MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 8fc95bc4-f9d5-48a3-9ae0-fded87edbcc9 |
| Fingerprint | b5702e99e356d645 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 7, 2023, 9 a.m. |
| Added to db | April 7, 2023, 6:15 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | MERCURY and DEV-1084: Destructive attack on hybrid environment |
| Title | MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog |
| Detected Hints/Tags/Attributes | 121/3/48 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 173 | ✔ | Microsoft Security Blog | https://microsoft.com/security/blog/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | vatacloud.com |
|
| Details | Domain | 2 | downloader.sb |
|
| Details | Domain | 1 | shellman.sa |
|
| Details | Domain | 1 | adminconsent.name |
|
| Details | Domain | 3 | raweventdata.target |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 3 | pairing.rport.io |
|
| Details | Domain | 2 | webstore4tech.uaenorth.cloudapp.azure.com |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 4 | c:\programdata\db.ps1 |
|
| Details | File | 4 | c:\programdata\db.sql |
|
| Details | File | 4 | raweventdata.tar |
|
| Details | File | 1 | 8thcurse.exe |
|
| Details | File | 1 | rport.exe |
|
| Details | File | 4 | db.ps1 |
|
| Details | File | 13 | db.sql |
|
| Details | sha256 | 4 | 9107be160f7b639d68fe3670de58ed254d81de6aec9a41ad58d91aa814a247ff |
|
| Details | sha256 | 1 | 80bd00c0f6d5e39b542ee6e9b67b1eef97b2dbc6ec6cae87bf5148f1cf18c260 |
|
| Details | sha256 | 1 | 8dd9773c24703e803903e7a5faa088c2df9a4b509549e768f29276ef86ef96ae |
|
| Details | sha256 | 1 | 486eb80171c086f4d184423ed7e79303ad7276834e5e5529b199f8ae5fc661f2 |
|
| Details | sha256 | 1 | f1edff0fb16a64ac5a2ce64579d0d76920c37a0fd183d4c19219ca990f50effc |
|
| Details | sha256 | 1 | 887ae654d69ac5ccb8835e565a449d7716d6c4747dc2fbff1f59f11723244202 |
|
| Details | sha256 | 1 | 3fba459d589cd513d2478fb4ae7c4efd6aa09e62bc3ff249a19f9a233e922061 |
|
| Details | sha256 | 1 | 0dde13e3cd2dcda522eeb565b6374c97b3ed4aa6b8ed9ff9b6224ea97bf2a584 |
|
| Details | sha256 | 1 | afd16b9ad57eb9c26c8ae347c379c8e2b82361c7bdff5b189659674d5614854c |
|
| Details | sha256 | 1 | 3e59d36faf2d5e6edf1d881e2043a46055c63b7c68cc08d44cc7fc1b364157eb |
|
| Details | sha256 | 1 | 786bd97172ec0cef88f6ea08e3cb482fd15cf28ab22d37792e3a86fa3c27c975 |
|
| Details | sha256 | 1 | 36c71ce7cd38733eb66f32a8c56acd635680197f01585c5a2a846cc3cb0a8fe2 |
|
| Details | sha256 | 1 | 016967de76382c674b3a1cb912eb85ff642b2ebfe4e107fc576065f172c6ef80 |
|
| Details | sha256 | 1 | 3059844c102595172bb7f644c9a70d77a198a11f1e84539792408b1f19954e18 |
|
| Details | sha256 | 1 | b9cf785b81778e2b805752c7b839737416e3af54f64f1e40e008142e382df0c4 |
|
| Details | sha256 | 1 | ab179112caadaf138241c43c4a4dccc2e3c67aeb96a151e432cfbafa18a4b436 |
|
| Details | sha256 | 1 | 6485a68ba1d335d16a1d158976e0cbfad7ab15b51de00c381d240e8b0c479f77 |
|
| Details | sha256 | 1 | b155c5b3a8f4c89ba74c5c5c03d029e4202510d0cbb5e152995ab91e6809bcd7 |
|
| Details | IPv4 | 3 | 146.70.106.89 |
|
| Details | IPv4 | 4 | 194.61.121.86 |
|
| Details | IPv4 | 2 | 141.95.22.153 |
|
| Details | IPv4 | 2 | 193.200.16.3 |
|
| Details | IPv4 | 2 | 192.52.166.191 |
|
| Details | IPv4 | 2 | 45.56.162.111 |
|
| Details | IPv4 | 2 | 104.194.222.219 |
|
| Details | IPv4 | 2 | 192.169.6.88 |
|
| Details | IPv4 | 1 | 192.52.167.209 |
|
| Details | IPv4 | 4 | 46.249.35.243 |
|
| Details | IPv4 | 4 | 45.86.230.20 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 25 | DEV-1084 |
|
| Details | Url | 6 | https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy |
|
| Details | Url | 2 | https://pairing.rport.io/qmlc2wx |