ioc[.]one - OSINT Cyber Threat Intelligence Database

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

Tags

country:	Georgia Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Visual Basic - T1059.005 Web Service - T1481 Powershell - T1086 Remote Desktop Protocol - T1076 Web Service - T1102

Show in Graph

Common Information

Type	Value
UUID	64a80c87-c909-4548-9296-abd224c406d0
Fingerprint	849eaf530f11efe1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 26, 2024, 9:36 a.m.
Added to db	Oct. 26, 2024, 7:13 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities
Title	CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities
Detected Hints/Tags/Attributes	46/3/22

Source URLs

	Redirection	Url
Details	Source	https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html

URL Provider

Details	Provider	Source level domain
Details	thehackernews.com	thehackernews.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	118	✔	The Hacker News	https://feeds.feedburner.com/TheHackersNews	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	13	UAC-0215
Details	CERT Ukraine	7	UAC-0218
Details	CERT Ukraine	6	UAC-0001
Details	Domain	6	ca-west-1.mfa-gov.cloud
Details	Domain	4	central-2-aws.ua-aws.army
Details	Domain	6	us-east-2-aws.ua-gov.cloud
Details	Domain	5	aws-ukraine.cloud
Details	Domain	4	aws-data.cloud
Details	Domain	4	aws-s3.cloud
Details	Domain	4	aws-il.cloud
Details	Domain	4	aws-join.cloud
Details	Domain	5	aws-meet.cloud
Details	Domain	4	aws-meetings.cloud
Details	Domain	4	aws-online.cloud
Details	Domain	4	aws-secure.cloud
Details	Domain	5	s3-aws.cloud
Details	Domain	5	s3-fbi.cloud
Details	Domain	5	s3-nsa.cloud
Details	Domain	5	s3-proofpoint.cloud
Details	File	6	browser.ps1
Details	Threat Actor Identifier - APT	665	APT29
Details	Threat Actor Identifier - APT	783	APT28