ioc[.]one - OSINT Cyber Threat Intelligence Database

Suspected DarkHotel APT Activity Update

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter
country:	China Micronesia Macao
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Control Panel - T1218.002 Credentials - T1589.001 File Deletion - T1070.004 File Deletion - T1630.002 Malicious File - T1204.002 Native Api - T1575 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Syncappvpublishingserver - T1216.002 Visual Basic - T1059.005 Windows Service - T1543.003 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Execution Through Api - T1106 File Deletion - T1107 Powershell - T1086 Query Registry - T1012 Scheduled Task - T1053 Scripting - T1064 Spearphishing Attachment - T1193 Scripting Spearphishing Attachment Standard Application Layer Protocol

Show in Graph

Common Information

Type	Value
UUID	5d587e60-f8f8-41ff-b6c9-6d3fa4f1ad7a
Fingerprint	ec958d1d8f3f8f89
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 17, 2022, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Suspected DarkHotel APT activity update
Title	Suspected DarkHotel APT Activity Update
Detected Hints/Tags/Attributes	109/4/36

Source URLs

	Redirection	Url
Details	Source	https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/suspected-darkhotel-apt-activity-update.html

URL Provider

Details	Provider	Source level domain
Details	trellix.com	www.trellix.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	behaveslike.ole2.downloader.cg
Details	Domain	1	fsm-gov.com
Details	Domain	1	fsmgov.org
Details	Domain	1	hosterbox.com
Details	Domain	3	gov.com
Details	Domain	3	collab.land
Details	Domain	4128	github.com
Details	File	1	信息.xls
Details	File	1	information.xls
Details	File	249	schtasks.exe
Details	File	13	syncappvpublishingserver.vbs
Details	File	376	wscript.exe
Details	File	1	prcjobs.vbs
Details	File	1	c:\users\user\appdata\roaming\microsoft\windows\prcjobs.vbs
Details	File	256	net.exe
Details	Github username	27	sigmahq
Details	sha1	1	6f5271275e9ac22be9ded8b9252bce064e524153
Details	sha1	1	eb382c4a59b6d87e186ee269805fe2db2acf250e
Details	sha1	1	69be18d343db717b6fcac9e0b52aea9a8908701d
Details	sha256	2	a251ac8cec78ac4f39fc5536996bed66c3436f8c16d377922187ea61722c71f8
Details	sha256	2	163c386598e1826b0d81a93d2ca0dc615265473b66d4521c359991828b725c14
Details	IPv4	2	23.111.184.119
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	80	T1064
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	Url	1	https://fsm-gov.com
Details	Url	1	https://github.com/sigmahq/sigma/blob/6f5271275e9ac22be9ded8b9252bce064e524153/rules/wi
Details	Url	1	https://github.com/sigmahq/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/wi
Details	Url	1	https://github.com/sigmahq/sigma/blob/69be18d343db717b6fcac9e0b52aea9a8908701d/rules/wi