ioc[.]one - OSINT Cyber Threat Intelligence Database

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

Tags

maec-delivery-vectors:

attack-pattern:

Data Credentials - T1589.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 Local Accounts - T1078.003 Malware - T1587.001 Malware - T1588.001 Password Filter Dll - T1556.002 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Password Filter Dll - T1174 Powershell - T1086 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	868bd14c-928f-4174-87f9-e78bc2cdc1c0
Fingerprint	b50081dbab30ede1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 11, 2024, midnight
Added to db	Oct. 22, 2024, 7:59 a.m.
Last updated	Nov. 13, 2024, 7:21 p.m.
Headline	Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East
Title	Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East
Detected Hints/Tags/Attributes	100/2/43

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	7	temp.ps1
Details	File	15	backdoor.asp
Details	File	3	defaults.aspx
Details	File	13	webservices.dll
Details	File	14	logout.aspx
Details	File	18	trojanspy.msi
Details	File	15	update.dll
Details	File	2	passwin.dll
Details	File	6	hacktool.ps1
Details	File	5	p.ps1
Details	File	2	j.ps1
Details	File	3	s.inc
Details	File	11	n.exe
Details	File	12	psexec64.exe
Details	File	2	globals.aspx
Details	sha256	3	6e4f237ef084e400b43bc18860d9c781c851012652b558f57527cf61bee1e1ef
Details	sha256	3	b3257f0c0ef298363f89c7a61ab27a706e9e308c22f1820dc4f02dfa0f68d897
Details	sha256	3	abfc8e9b4b02e196af83608d5aaef1771354b32c898852dff532bd8cfd2ce59d
Details	sha256	3	43c83976d9b6d19c63aef8715f7929557e93102ff0271b3539ccf2ef485a01a7
Details	sha256	3	ca98a24507d62afdb65e7ad7205dfe8cd9ef7d837126a3dfc95a74af873b1dc5
Details	sha256	5	7ebbeb2a25da1b09a98e1a373c78486ed2c5a7f2a16eec63e576c99efe0c7a49
Details	sha256	3	c0189edde8fa030ff4a70492ced24e325847b04dba33821cf637219d0ddff3c9
Details	sha256	3	6d8bdd3e087b266d493074569a85e1173246d1d71ee88eca94266b5802e28112
Details	sha256	3	db79c39bc06e55a52741a9170d8007fa93ac712df506632d624a651345d33f91
Details	sha256	3	27a0e31ae16cbc6129b4321d25515b9435c35cc2fa1fc748c6f109275bee3d6c
Details	sha256	3	54e8fbae0aa7a279aaedb6d8eec0f95971397fea7fcee6c143772c8ee6e6b498
Details	sha256	3	a24303234e0cc6f403fca8943e7170c90b69976015b6a84d64a9667810023ed7
Details	sha256	3	1169d8fe861054d99b10f7a3c87e3bbbd941e585ce932e9e543a2efd701deac2
Details	sha256	3	af979580849cc4619b815551842f3265b06497972c61369798135145b82f3cd8
Details	sha256	3	1d2ff65ac590c8d0dec581f6b6efbf411a2ce5927419da31d50156d8f1e3a4ff
Details	sha256	3	98fb12a9625d600535df342551d30b27ed216fed14d9c6f63e8bf677cb730301
Details	sha256	3	edfae1a69522f87b12c6dac3225d930e4848832e3c551ee1e7d31736bf4525ef
Details	Pdb	2	c:\users\reymond\desktop\cve-2024-30088-main\x64\release\poc.pdb
Details	Threat Actor Identifier - APT	258	APT34
Details	Windows Registry Key	4	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa
Details	CVE	45	cve-2024-30088
Details	Domain	47	microsoft.exchange
Details	File	18	r.exe
Details	File	17	t.exe
Details	File	3	e.xml
Details	File	4	u.ps1
Details	File	12	psgfilter.dll
Details	File	38	trojan.ps1