ioc[.]one - OSINT Cyber Threat Intelligence Database

Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government

Tags

country:	China North Korea Mongolia Uzbekistan Russia United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Email Accounts - T1585.002 Email Accounts - T1586.002 Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Rundll32 - T1218.011 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Whois - T1596.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	aec29244-e3de-494a-acd8-058eb98a0ea0
Fingerprint	66b80cd30bad9e73
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 14, 2016, 11 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government
Title	Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government
Detected Hints/Tags/Attributes	96/3/76

Source URLs

	Redirection	Url
Details	Source	http://researchcenter.paloaltonetworks.com/2016/03/digital-quartermaster-scenario-demonstrated-in-attacks-against-the-mongolian-government/
Details	Source	https://researchcenter.paloaltonetworks.com/2016/03/digital-quartermaster-scenario-demonstrated-in-attacks-against-the-mongolian-government/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	176	cve-2012-0158
Details	CVE	51	cve-2014-1761
Details	Domain	1	energy.gov.mn
Details	Domain	1	bpo.gov.mn
Details	Domain	1	masm.gov.mn
Details	Domain	287	yahoo.com
Details	Domain	1	mod.gov.mn
Details	Domain	1	www.politik.mn
Details	Domain	1	thbaw.ofhloe.com
Details	Domain	1	dolimy.celeinkec.com
Details	Domain	2	question.eboregi.com
Details	Domain	1	pplime.savecarrots.com
Details	Domain	1	cocolco.com
Details	Domain	1	ofhloe.com
Details	Domain	1	housejjk.com
Details	Domain	1	question.erobegi.com
Details	Domain	3	excite.co.jp
Details	Domain	1	celeinkec.com
Details	Domain	2	pagbine.ofhloe.com
Details	Domain	2	jowwln.cocolco.com
Details	Domain	2	cdaklle.housejjk.com
Details	Email	1	altangadas@energy.gov.mn
Details	Email	1	ganbat_g@bpo.gov.mn
Details	Email	1	bilguun@masm.gov.mn
Details	Email	1	davaa_ayush@yahoo.com
Details	Email	1	davaa_ayush@mod.gov.mn
Details	Email	1	helenehelen@excite.co.jp
Details	File	1	төр.doc
Details	File	1	жагсаал.doc
Details	File	2	урилга.doc
Details	File	29	1.doc
Details	File	1	зөвлөжээ.doc
Details	File	1	zagvar.doc
Details	File	1	хасах.doc
Details	File	1	30%.doc
Details	File	1	нээгдлээ.doc
Details	File	1	site.doc
Details	File	1	сонордуулга.doc
Details	File	1	'сонордуулга.doc
Details	File	1	үг.doc
Details	File	1	авна.doc
Details	File	1	ойртсоор.doc
Details	File	1	илэрчээ.doc
Details	File	1	%temp%\xpsfiltsvcs.tmp
Details	File	1	'offcln.log
Details	File	1	offcln.log
Details	File	1	%appdata%\comctl32.dll
Details	File	5	update.tmp
Details	File	1018	rundll32.exe
Details	sha256	1	5beb50d95c1e720143ca0004f5172cb8881d75f6c9f434ceaff59f34fa1fe378
Details	sha256	1	10090692ff40758a08bd66f806e0f2c831b4b9742bbf3d19c250e778de638f57
Details	sha256	1	44dbf05bc81d17542a656525772e0f0973b603704f213278036d8ffc999bb79a
Details	sha256	1	91ffe6fab7b33ff47b184b59356408951176c670cad3afcde79aa8464374acd3
Details	sha256	1	6f3d4fb64de9ae61776fd19a8eba3d1d828e7e26bb89ace00c7843a57c5f6e8a
Details	sha256	1	e88ea5eb642eaf832f8399d0337ba9eb1563862ddee68c26a74409a7384b9bb9
Details	sha256	1	68f97bf3d03b1733944c25ff4933e4e03d973ccdd73d9528f4d68806b826735e
Details	sha256	1	00ddae5bbc2ddf29954749519ecfb3978a68db6237ebea8e646a898c353053ce
Details	sha256	1	c2ebaf4366835e16f34cc7f0b56f8eaf80a9818375c98672bc678bb4107b4d8c
Details	sha256	1	aa86f4587423c2ff677aebae604614030f9f4d38280409501662ab4e4fe20c2a
Details	sha256	1	fc21814a5f9ed2f6bef9e15b113d00f9291a6553c1e02cc0b4c185c6030eca45
Details	sha256	1	7e031a04e570cddda907d0b4b7af19ce60dc481394dfb3813796ce0e6d079305
Details	sha256	1	5c7e3cde4d286909154e9a5ee5a5d061a1f0efaa9875fb50c9073e1e8b6cfaef
Details	sha256	1	0b0e6b40a63710b4f7e6d00d7a4a86e6db2df720fef48640ab6d9d88352a4890
Details	sha256	2	567a5b54d6c153cdd2ddd2b084f1f66fc87587dd691cd2ba8e30d689328a673f
Details	sha256	1	cd3b8e4f3a6379dc36fedf96041e292b4195d03f27221167bce7302678fb2540
Details	sha256	1	c3253409cccee20caa7b77312eb89bdbe8920cdb44f3fabfe5e2eeb78023c1b8
Details	sha256	1	3e2c0d60c7677d3ead690b1b6d4d7c5aaa2d218679634ac305ef3d75b5688e6a
Details	sha256	1	3a7348d546d85a179f9d52ff83b20004136ee584993c23a8bfe5c168c00fbaa9
Details	sha256	1	19ba40a7fa332b750c7d93385dd51bd08ee63f91cedb4ae5a93f9f33ecb38c44
Details	sha256	1	4e1d59042336c3758e77c5c521f60ae262aad01bf7265581de54e869a02b65bc
Details	Url	1	http://thbaw.ofhloe.com/cgl-bin/conime.cgi
Details	Url	1	http://dolimy.celeinkec.com/cgl-bin/upl.cgi
Details	Url	1	http://question.eboregi.com
Details	Url	1	http://pplime.savecarrots.com/cgl-bin/upsd.cgi
Details	Url	1	http://dolimy.celeinkec.com/bin/r0206/update.tmp
Details	Windows Registry Key	1	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comctl32