Attribution: A Puzzle
Tags
country: Canada Netherlands
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID 98009bc5-6471-4615-a4a5-93700ca9409d
Fingerprint bb3d0d9d0d6585d1
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 13, 2020, 9:08 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Vulnerability Information
Title Attribution: A Puzzle
Detected Hints/Tags/Attributes 77/2/16
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2020/08/attribution-puzzle.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
layers.wincodec.com
Details Domain 1 
onedrive-jp.com
Details Domain 4 
my-iri.org
Details File 4 
sangforud.exe
Details sha256 7 
0b8e6a11adaa3df120ec15846bb966d674724b6b92eae34d63b665e0698e0193
Details sha256 8 
65495d173e305625696051944a36a031ea94bb3a4f13034d8be740982bc4ab75
Details IPv4 6 
45.123.190.168
Details IPv4 4 
52.45.178.122
Details IPv4 12 
209.99.40.222
Details IPv4 3 
209.99.40.223
Details IPv4 1 
198.251.83.27
Details Threat Actor Identifier - APT-C 2 
APT-C-42
Details Threat Actor Identifier - APT 665 
APT29
Details Threat Actor Identifier - APT 783 
APT28
Details Threat Actor Identifier - APT 78 
APT3
Details Threat Actor Identifier - APT 278 
APT10