ioc[.]one - OSINT Cyber Threat Intelligence Database

Rogue RDP Files Used in Latest Campaign Targeting Ukrainian Government, Military

Tags

country:	Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Cloud Services - T1021.007 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rdp Hijacking - T1563.002 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	8460a764-293f-4fda-82a3-b276773245a2
Fingerprint	7df90a791f208f8a
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 23, 2024, 1:59 p.m.
Added to db	Oct. 23, 2024, 4:27 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Rogue RDP Files Used in Latest Campaign Targeting Ukrainian Government, Military
Title	Rogue RDP Files Used in Latest Campaign Targeting Ukrainian Government, Military
Detected Hints/Tags/Attributes	32/3/92

Source URLs

	Redirection	Url
Details	Source	https://thecyberexpress.com/rogue-rdp-files-used-in-ukraine-cyberattacks/

URL Provider

Details	Provider	Source level domain
Details	thecyberexpress.com	thecyberexpress.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	248	✔	The Cyber Express	https://thecyberexpress.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	13	UAC-0215
Details	File	74	mstsc.exe
Details	md5	3	a5de73d69c1a7fbae2e71b98d48fe9b5
Details	md5	3	8bcb741a204c25232a11a7084aa2221f
Details	md5	3	86f58115c891ce91b7364e5ff0314b31
Details	md5	3	80b3cad4f70b6ea8924aa13d2730328b
Details	md5	3	c0da30b71d58e071fc5863381444d9f0
Details	md5	3	1595266bb78dc1e3d67f929154824c74
Details	md5	3	222c83d156a41735c38cc552a7084a86
Details	md5	3	fa9af43e9bbb55b7512b369084d91f4d
Details	md5	3	281a28800a4ba744bfde7b4aff46f24e
Details	md5	3	d37cd2c462af0e0643076b20c5ff561e
Details	md5	3	e465a4191a93195094a803e5d4703a90
Details	md5	3	3f753810430b26b94a172fbf816e7d76
Details	md5	3	434ffae8cfc3caa370be2e69ffaa95d1
Details	md5	3	c287c05d91a19796b2649ebebd27394b
Details	md5	3	aabbfd1acd3f3a2212e348f2d6f169fc
Details	md5	3	b0a0ad4093e781a278541e4b01daa7a8
Details	md5	3	a18a1cad9df5b409963601c8e30669e4
Details	md5	3	cbbc4903da831b6f1dc39d0c8d3fc413
Details	md5	3	bd711dc427e17cc724f288cc5c3b0842
Details	md5	3	b38e7e8bba44bc5619b2689024ad9fca
Details	md5	3	40f957b756096fa6b80f95334ba92034
Details	md5	3	db326d934e386059cc56c4e61695128e
Details	md5	3	f58cf55b944f5942f1d120d95140b800
Details	sha256	3	34c88cd591f73bc47a1a0fe2a4f594f628be98ad2366eeb4e467595115d8505a
Details	sha256	3	071276e907f185d9e341d549b198e60741e2c7f8d64dd2ca2c5d88d50b2c6ffc
Details	sha256	3	6e6680786fa5b023cf301b6bc5faaa89c86dc34b696f4b078cf22b1b353d5d3c
Details	sha256	3	31f2cc1157248aec5135147073e49406d057bebf78b3361dd7cbb6e37708fbcc
Details	sha256	3	88fd6a36e8a61597dd71755b985e5fcd0b8308b69fc0f4b0fc7960fb80018622
