ioc[.]one - OSINT Cyber Threat Intelligence Database

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits

Tags

country:	Mongolia Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	b150837d-6c13-49bf-b300-7a3bc7206110
Fingerprint	bab0ac93e10f65a9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 29, 2024, midnight
Added to db	Aug. 31, 2024, 12:09 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Title	State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Detected Hints/Tags/Attributes	54/3/35

Source URLs

	Redirection	Url
Details	Source	https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
Details	Source	https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	blog.google	blog.google

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	35	✔	Threat Analysis Group (TAG)	https://blog.google/threat-analysis-group/rss/	2024-08-30 22:08
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	38	cve-2023-41993
Details	CVE	27	cve-2024-5274
Details	CVE	21	cve-2024-4671
Details	CVE	14	cve-2021-1879
Details	CVE	13	cve-2021-37973
Details	Domain	10	cabinet.gov.mn
Details	Domain	11	mfa.gov.mn
Details	Domain	4	track-adv.com
Details	Domain	3	ceo-adviser.com
Details	Domain	4	webmail.mfa.gov.mn
Details	Domain	58	accounts.google.com
Details	Domain	61	login.microsoftonline.com
Details	Domain	49	mail.google.com
Details	Domain	675	www.linkedin.com
Details	Domain	80	linkedin.com
Details	Domain	6	www.office.com
Details	Domain	36	login.live.com
Details	Domain	15	outlook.live.com
Details	Domain	15	login.yahoo.com
Details	Domain	9	mail.yahoo.com
Details	Domain	330	facebook.com
Details	Domain	4127	github.com
Details	Domain	51	icloud.com
Details	Domain	10	com.android.chrome
Details	File	2	market-analytics.php
Details	File	2	fb-connect.php
Details	File	4	analytics.php
Details	sha256	3	8bd9a73da704b4d7314164bff71ca76c15742dcc343304def49b1e4543478d1a
Details	sha256	3	d19dcbb7ab91f908d70739968b14b26d7f6301069332609c78aafc0053b6a7e1
Details	sha256	3	21682218bde550b2f06ee2bb4f6a39cff29672ebe27acbb3cee5db79bf6d7297
Details	sha256	3	df21c2615bc66c369690cf35aa5a681aed1692a5255d872427a2970e2894b2e3
Details	Threat Actor Identifier - APT	665	APT29
Details	Url	2	https://track-adv.com/market-analytics.php?pc=1
Details	Url	2	https://ceo-adviser.com/fb-connect.php?online=1
Details	Url	2	https://track-adv.com/analytics.php?personalization_id=