ioc[.]one - OSINT Cyber Threat Intelligence Database

CloudScout: Evasive Panda scouting cloud services

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Develop Capabilities Masquerading Obfuscated Files Or Information
country:	Bolivia China Hong Kong South Korea Myanmar Vietnam Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Acquire Infrastructure - T1583 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Bypass User Account Control - T1548.002 Cloud Services - T1021.007 Confluence - T1213.001 Create Or Modify System Process - T1543 Credentials - T1589.001 Data From Cloud Storage - T1530 Develop Capabilities - T1587 Dns - T1071.004 Dns - T1590.002 Exfiltration Over C2 Channel - T1646 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Remote Email Collection - T1114.002 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Steal Web Session Cookie - T1539 System Services - T1569 Web Session Cookie - T1506 Windows Service - T1543.003 Use Alternate Authentication Material - T1550 Web Session Cookie - T1550.004 Deobfuscate/Decode Files Or Information - T1140 Email Collection - T1114 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 Masquerading - T1036 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Service Execution - T1035 System Information Discovery - T1082 Execution Through Api Masquerading

Show in Graph

Common Information

Type	Value
UUID	87a78c30-cc96-47b0-983b-6e7819c6ad4c
Fingerprint	16ba9c7b2da32599
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 28, 2024, midnight
Added to db	Oct. 29, 2024, 11:32 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	CloudScout: Evasive Panda scouting cloud services
Title	CloudScout: Evasive Panda scouting cloud services
Detected Hints/Tags/Attributes	131/4/51

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/en/eset-research/cloudscout-evasive-panda-scouting-cloud-services/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	397	✔	WeLiveSecurity	https://www.welivesecurity.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	7	T1550.004
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	19	T1530
Details	MITRE ATT&CK Techniques	21	T1114.002
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	422	T1041
Details	Pdb	1	e:\project\git_new\mprojects\code\cloudscout\googledriver\cgd\obj\debug\cgd.pdb
Details	Pdb	1	e:\project\git_new\mprojects\code\cloudscout\gmail\cgm\obj\debug\cgm.pdb
Details	Pdb	1	e:\project\git_new\mprojects\code\cloudscout\outlook\col\obj\debug\col.pdb
Details	Domain	194	drive.google.com
Details	Domain	58	accounts.google.com
Details	Domain	49	mail.google.com
Details	Domain	15	outlook.live.com
Details	Domain	36	login.live.com
Details	Domain	114	eset.com
Details	Email	69	threatintel@eset.com
Details	File	1	gmck.dll
Details	File	1	%programdata%\nvidla\gmck\msvc_4.dll
Details	File	1	%programdata%\nvidla\olck\msvc_4.dll
Details	File	1	%programdata%\nvidla\dankdh\msvc_4.dll
Details	File	4	%appdata%\mozilla\firefox\profiles.ini
Details	File	60	cookies.sql
Details	File	2	pmsrvd.dll
Details	File	50	3.exe
Details	File	156	1.exe
Details	File	30	doc.exe
Details	File	1	djcu.dll
Details	File	1	commonutilities.dll
Details	File	1	cgm.dll
Details	File	1	cgd.dll
Details	File	1	col.dll
Details	sha1	2	67028aeb095189fdf18b2d7b775b62366ef224a9
Details	sha1	2	b3556d1052bf5432d39a6068ccf00d8c318af146
Details	sha1	2	84f6b9f13cdcd8d9d15d5820536bc878cd89b3c8
Details	sha1	2	4a5bcdaac0bc315edd00bb1fccd1322737bcbeeb
Details	sha1	2	c058f9fe91293040c8b0908d3dafc80f89d2e38b
Details	sha1	2	621e2b50a979d77ba3f271fab94326cccbc009b4
Details	sha1	2	93c1c8ad2af64d0e4c132f067d369ecbebae00b7
Details	IPv4	1	103.96.128.44
Details	MITRE ATT&CK Techniques	32	T1583.004
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	550	T1112