ioc[.]one - OSINT Cyber Threat Intelligence Database

Vice Society: Profiling a Persistent Threat to the Education Sector

Tags

cmtmf-attack-pattern:	Automated Exfiltration Code Injection Command And Scripting Interpreter Masquerading Process Injection Scheduled Task/Job
country:	Brazil Germany France Italy Japan Spain United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Account Access Removal - T1640 Account Access Removal - T1531 Cloud Services - T1021.007 Code Injection - T1540 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploitation For Privilege Escalation - T1404 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Lateral Tool Transfer - T1570 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Ntds - T1003.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Remote Access Software - T1663 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Windows Command Shell - T1059.003 Virtualization/Sandbox Evasion - T1497 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Automated Exfiltration - T1020 Command-Line Interface - T1059 Credential Dumping - T1003 Dll Side-Loading - T1073 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 Exploitation For Privilege Escalation - T1068 Indicator Removal On Host - T1070 Masquerading - T1036 Modify Registry - T1112 Network Service Scanning - T1046 Powershell - T1086 Process Injection - T1055 Remote Access Tools - T1219 Remote Services - T1021 Scheduled Task - T1053 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Taint Shared Content - T1080 Indicator Removal On Host Masquerading Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	8389cfde-95b9-43dd-9748-bb6bff9adbd9
Fingerprint	be35e0fbaa4d9655
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 6, 2022, 11 a.m.
Added to db	Feb. 17, 2023, 11:25 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Vice Society: Profiling a Persistent Threat to the Education Sector
Title	Vice Society: Profiling a Persistent Threat to the Education Sector
Detected Hints/Tags/Attributes	197/4/78

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	91	cve-2021-34527
Details	CVE	65	cve-2021-1675
Details	Domain	1	vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad.onion
Details	Domain	1	ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd.onion
Details	Domain	85	onionmail.org
Details	Domain	77	mega.nz
Details	Domain	24	anonfiles.com
Details	Domain	34	file.io
Details	Domain	1	qu5dci2k25x2imgki2dbhcwegqqsqsrjj5d3ugcc5kpsgbtj2psaedqd.onion
Details	Domain	1	wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd.onion
Details	Domain	1	gunyhng6pabzcurl7ipx2pbmjxpvqnu6mxf2h3vdeenam34inj4ndryd.onion
Details	Email	5	v-society.official@onionmail.org
Details	Email	3	vicesociety@onionmail.org
Details	Email	1	larrygold@onionmail.org
Details	Email	1	mollythomson@onionmail.org
Details	Email	1	bruceboyle@onionmail.org
Details	Email	1	sylvesterjones@onionmail.org
Details	Email	1	brendaevans4454@onionmail.org
Details	Email	1	warreinolds77@onionmail.org
Details	Email	1	daltonreed@onionmail.org
Details	Email	1	freddieferrell@onionmail.org
Details	Email	1	lewiselsberry@onionmail.org
Details	Email	1	inezeng@onionmail.org
Details	Email	1	lonnieguzman@onionmail.org
Details	Email	1	thomasmoore@onionmail.org
Details	File	367	readme.txt
Details	File	69	comsvcs.dll
Details	File	59	ntdsutil.exe
Details	md5	1	8acb34bed3caa60cae3f08f75d53f727
Details	sha256	1	643a3121166cd1ee5fc6848f099be7c7c24d36f5922f58052802b91f032a5f0f
Details	sha256	2	754f2022b72da704eb8636610c6d2ffcbdae9e8740555030a07c8c147387a537
Details	sha256	2	78efe6f5a34ba7579cfd8fc551274029920a9086cb713e859f60f97f591a7b04
Details	sha256	2	16a0054a277d8c26beb97850ac3e86dd0736ae6661db912b8782b4eb08cfd36e
Details	sha256	2	4a4be110d587421ad50d2b1a38b108fa05f314631066a2e96a1c85cc05814080
Details	sha256	3	307877881957a297e41d75c84e9a965f1cd07ac9d026314dcaff55c4da23d03e
Details	sha256	2	faa79c796c27b11c4f007023e50509662eac4bca99a71b26a9122c260abfb3c6
Details	sha256	2	dd89d939c941a53d6188232288a3bd73ba9baf0b4ca6bf6ccca697d9ee42533f
Details	sha256	1	4440763b18d75a0f9de30b1c4c2aeb3f827bc4f5ea9dd1a2aebe7e5b23cfdf94
Details	sha256	2	24efa10a2b51c5fd6e45da6babd4e797d9cae399be98941f950abf7b5e9a4cd7
Details	sha256	3	bafd3434f3ba5bb9685e239762281d4c7504de7e0cfd9d6394e4a85b4882ff5d
Details	sha256	3	aa7e2d63fc991990958dfb795a0aed254149f185f403231eaebe35147f4b5ebe
Details	sha256	2	001938ed01bfde6b100927ff8199c65d1bff30381b80b846f2e3fe5a0d2df21d
Details	sha256	2	ab440c4391ea3a01bebbb651c80c27847b58ac928b32d73ed3b19a0b17dd7e75
Details	Mandiant Uncategorized Groups	20	UNC2447
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	67	T1003.003
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	159	T1021
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	33	T1080
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	26	T1531
Details	Windows Registry Key	1	HKCU\Software\Zeppelin