ioc[.]one - OSINT Cyber Threat Intelligence Database

Cloud Atlas: RedOctober APT is back in style

Tags

country:	Belarus Czechia India Kazakhstan Sweden Ukraine
attack-pattern:	Data Cloud Services - T1021.007 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Regsvr32 - T1117

Show in Graph

Common Information

Type	Value
UUID	9eff328a-bd36-4111-b123-4aec02adc87a
Fingerprint	3de4a9d18df72681
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 10, 2014, 10:03 a.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 12, 2024, 3:58 a.m.
Headline	Cloud Atlas: RedOctober APT is back in style
Title	Cloud Atlas: RedOctober APT is back in style
Detected Hints/Tags/Attributes	58/2/30

Source URLs

	Redirection	Url
Details	Source	http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/
Details	Source	https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083
Details	Source	https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	CVE	176	cve-2012-0158
Details	Domain	7	cloudme.com
Details	Domain	2	mydrive.ch
Details	Domain	1	exploit.win32.cve-2012-0158.eu
Details	Domain	2	exploit.win32.cve-2012-0158.aw
Details	File	1	war.doc
Details	File	1	лайнера.doc
Details	File	1	sale.doc
Details	File	1	мвкси.doc
Details	File	1	rusia.doc
Details	File	1	фото.doc
Details	File	1	письмо.doc
Details	File	1	письмо_руководителям.doc
Details	File	1	прилож.doc
Details	File	1	issues.doc
Details	File	1	qpd0akju.vbs
Details	File	1	ctfmonrn.dll
Details	File	1	fundamentive.dll
Details	File	1	papersaving.dll
Details	File	1	previliges.dll
Details	File	1	steinheimman.dll
Details	File	13	agent.crt
Details	md5	1	E211C2BAD9A83A6A4247EC3959E2A730
Details	md5	1	DECF56296C50BD3AE10A49747573A346
Details	md5	1	D171DB37EF28F42740644F4028BCF727
Details	md5	1	649ff144aea6796679f8f9a1e9f51479
Details	md5	1	40e70f7f5d9cb1a669f8d8f306113485
Details	md5	1	58db8f33a9cdd321d9525d1e68c06456
Details	md5	1	f5476728deb53fe2fa98e6a33577a9da
Details	Windows Registry Key	582	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run