Blind Eagle (APT-C-36) APT IOCs - Part 2 - SEC-1275-1
Tags
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 |
Common Information
| Type | Value |
|---|---|
| UUID | a850d50d-553a-4efd-bb16-e5d6dd4ede8f |
| Fingerprint | e430c49e28474b4b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 2, 2023, midnight |
| Added to db | Nov. 2, 2023, 6:28 a.m. |
| Last updated | Nov. 17, 2024, 9:42 p.m. |
| Headline | Blind Eagle (APT-C-36) APT IOCs - Part 2 |
| Title | Blind Eagle (APT-C-36) APT IOCs - Part 2 - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 11/1/29 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/2792/blind-eagle-apt-c-36-apt-iocs-part-2/?from=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | autgerman.autgerman.com |
|
| Details | Domain | 1 | subirfact.com |
|
| Details | File | 1205 | index.php |
|
| Details | File | 5 | clip.dll |
|
| Details | File | 8 | clip64.dll |
|
| Details | File | 10 | cred.dll |
|
| Details | File | 7 | cred64.dll |
|
| Details | File | 2 | onlyofficed.bat |
|
| Details | md5 | 1 | 05b99bee0d8ba95f5ccb1d356939daa8 |
|
| Details | md5 | 1 | 20561f6497492900567cbf08a20afcca |
|
| Details | md5 | 1 | 303acdc5a695a27a91fea715ae8fdfb8 |
|
| Details | md5 | 1 | 42dd207e642cec5a12839257df892ca9 |
|
| Details | md5 | 1 | 461a67ce40f4a12863244efeef5ebc26 |
|
| Details | md5 | 1 | 5590c7e442e8d2bc857813c008ce4a6c |
|
| Details | md5 | 1 | 57a169a5a3ca09a0ede3fedc50e6d222 |
|
| Details | md5 | 1 | 64e6b811153c4452837e187a10d54665 |
|
| Details | md5 | 1 | c1eeb77920357a53e271091f85618bd9 |
|
| Details | md5 | 1 | c92a9fa4306f7912d3af58c2a75682fd |
|
| Details | md5 | 1 | fdd66dc414647b87aa1688610337133b |
|
| Details | md5 | 1 | fecb399cae4861440df73eaa7110f52c |
|
| Details | IPv4 | 2 | 213.226.123.14 |
|
| Details | Threat Actor Identifier - APT-C | 83 | APT-C-36 |
|
| Details | Url | 1 | http://213.226.123.14/8bmevwqx/index.php |
|
| Details | Url | 1 | http://213.226.123.14/8bmevwqx/index.php?scr=1 |
|
| Details | Url | 1 | http://213.226.123.14/8bmevwqx/plugins/clip.dll |
|
| Details | Url | 1 | http://213.226.123.14/8bmevwqx/plugins/clip64.dll |
|
| Details | Url | 1 | http://213.226.123.14/8bmevwqx/plugins/cred.dll |
|
| Details | Url | 1 | http://213.226.123.14/8bmevwqx/plugins/cred64.dll |
|
| Details | Url | 1 | https://subirfact.com/onlyofficed.bat |