Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 96d3c9d5-6c50-44eb-b6e3-7ac3608b519c |
| Fingerprint | dd111dd1086382a9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 18, 2019, midnight |
| Added to db | April 15, 2023, 12:59 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks |
| Title | Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks |
| Detected Hints/Tags/Attributes | 46/2/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 2 | backdoor.sys |
|
| Details | File | 1 | %windir%\temp\rconfig.xml |
|
| Details | File | 1 | %windir%\temp\bak.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 2 | sha.exe |
|
| Details | File | 2 | sha432.exe |
|
| Details | File | 2 | stereoversioncontrol.exe |
|
| Details | File | 3 | get-logon-history.ps1 |
|
| Details | sha256 | 1 | d9ac9c950e5495c9005b04843a40f01fa49d5fd49226cb5b03a055232ffc36f3 |
|
| Details | sha256 | 1 | f71732f997c53fa45eef5c988697eb4aa62c8655d8f0be3268636fc23addd193 |
|
| Details | sha256 | 1 | 02a3296238a3d127a2e517f4949d31914c15d96726fb4902322c065153b364b2 |
|
| Details | sha256 | 1 | 07d123364d8d04e3fe0bfa4e0e23ddc7050ef039602ecd72baed70e6553c3ae4 |
|
| Details | IPv4 | 1 | 64.235.60.123 |
|
| Details | IPv4 | 1 | 64.235.39.45 |
|
| Details | Threat Actor Identifier - APT | 258 | APT34 |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\Enablevmd |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\Sendvmd |