Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations
Tags
Common Information
| Type | Value |
|---|---|
| UUID | ab8870cd-ad4c-4aa3-8f46-0c07ed12b61f |
| Fingerprint | a58027d74a8a87e0 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 5, 2022, midnight |
| Added to db | Dec. 5, 2022, 5:42 p.m. |
| Last updated | Nov. 17, 2024, 6:30 p.m. |
| Headline | Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations |
| Title | Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations |
| Detected Hints/Tags/Attributes | 83/4/92 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 359 | ✔ | Recorded Future | https://www.recordedfuture.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 4 | AS52000 |
|
| Details | Autonomous System Number | 6 | AS54290 |
|
| Details | Autonomous System Number | 4 | AS44094 |
|
| Details | Autonomous System Number | 4 | AS62240 |
|
| Details | Autonomous System Number | 5 | AS62005 |
|
| Details | Autonomous System Number | 9 | AS44477 |
|
| Details | Autonomous System Number | 40 | AS16276 |
|
| Details | Autonomous System Number | 4 | AS20278 |
|
| Details | Autonomous System Number | 3 | AS206446 |
|
| Details | Autonomous System Number | 5 | AS43624 |
|
| Details | Domain | 51 | reg.ru |
|
| Details | Domain | 5 | cloud-safety.online |
|
| Details | Domain | 4 | drive-globalordnance.com |
|
| Details | Domain | 70 | crt.sh |
|
| Details | Domain | 5 | umopl-drive.com |
|
| Details | Domain | 4 | sangrail-share.com |
|
| Details | Domain | 5 | dtgruelle-us.com |
|
| Details | Domain | 4 | dtgruelle-drive.com |
|
| Details | Domain | 4 | cija-docs.com |
|
| Details | Domain | 5 | blueskynetwork-shared.com |
|
| Details | Domain | 4 | dns-mvd.ru |
|
| Details | Domain | 5 | mvd-redir.ru |
|
| Details | Domain | 4 | access-confirmation.com |
|
| Details | Domain | 4 | allow-access.com |
|
| Details | Domain | 4 | antibots-service.com |
|
| Details | Domain | 4 | botguard-checker.com |
|
| Details | Domain | 4 | botguard-web.com |
|
| Details | Domain | 4 | challenge-identifier.com |
|
| Details | Domain | 4 | checker-bot.com |
|
| Details | Domain | 4 | cloud-us.online |
|
| Details | Domain | 4 | dns-cache.online |
|
| Details | Domain | 4 | dns-cookie.com |
|
| Details | Domain | 4 | docs-web.online |
|
| Details | Domain | 4 | drive-control.com |
|
| Details | Domain | 4 | drive-previewer.com |
|
| Details | Domain | 4 | drive-us.online |
|
| Details | Domain | 4 | encompass-shared.com |
|
| Details | Domain | 4 | filter-bot.com |
|
| Details | Domain | 4 | goweb-protect.com |
|
| Details | Domain | 4 | guard-checker.com |
|
| Details | Domain | 4 | land-of-service.com |
|
| Details | Domain | 4 | live-identifier.com |
|
| Details | Domain | 4 | network-storage-ltd.com |
|
| Details | Domain | 4 | nonviolent-conflict-service.com |
|
| Details | Domain | 5 | proxycrioisolation.com |
|
| Details | Domain | 4 | redir-document.com |
|
| Details | Domain | 4 | response-filter.com |
|
| Details | Domain | 4 | response-redir.com |
|
| Details | Domain | 4 | share-drive-ua.com |
|
| Details | Domain | 4 | transfer-record.com |
|
| Details | IPv4 | 2 | 23.254.201.243 |
|
| Details | IPv4 | 3 | 45.66.248.9 |
|
| Details | IPv4 | 2 | 45.86.230.198 |
|
| Details | IPv4 | 2 | 45.153.229.79 |
|
| Details | IPv4 | 3 | 64.44.101.31 |
|
| Details | IPv4 | 3 | 77.91.126.16 |
|
| Details | IPv4 | 3 | 77.91.126.35 |
|
| Details | IPv4 | 3 | 77.91.126.46 |
|
| Details | IPv4 | 3 | 77.91.126.62 |
|
| Details | IPv4 | 3 | 77.91.126.64 |
|
| Details | IPv4 | 3 | 77.91.126.66 |
|
| Details | IPv4 | 3 | 77.91.126.69 |
|
| Details | IPv4 | 3 | 77.91.69.109 |
|
| Details | IPv4 | 3 | 85.239.53.210 |
|
| Details | IPv4 | 3 | 85.239.60.18 |
|
| Details | IPv4 | 3 | 85.239.61.49 |
|
| Details | IPv4 | 3 | 85.239.61.86 |
|
| Details | IPv4 | 3 | 138.124.187.143 |
|
| Details | IPv4 | 3 | 138.124.187.222 |
|
| Details | IPv4 | 3 | 142.11.209.171 |
|
| Details | IPv4 | 3 | 142.11.209.180 |
|
| Details | IPv4 | 3 | 142.11.210.53 |
|
| Details | IPv4 | 3 | 146.19.230.182 |
|
| Details | IPv4 | 3 | 146.59.102.76 |
|
| Details | IPv4 | 4 | 185.164.172.128 |
|
| Details | IPv4 | 3 | 185.164.172.220 |
|
| Details | IPv4 | 3 | 185.179.188.73 |
|
| Details | IPv4 | 3 | 185.179.189.32 |
|
| Details | IPv4 | 3 | 185.179.189.43 |
|
| Details | IPv4 | 3 | 185.179.189.45 |
|
| Details | IPv4 | 3 | 192.119.65.114 |
|
| Details | IPv4 | 3 | 192.119.97.190 |
|
| Details | IPv4 | 3 | 192.119.112.249 |
|
| Details | IPv4 | 3 | 192.129.154.225 |
|
| Details | IPv4 | 3 | 192.236.195.114 |
|
| Details | IPv4 | 3 | 192.236.193.194 |
|
| Details | IPv4 | 3 | 193.200.17.102 |
|
| Details | IPv4 | 3 | 195.246.110.45 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1598 |
|
| Details | MITRE ATT&CK Techniques | 46 | T1608 |
|
| Details | Threat Actor Identifier by Recorded Future | 24 | TAG-53 |