MuddyWater APT IOCs - SEC-1275-1
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 6e0d0aff-d9cb-43bd-b406-415ac87297c4 |
| Fingerprint | e33cd277e2db8088 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 3, 2023, midnight |
| Added to db | Nov. 3, 2023, 6:59 a.m. |
| Last updated | Nov. 8, 2024, 3:42 a.m. |
| Headline | MuddyWater APT IOCs |
| Title | MuddyWater APT IOCs - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 9/1/149 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/2799/muddywater-apt-iocs/?from=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | storyblok.com |
|
| Details | Domain | 3 | cdnpakage.com |
|
| Details | Domain | 2 | criticimfreedom.site |
|
| Details | Domain | 2 | edc1.6nc051221c.co |
|
| Details | Domain | 2 | europetourtravels.link |
|
| Details | Domain | 2 | europetourtravels.world |
|
| Details | Domain | 2 | fastanalizer.live |
|
| Details | Domain | 2 | fastanalytics.live |
|
| Details | Domain | 2 | ghostrider.serveirc.com |
|
| Details | Domain | 2 | instructables.live |
|
| Details | Domain | 2 | jbf1.nc1310022a.biz |
|
| Details | Domain | 2 | kwd1.6nc220721.co |
|
| Details | Domain | 2 | kwd2.6nc220721.co |
|
| Details | Domain | 2 | kwd3.6nc220721.co |
|
| Details | Domain | 2 | login.microsoftonilne.com.oauth2.online |
|
| Details | Domain | 2 | loginlive.formsmicrosoftoffice.com.oauth2.live |
|
| Details | Domain | 2 | mbcaction.hopto.org |
|
| Details | Domain | 2 | megamodel.studio |
|
| Details | Domain | 2 | mentalfloss.live |
|
| Details | Domain | 2 | metatransfer.online |
|
| Details | Domain | 2 | microsoftfice.ddns.net |
|
| Details | Domain | 2 | msofficesign.com |
|
| Details | Domain | 2 | myfridgefood.live |
|
| Details | Domain | 2 | nirsoft.app |
|
| Details | Domain | 2 | nirsoft.ink |
|
| Details | Domain | 2 | nno1.6nc060821.co |
|
| Details | Domain | 2 | nno3.6nc060821.co |
|
| Details | Domain | 2 | oauth2.live |
|
| Details | Domain | 2 | oauth2.online |
|
| Details | Domain | 2 | outlookmicrosoftonline.com |
|
| Details | Domain | 2 | prostatistics.live |
|
| Details | Domain | 2 | pru1.6nc110821hdb.co |
|
| Details | Domain | 2 | pru2.6nc110821hdb.co |
|
| Details | Domain | 2 | qjk1.6nc051221c.co |
|
| Details | Domain | 3 | qjk2.6nc051221c.co |
|
| Details | Domain | 2 | qjk3.6nc051221c.co |
|
| Details | Domain | 2 | tes2.6nc051221a.co |
|
| Details | Domain | 2 | transportorganizationil.shop |
|
| Details | Domain | 11 | form.zip |
|
| Details | Domain | 5 | questionnaire.zip |
|
| Details | Domain | 8 | attachments.zip |
|
| Details | Domain | 5 | defense-video.zip |
|
| Details | Domain | 9 | ws.onehub.com |
|
| Details | File | 10 | form.zip |
|
| Details | File | 5 | questionnaire.zip |
|
| Details | File | 8 | attachments.zip |
|
| Details | File | 5 | defense-video.zip |
|
| Details | md5 | 5 | 04afff1465a223a806774104b652a4f0 |
|
| Details | md5 | 3 | 065f0871b6025b8e61f35a188bca1d5c |
