Новая APT-угроза в зоне российско-украинского конфликта
Tags
| attack-pattern: | Msiexec - T1218.007 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 9b111c96-b441-45f5-88ec-8d7b3865dad9 |
| Fingerprint | c4ec1fbdd87074ea |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 21, 2023, 11 a.m. |
| Added to db | March 21, 2023, 10:21 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Новая APT-угроза в зоне российско-украинского конфликта |
| Title | Новая APT-угроза в зоне российско-украинского конфликта |
| Detected Hints/Tags/Attributes | 14/1/45 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.ru/bad-magic-apt/107020/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 224 | ✔ | Securelist | https://securelist.ru/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | webservice-srv.online |
|
| Details | Domain | 2 | webservice-srv1.online |
|
| Details | Domain | 2 | 288.zip |
|
| Details | Domain | 2 | 3638.zip |
|
| Details | Domain | 2 | 10.08.22.zip |
|
| Details | Domain | 2 | 176.zip |
|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 14 | content.dropboxapi.com |
|
| Details | File | 2 | 176.pdf |
|
| Details | File | 2 | 288.zip |
|
| Details | File | 2 | внесение_изменений_в_отдельные_законодательные_акты_рф.zip |
|
| Details | File | 2 | 3638.zip |
|
| Details | File | 3 | 22.zip |
|
| Details | File | 2 | 176.zip |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 4 | attachment.msi |
|
| Details | File | 6 | %windir%\system32\msiexec.exe |
|
| Details | File | 2 | service_pack.dat |
|
| Details | File | 2 | runservice_pack.vbs |
|
| Details | File | 2 | manutil.vbs |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 2 | %appdata%\wineventcom\manutil.vbs |
|
| Details | File | 13 | s.txt |
|
| Details | File | 30 | s.exe |
|
| Details | File | 10 | u.exe |
|
| Details | File | 8 | all.exe |
|
| Details | File | 13 | clean.exe |
|
| Details | File | 4 | overall.exe |
|
| Details | md5 | 2 | 0a95a985e6be0918fdb4bfabf0847b5a |
|
| Details | md5 | 2 | ecb7af5771f4fe36a3065dc4d5516d84 |
|
| Details | md5 | 2 | 765f45198cb8039079a28289eab761c5 |
|
| Details | md5 | 2 | ebaf3c6818bfc619ca2876abd6979f6d |
|
| Details | md5 | 2 | 1032986517836a8b1f87db954722a33f |
|
| Details | md5 | 2 | 1de44e8da621cdeb62825d367693c75e |
|
| Details | md5 | 2 | fee3db5db8817e82b1af4cedafd2f346 |
|
| Details | md5 | 2 | bec44b3194c78f6e858b1768c071c5db |
|
| Details | md5 | 2 | 8c2f5e7432f1e6ad22002991772d589b |
|
| Details | md5 | 2 | 1fe3a2502e330432f3cf37ca7acbffac |
|
| Details | md5 | 2 | ce8d77af445e3a7c7e56a6ea53af8c0d |
|
| Details | md5 | 2 | 9e19fe5c3cf3e81f347dd78cf3c2e0c2 |
|
| Details | md5 | 2 | 7c0e5627fd25c40374bc22035d3fadd8 |
|
| Details | IPv4 | 4 | 185.166.217.184 |
|
| Details | Url | 2 | http://185.166.217.184/cfvjkxiuphesrhuse4fhurehuiferay97a4fxa/attachment.msi |
|
| Details | Url | 8 | https://content.dropboxapi.com/2/files/upload |
|
| Details | Url | 7 | https://content.dropboxapi.com/2/files/download |