ioc[.]one - OSINT Cyber Threat Intelligence Database

Tracking Threat Actors Using Images and Artifacts

Tags

country:	Chile China Colombia Hungary Pakistan Spain Laos Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Sharepoint - T1213.002 Social Media - T1593.001

Show in Graph

Common Information

Type	Value
UUID	ac9d26cd-37ed-451a-86e9-3b9e835f7396
Fingerprint	fc148b3b877f8fc5
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 29, 2024, midnight
Added to db	Aug. 31, 2024, 1:01 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Hunting early
Title	Tracking Threat Actors Using Images and Artifacts
Detected Hints/Tags/Attributes	75/3/28

Source URLs

	Redirection	Url
Details	Source	https://blog.virustotal.com/2024/05/tracking-threat-actors-using-images-and.html

URL Provider

Details	Provider	Source level domain
Details	virustotal.com	blog.virustotal.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	72	✔	VirusTotal Blog	https://blog.virustotal.com/feeds/posts/default	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	6	UAC-0099
Details	Domain	7	windows.com
Details	Domain	55	live.com
Details	File	21	styles.xml
Details	File	1	style.xml
Details	sha256	1	3d8578fd41d766740a1f1ddef972a081436a2d70ab1e9552a861e58d8bbf5321
Details	sha256	1	4ea40d34cfcaf69aa35b405c575c7b87e35c72246f04d2d0c5f381bc50fc8b3d
Details	sha256	1	4f7fa7433484b4e655d185719613e2f98d017590146d15eedc1aa1d967636b3a
Details	sha256	1	529739886f6402a9cd5a8064ece73eef19c597ef35c0bc8d09390e8b4de9041b
Details	sha256	1	688dca40507fb96630f3df80442266a0354e7c24b7df86be3ea57069b25d12c6
Details	sha256	1	6f1ac5f0ebfb7e97d3dc4100e88eaab10016a5cac75e1251781f2ea12477af51
Details	sha256	1	7796c382cd4c7c4ae3bcf2eed4091fbb20a2563ca88f2aecadb950ad9cf661f8
Details	sha256	1	b4fa7f3faa0510e4d969219bceec2a90e8a48ff28e060db3cdd37ce935c3779c
Details	sha256	1	dfa90f373b8fd8147ee3e4bfe1ee059e536cc1b068f7ec140c3fc0e6554f331a
Details	sha256	1	fe98b3bcf96f9c396eb9193f0f9484ef01d3017257300cc76098854b1f103b69
Details	sha256	1	ff5a5ba3730a8d2ec0cbad39e5edf4ad502107bd0ef8a5347f29262b3dfe8a43
Details	sha256	1	13ed55637980452662cb6838a2931a5e54fbed5881bcbae368b3d189d3a01930
Details	sha256	1	2de1fc9c48c4b0190361c49cdb053fd39cf81e32f12c82d08f88aec34358257f
Details	sha256	1	59df7787c7cf5408481ae149660858d3af765a0c2cd63d6309b151380f92adb2
Details	sha256	1	8f590f608f0719404a1731bb70a6ce2db420fd61e5a387d5b3091d47c7e21ac9
Details	sha256	1	de392cd4bf1d650a9cf8c6d24e05e0605bf4eaf1518710f0307d8aceb9e5496c
Details	sha256	1	e16f84c5fd1df6af1a1f2049f7862f4ea460765863476afb17e78edee772d35b
Details	Threat Actor Identifier - APT	783	APT28
Details	Threat Actor Identifier - APT	181	APT33
Details	Threat Actor Identifier - APT	132	APT32
Details	Threat Actor Identifier - APT	665	APT29
Details	Threat Actor Identifier - APT	277	APT37
Details	Threat Actor Identifier - FIN	377	FIN7