|
| Details | md5 | 5 | 146cc3a1a68be349e70b79f9115c496b |
|
| Details | md5 | 3 | 16923d827a440161217fb66a04e8b40a |
|
| Details | md5 | 5 | 1f0b9aed4b2c8d958a9b396852a62c9d |
|
| Details | md5 | 3 | 22971759adf816c6fb43104c0e1d89d6 |
|
| Details | md5 | 3 | 245c3ed373727c21ad9ee862b767e362 |
|
| Details | md5 | 3 | 2e09e53135376258a03b7d793706b70f |
|
| Details | md5 | 3 | 34212eb9e2af84eceb6a8234d28751b6 |
|
| Details | md5 | 3 | 37c3f5b3c814e2c014abc1210e8e69a2 |
|
| Details | md5 | 3 | 39eea24572c14910b67242a16e24b768 |
|
| Details | md5 | 3 | 3c6486dfb691fc6642f1d35bdf247b90 |
|
| Details | md5 | 3 | 4a70b1e4cb57c99502d89cdbbed48343 |
|
| Details | md5 | 3 | 55b99af81610eb65aabea796130a0462 |
|
| Details | md5 | 3 | 57641ce5af4482038c9ea27afcc087ee |
|
| Details | md5 | 3 | 5e0cc23a6406930a40696594021edb5f |
|
| Details | md5 | 3 | 6167f03c8b2734c20eb02d406d3ba651 |
|
| Details | md5 | 3 | 7568062ad4b22963f3930205d1a14df7 |
|
| Details | md5 | 3 | 79a638b2f2cc82bfe137f1d12534cda5 |
|
| Details | md5 | 5 | 8d2199fa11c6a8d95c1c2b4add70373a |
|
| Details | md5 | 3 | 952cc4e278051e349e870aa80babc755 |
|
| Details | md5 | 3 | 9894b84916f9264d897fe3b4a83bc608 |
|
| Details | md5 | 3 | 9957250940377b39e405114f0a2fe84b |
|
| Details | md5 | 3 | b867ec1cef6b1618a21853fb8cafd6e1 |
|
| Details | md5 | 3 | d3a2dee3bb8fcd8e8a0d404e7d1e6efb |
|
| Details | md5 | 3 | d7ca8f3b5e21ed56abf32ac7cb158a7e |
|
| Details | md5 | 3 | db0e68d7d81f5c21e6e458445fd6e34b |
|
| Details | md5 | 3 | dbcc0e9c1c6c1fff790caa0b2ffc2fe5 |
|
| Details | md5 | 4 | dd247ccd7cc3a13e1c72bb01cf3a816d |
|
| Details | md5 | 3 | e07adc4ee768126dc7c7339f4cb00120 |
|
| Details | md5 | 4 | e8f3ecc0456fcbbb029b1c27dc1faad0 |
|
| Details | md5 | 3 | f08aa714fd59b68924843cbfddac4b15 |
|
| Details | md5 | 3 | fc523904ca6e191eb2fdb254a6225577 |
|
| Details | md5 | 3 | feede05ba166a3c8668fe580a3399d8f |
|
| Details | sha256 | 2 | 0ec131ca6fae327202577473137462086b3ce3130896fd8d8db69247ac720f04 |
|
| Details | sha256 | 2 | 1a996d98ab897bbc3a0249ea43afaf841b31396be7cbe61b443a58d1c9aab071 |
|
| Details | sha256 | 2 | 1c95496da95ccb39d73dbbdf9088b57347f2c91cf79271ed4fe1e5da3e0e542a |
|
| Details | sha256 | 2 | 26881615e121584b8814916d2f0228de97439cf6b654fca58b2228ff893fcfbc |
|
| Details | sha256 | 2 | 2f14ce9e4e8b1808393ad090289b5fa287269a878bbb406b6930a6c575d1f736 |
|
| Details | sha256 | 2 | 32c40964f75c3e7b81596d421b5cefd0ac328e01370d0721d7bfac86a2e98827 |
|
| Details | sha256 | 2 | 3e3effa0388f362e891ccf6f9169f9fb9627698bea5fefa57084353603502886 |
|
| Details | sha256 | 2 | 528f4d63c5abcfd137569e2dda49b5730432fb189ef2263cd6e7222cbb6ccb75 |
|
| Details | sha256 | 2 | 5ca26988b37e8998e803a95e4e7e3102fed16e99353d040a5b22aa7e07438fea |
|
| Details | sha256 | 2 | 7bf2aaf5f82ba5ed834b6ee270e4a7326a191985ea6cc27bdaba17816d1f2ca9 |
|
| Details | sha256 | 2 | 7cb0cc6800772e240a12d1b87f9b7561412f44f01f6bb38829e84acbc8353b9c |
