ioc[.]one - OSINT Cyber Threat Intelligence Database

Anomali Cyber Watch: Turla Re-Registered Andromeda Domains, SpyNote Is More Popular after the Source Code Publication, Typosquatted Site Used to Leak Company’s Data

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Application Layer Protocol Boot Or Logon Autostart Execution Compromise Infrastructure Obfuscated Files Or Information Process Injection Scheduled Task/Job Stage Capabilities System Network Connections Discovery
country:	Colombia Ecuador Spain Portugal Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Acquire Infrastructure - T1583 Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Artificial Intelligence - T1588.007 Asymmetric Cryptography - T1521.002 Asymmetric Cryptography - T1573.002 Boot Or Logon Autostart Execution - T1547 Botnet - T1583.005 Botnet - T1584.005 Compromise Infrastructure - T1584 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Debugger Evasion - T1622 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Install Digital Certificate - T1608.003 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Mshta - T1218.005 Multi-Hop Proxy - T1090.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Stage Capabilities - T1608 System Location Discovery - T1614 System Shutdown/Reboot - T1529 Web Protocols - T1071.001 Web Protocols - T1437.001 Tool - T1588.002 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Connection Proxy - T1090 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Exfiltration Over Alternative Protocol - T1048 File And Directory Discovery - T1083 File Deletion - T1107 Hidden Window - T1143 Indicator Removal On Host - T1070 Remote File Copy - T1105 Modify Registry - T1112 Mshta - T1170 Multi-Hop Proxy - T1188 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Rundll32 - T1085 Scheduled Task - T1053 Signed Binary Proxy Execution - T1218 Spearphishing Attachment - T1193 Spearphishing Link - T1192 System Information Discovery - T1082 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Indicator Removal On Host Spearphishing Attachment

Show in Graph

Common Information

Type	Value
UUID	93a4bc0c-3fad-4c69-bf7b-e0c5ac2f29c4
Fingerprint	de4705a2e7d5cf01
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 10, 2023, midnight
Added to db	Jan. 10, 2023, 6:14 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Anomali Cyber Watch: Turla Re-Registered Andromeda Domains, SpyNote Is More Popular after the Source Code Publication, Typosquatted Site Used to Leak Company’s Data
Title	Anomali Cyber Watch: Turla Re-Registered Andromeda Domains, SpyNote Is More Popular after the Source Code Publication, Typosquatted Site Used to Leak Company’s Data
Detected Hints/Tags/Attributes	180/4/40

Source URLs

	Redirection	Url
Details	Source	https://www.anomali.com/blog/anomali-cyber-watch-turla-re-registered-andromeda-domains-spynote-is-more-popular-after-the-source-code-publication-typosquatted-site-used-to-leak-companys-data

URL Provider

Details	Provider	Source level domain
Details	anomali.com	www.anomali.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	270	✔	—	https://www.anomali.com/site/blog-rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Mandiant Uncategorized Groups	14	UNC4210
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	22	T1048.003
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	66	T1564.003
Details	MITRE ATT&CK Techniques	52	T1622
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	66	T1584
Details	MITRE ATT&CK Techniques	17	T1608.003
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	74	T1573.002
Details	MITRE ATT&CK Techniques	48	T1529
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	50	T1614
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	59	T1218.005
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	48	T1090.003
Details	MITRE ATT&CK Techniques	119	T1218.011
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	82	T1583.001
Details	Threat Actor Identifier - APT-C	83	APT-C-36