iocs/iocs.csv at master · WithSecureLabs/iocs
Tags
attack-pattern: Credentials - T1589.001 Powershell - T1059.001 Software - T1592.002 Ssh - T1021.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 8cee23e2-b91b-4e2d-b89e-b1b05b6a0f5e
Fingerprint 57c1fdf121143ed8
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 1, 2023, midnight
Added to db June 1, 2023, 10:55 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Name already in use
Title iocs/iocs.csv at master · WithSecureLabs/iocs
Detected Hints/Tags/Attributes 29/1/32
Source URLs
Redirection Url
Details Source https://github.com/WithSecureLabs/iocs/blob/master/FIN7VEEAM/iocs.csv
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 39 
xxx.xxx.xxx.xxx
Details Domain 32 
temp.sh
Details Domain 35 
myip.opendns.com
Details Domain 35 
resolver1.opendns.com
Details File 7 
iocs.csv
Details File 3 
icsnd16_64refl.ps1
Details File 35 
libcurl.dll
Details File 3 
icbt11801_64refl.ps1
Details File 1208 
powershell.exe
Details File 1 
nfcv5ke38cne.ps1
Details File 1 
8mdg144udiaz.ps1
Details File 1 
tjrog0vvn8oe.log
Details File 409 
c:\windows\system32\cmd.exe
Details File 1 
c:\windows\temp\934f.ps1
Details File 2 
gup18.ps1
Details File 10 
sqlcmd.exe
Details sha1 2 
8687b6b1508a93556d6e30d14e5c4ee9971f2d80
Details sha1 2 
b621f8c5e9033718b4e9d47a2f0eccb9783f612a
Details sha1 2 
e5480a47172e3f75dbf0384f4ca82c7b47910e0f
Details IPv4 2 
217.12.206.176
Details IPv4 2 
162.248.225.115
Details IPv4 2 
45.136.199.128
Details IPv4 2 
91.149.243.181
Details IPv4 2 
91.199.147.152
Details IPv4 2 
95.217.49.123
Details IPv4 2 
77.75.230.112
Details IPv4 2 
194.87.148.41
Details IPv4 2 
195.123.244.162
Details Mandiant Temporary Group Assumption 18 
TEMP.SH
Details Url 1 
http://91.199.147.152/icsnd16_64refl.ps1
Details Url 1 
https://temp.sh/ejktm/gup18.ps1
Details Windows Registry Key 1 
HKLM\software\veeam\veeam