:\windows\system32\ime\imetc\wimbootconfigurations.ini
Details	File	2	%systemroot%\system32\wbem\wmiutils.dll
Details	File	2	%systemroot%\system32\wbem\wbemsvc.dll
Details	File	54	dbghelp.dll
Details	File	1	smnew.dll
Details	File	12	pe.dll
Details	md5	1	9a964e810949704ff7b4a393d9adda60
Details	md5	1	a0e2223868b6133c5712ba5ed20c3e8a
Details	sha1	1	17614fdee3b89272e99758983b99111cbb1b312c
Details	sha256	1	c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d
Details	Windows Registry Key	7	HKLM\SOFTWARE\Classes\CLSID