|
| Details | sha256 | 2 | 87ccd1c15adc9ba952a07cd89295e0411b72cd4653b168f9b3f26c7a88d19b91 |
|
| Details | sha256 | 2 | 91526246682b47e5f4e396130f2ff93943fbdcaf742262345fb35ae950f1d2b2 |
|
| Details | sha256 | 2 | 92687d1f47244d3a1d7b02fbccf389b9819fd7cc3a31036ae30c2d4d88a3f266 |
|
| Details | sha256 | 2 | 989373f2d295ba1b8750fee7cdc54820aa0cb42321cec269271f0020fa5ea006 |
|
| Details | sha256 | 2 | 9fcb7dea92ad0fe5fa6d6a5a5bd47caea5d3bc44aee247a001fcefdc56500111 |
|
| Details | sha256 | 2 | b38d036bbe2d902724db04123c87aeea663c8ac4c877145ce8610618d8e6571f |
|
| Details | sha256 | 2 | b4b3c3ee293046e2f670026a253dc39e863037b9474774ead6757fe27b0b63c1 |
|
| Details | sha256 | 2 | cc7120942edde86e480a961fceff66783e71958684ad1307ffbe0e97070fd4fd |
|
| Details | sha256 | 2 | d3677394cb45b0eb7a7f563d2032088a8a10e12048ad74bae5fd9482f0aead01 |
|
| Details | sha256 | 2 | ebf2ec38ed0c4cd05aaae1bdb4af862294d8bd874f7830c42f6905e94de239cf |
|
| Details | IPv4 | 2 | 103.73.65.129 |
|
| Details | IPv4 | 2 | 103.73.65.225 |
|
| Details | IPv4 | 2 | 103.73.65.244 |
|
| Details | IPv4 | 2 | 103.73.65.246 |
|
| Details | IPv4 | 2 | 103.73.65.253 |
|
| Details | IPv4 | 3 | 109.201.140.103 |
|
| Details | IPv4 | 3 | 137.74.131.16 |
|
| Details | IPv4 | 4 | 137.74.131.18 |
|
| Details | IPv4 | 3 | 137.74.131.20 |
|
| Details | IPv4 | 2 | 137.74.131.24 |
|
| Details | IPv4 | 2 | 137.74.131.25 |
|
| Details | IPv4 | 2 | 137.74.131.30 |
|
| Details | IPv4 | 3 | 141.95.177.130 |
|
| Details | IPv4 | 4 | 146.70.124.102 |
|
| Details | IPv4 | 5 | 146.70.149.61 |
|
| Details | IPv4 | 2 | 157.90.152.26 |
|
| Details | IPv4 | 2 | 157.90.153.60 |
|
| Details | IPv4 | 3 | 162.223.89.11 |
|
| Details | IPv4 | 4 | 164.132.237.65 |
|
| Details | IPv4 | 2 | 164.132.237.67 |
|
| Details | IPv4 | 2 | 164.132.237.79 |
|
| Details | IPv4 | 5 | 178.32.30.3 |
|
| Details | IPv4 | 3 | 185.248.144.158 |
|
| Details | IPv4 | 2 | 185.254.37.173 |
|
| Details | IPv4 | 4 | 194.61.121.86 |
|
| Details | IPv4 | 2 | 195.20.17.44 |
|
| Details | IPv4 | 3 | 37.120.237.204 |
|
| Details | IPv4 | 3 | 37.120.237.248 |
|
| Details | IPv4 | 2 | 45.132.75.101 |
|
| Details | IPv4 | 4 | 45.150.64.23 |
|
| Details | IPv4 | 3 | 45.150.64.239 |
|
| Details | IPv4 | 3 | 45.150.64.39 |
|
| Details | IPv4 | 2 | 45.159.248.244 |
|
| Details | IPv4 | 4 | 45.67.230.91 |
|
| Details | IPv4 | 4 | 45.86.230.20 |
|
| Details | IPv4 | 4 | 46.249.35.243 |
|
| Details | IPv4 | 4 | 51.255.19.178 |
|
| Details | IPv4 | 2 | 65.21.183.238 |
|
| Details | IPv4 | 3 | 87.236.212.22 |
|
| Details | IPv4 | 3 | 91.121.240.104 |
|
| Details | IPv4 | 3 | 91.121.240.108 |
|
| Details | IPv4 | 3 | 91.121.61.76 |
|
| Details | IPv4 | 2 | 91.235.234.130 |
|
| Details | IPv4 | 4 | 94.131.109.65 |
|
| Details | IPv4 | 4 | 94.131.98.14 |
|
| Details | IPv4 | 4 | 95.164.38.99 |
|
| Details | IPv4 | 3 | 95.164.46.35 |