Details	sha256	3	b8327671ebc20db6f09efc4f19bd8c39d9e28c9a37bdd15b2fd62ade208d2e8a
Details	sha256	3	a5bbb109faefcecba695a84a737f5e47fa418cea39d654bb512a6f4a0b148758
Details	sha256	3	5534cc837ba4fa3726322883449b3e97ca3e0d28c0ccf468b868397fdfa44e0b
Details	sha256	3	b9ab481e7a9a92cfa2d53de8e7a3c75287cff6a3374f4202ec16ea9e03d80a0b
Details	sha256	3	18a078a976734c9ec562f5dfa3f5904ef5d37000fb8c1f5bd0dc2dee47203bf9
Details	sha256	3	bb4d5a3f7a40c895882b73e1aca8c71ea40cef6c4f6732bec36e6342f6e2487a
Details	sha256	3	ef4bd88ec5e8b401594b22632fd05e401658cf78de681f81409eadf93f412ebd
Details	sha256	3	1cfe29f214d1177b66aec2b0d039fec47dd94c751fa95d34bc5da3bbab02213a
Details	sha256	3	3a2496db64507311f5fbd3aba0228b653f673fc2152a267a1386cbab33798db5
Details	sha256	3	984082823dc1f122a1bb505700c25b27332f54942496814dfd0c68de0eba59dc
Details	sha256	3	383e63f40aecdd508e1790a8b7535e41b06b3f6984bb417218ca96e554b1164b
Details	sha256	3	296d446cb2ad93255c45a2d4b674bbacb6d1581a94cf6bb5e54df5a742502680
Details	sha256	3	129ba064dfd9981575c00419ee9df1c7711679abc974fa4086076ebc3dc964f5
Details	sha256	3	f2acb92d0793d066e9414bc9e0369bd3ffa047b40720fe3bd3f2c0875d17a1cb
Details	sha256	4	f357d26265a59e9c356be5a8ddb8d6533d1de222aae969c2ad4dc9c40863bfe8
Details	sha256	4	280fbf353fdffefc5a0af40c706377142fff718c7b87bc8b0daab10849f388d0
Details	sha256	4	8b45f5a173e8e18b0d5c544f9221d7a1759847c28e62a25210ad8265f07e96d5
Details	sha256	4	ba4d58f2c5903776fe47c92a0ec3297cc7b9c8fa16b3bf5f40b46242e7092b46
Details	IPv4	2	37.153.155.143
Details	IPv4	2	45.42.142.49
Details	IPv4	2	45.42.142.89
Details	IPv4	2	199.204.86.87
Details	IPv4	2	181.215.148.194
Details	IPv4	2	104.247.120.157
Details	IPv4	2	204.111.198.27
Details	IPv4	2	136.0.0.11
Details	IPv4	2	38.180.110.238
Details	IPv4	2	179.43.148.82
Details	IPv4	2	45.11.230.105
Details	IPv4	2	45.141.58.60
Details	IPv4	2	95.217.113.133
Details	IPv4	2	185.187.155.74
Details	IPv4	2	141.195.117.125
Details	IPv4	2	185.76.79.178
Details	IPv4	2	2.58.201.112
Details	IPv4	2	89.46.234.115
Details	IPv4	2	84.32.188.193
Details	IPv4	2	38.180.146.210
Details	IPv4	2	84.32.188.197
Details	IPv4	2	45.80.193.9
Details	IPv4	2	45.67.85.40
Details	IPv4	2	45.134.111.123
Details	IPv4	2	84.32.188.153
Details	IPv4	2	62.72.7.213
Details	IPv4	2	93.188.163.16
Details	IPv4	2	23.160.56.122
Details	IPv4	2	95.156.207.121
Details	IPv4	2	84.32.188.148
Details	IPv4	2	166.0.187.233
Details	IPv4	2	185.216.72.196
Details	IPv4	2	38.180.146.230
Details	IPv4	2	84.32.188.200
Details	IPv4	2	45.11.231.8
Details	IPv4	2	162.252.175.233
Details	IPv4	2	13.49.21.253
Details	IPv4	2	179.43.163.18
Details	IPv4	2	46.19.141.186
Details	IPv4	2	193.29.59.9
Details	IPv4	2	135.181.130.232
Details	IPv4	2	45.134.110.83
Details	IPv4	2	185.187.155.73
Details	IPv4	2	23.160.56.100