ioc[.]one - OSINT Cyber Threat Intelligence Database

BlueAlpha Leverages Cloudflare Tunnels for GammaDrop Infrastructure

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Encrypted/Encoded File - T1027.013 Exploits - T1587.004 Exploits - T1588.005 Fast Flux Dns - T1568.001 Fast Flux Dns - T1325 Html Smuggling - T1027.006 Ip Addresses - T1590.005 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Protocols - T1437.001 Tool - T1588.002 Mshta - T1170 Registry Run Keys / Start Folder - T1060 Spearphishing Attachment - T1193 Spearphishing Attachment

Show in Graph

Common Information

Type	Value
UUID	a074ac5c-3360-4268-8427-e6320ebbb100
Fingerprint	cd44032707e4af93
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 5, 2024, midnight
Added to db	Dec. 5, 2024, 4:31 p.m.
Last updated	Dec. 17, 2024, 7:37 p.m.
Headline	BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure
Title	BlueAlpha Leverages Cloudflare Tunnels for GammaDrop Infrastructure
Detected Hints/Tags/Attributes	63/3/24

Source URLs

	Redirection	Url
Details	Source	https://www.recordedfuture.com/research/bluealpha-abuses-cloudflare-tunneling-service

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	www.recordedfuture.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	359	✔	Recorded Future	https://www.recordedfuture.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	20	trycloudflare.com
Details	Domain	3	else-accommodation-allowing-throws.trycloudflare.com
Details	Domain	5	cod-identification-imported-carl.trycloudflare.com
Details	Domain	6	amsterdam-sheet-veteran-aka.trycloudflare.com
Details	Domain	3	benjamin-unnecessary-mothers-configured.trycloudflare.com
Details	Domain	5	longitude-powerpoint-geek-upgrade.trycloudflare.com
Details	Domain	3	attribute-homework-generator-lovers.trycloudflare.com
Details	Domain	5	infected-gc-rhythm-yu.trycloudflare.com
Details	File	496	mshta.exe
Details	sha256	4	3afc8955057eb0bae819ead1e7f534f6e5784bbd5b6aa3a08af72e187b157c5b
Details	sha256	3	93aa6cd0787193b4ba5ba6367122dee846c5d18ad77919b261c15ff583b0ca17
Details	sha256	5	b95eea2bee2113b7b5c7af2acf6c6cbde05829fab79ba86694603d4c1f33fdda
Details	IBM X-Force - Unattributed Threat Actor	9	Hive0051
Details	IPv4	3	178.130.42.94
Details	Mandiant Uncategorized Groups	15	UNC530
Details	MITRE ATT&CK Techniques	328	T1566.001
Details	MITRE ATT&CK Techniques	146	T1059.005
Details	MITRE ATT&CK Techniques	101	T1059.007
Details	MITRE ATT&CK Techniques	385	T1204.002
Details	MITRE ATT&CK Techniques	399	T1547.001
Details	MITRE ATT&CK Techniques	25	T1027.006
Details	MITRE ATT&CK Techniques	19	T1027.013
Details	MITRE ATT&CK Techniques	467	T1071.001
Details	MITRE ATT&CK Techniques	4	T1568.001