Sandworm (APT44) APT IOCs - Part 8 - SEC-1275-1
Tags
attack-pattern: | Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Python - T1059.006 Ssh - T1021.004 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 833e0914-a748-4c86-8567-0dea23a2aae5 |
Fingerprint | b2df27af40305477 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 23, 2024, midnight |
Added to db | Dec. 23, 2024, 7:16 a.m. |
Last updated | Dec. 23, 2024, 7:17 a.m. |
Headline | Sandworm (APT44) APT IOCs - Part 8 |
Title | Sandworm (APT44) APT IOCs - Part 8 - SEC-1275-1 |
Detected Hints/Tags/Attributes | 13/1/28 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://1275.ru/ioc/8712/sandworm-apt44-apt-iocs-part-8/?mtm_campaign=rss |
URL Provider
Details | Provider | Source level domain |
---|---|---|
Details | 1275.ru | 1275.ru |
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CERT Ukraine | 9 | UAC-0125 |
|
Details | CERT Ukraine | 7 | UAC-0002 |
|
Details | Domain | 2 | aplusdesktop.workers.dev |
|
Details | Domain | 2 | aplusmodgovua.workers.dev |
|
Details | Domain | 2 | armylpus.workers.dev |
|
Details | Domain | 2 | armyplus-desktop.workers.dev |
|
Details | Domain | 2 | desktopaplus.workers.dev |
|
Details | Domain | 2 | desktopapluscom.workers.dev |
|
Details | Domain | 22 | workers.dev |
|
Details | Domain | 2 | wvtmsouaa2gt6jmcuxj5hkfrqdss5lhecoqijt5dl7gfruueu3i5mkad.onion |
|
Details | File | 6 | mil.cer |
|
Details | File | 4 | 23722.exe |
|
Details | File | 4 | armyplus.exe |
|
Details | File | 19 | init.ps1 |
|
Details | md5 | 2 | 79782773ffee7b8141674c27e9bfc109 |
|
Details | md5 | 1 | 08a0c1166d8e50d95254b198b8168726 |
|
Details | md5 | 2 | 4316eb790d186ffda2999257f8ded747 |
|
Details | md5 | 1 | 0799756f104a70cb6ce0cfc422de25db |
|
Details | md5 | 2 | 52853b39922251a4166a5b032e577e7a |
|
Details | md5 | 2 | a27a90a685dad9fc7f1c5962f278f197 |
|
Details | md5 | 2 | a2f355057ade20d32afc5c4192ce3986 |
|
Details | md5 | 2 | ed0c7c1925ac23bd8b4d09e77aabb0ee |
|
Details | sha256 | 2 | 4dca04f1e16cbe88776a3187031cff64981155cb3b992031250c6fed40496318 |
|
Details | sha256 | 2 | 86039bc8b1a6bb823f5cbf27d1a4a3b319b83d242f09ffcd96f38bbdbbaaa78f |
|
Details | sha256 | 2 | 8ba4c3ede1ed05a3ad7075fee503215648ec078a13523492e2e91a59fa40c8da |
|
Details | sha256 | 2 | b663e08cc267cdb7a02d5131cb04b8b05cb6ad13ac1d571c6aafe69e06bf8f80 |
|
Details | sha256 | 2 | d2049157980b7ee0a54948d4def4ab62303ca51cadaada06fb51c583ecbce1a2 |
|
Details | Threat Actor Identifier - APT | 33 | APT44 |