SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought
Tags
country: Bangladesh Belgium Brazil Bulgaria Netherlands Germany France Greece India Italy Sweden Mozambique Russia Vietnam Ukraine United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID b356b5b6-9091-45df-8d47-b27af9abf909
Fingerprint a442981b09bf8788
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 10, 2021, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought
Title SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought
Detected Hints/Tags/Attributes 118/3/41
Source URLs
Redirection Url
Details Source https://securityscorecard.com/blog/securityscorecard-finds-usaid-hack-much-larger-than-initially-thought
URL Provider
Details Provider Source level domain
Details securityscorecard.com securityscorecard.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
usaid.gov
Details Domain 5 
usaid.theyardservice.com
Details Domain 4 
enpport.com
Details File 5 
ica-declass.iso
Details File 4 
invitation.iso
Details File 5 
slip.iso
Details File 9 
%windir%\\syswow64\\dllhost.exe
Details File 9 
%windir%\\sysnative\\dllhost.exe
Details File 3 
document.dll
Details File 5 
tn.jsp
Details File 4 
document.iso
Details File 218 
min.js
Details File 3 
invitation.html
Details File 1 
reply_slip.iso
Details File 4 
nv.pdf
Details File 1260 
explorer.exe
Details File 10 
boom.exe
Details File 5 
nativecachesvc.dll
Details File 6 
nv.html
Details File 1 
img_lk.png
Details sha256 6 
2523f94bd4fba4af76f4411fe61084a7e7d80dec163c9ccba9226c80b8b31252
Details sha256 7 
94786066a64c0eb260a28a2959fcd31d63d175ade8b05ae682d3f6f9b2a5a916
Details sha256 2 
324c9201b71c9e62dc7120a0e010617039ea6a25df0d1fee9eaa1fbd3e87bff1
Details sha256 2 
54923793beb5d51261effaf636e3b95c64f38daeca8594fb72ad278844ce2eac
Details sha256 2 
b36823cea4ef39b9a30efb57d6db1c1dc15f2e65d16af217b554506cb7ee7bbe
Details sha256 5 
d035d394a82ae1e44b25e273f99eae8e2369da828d6b6fdb95076fd3eb5de142
Details sha256 5 
6e2069758228e8d69f8c0a82a88ca7433a0a71076c9b1cb0d4646ba8236edf23
Details sha256 3 
f006af714379fdd63923536d908f916f4c55480f3d07adadd53d5807e0c285ee
Details sha256 4 
749bf48a22ca161d86b6e36e71a6817b478a99d935cd721e8bf3dba716224c84
Details sha256 2 
89016b87e97a07b4e0263a18827defdeaa3e150b1523534bbdebe7305beabb64
Details IPv4 6 
83.171.237.173
Details IPv4 7 
139.99.167.177
Details IPv4 2 
54.38.137.218
Details Pdb 3 
c:\users\dev\desktop\나타나게 하다\dll6\x64\release\dll6.pdb
Details Pdb 2 
c:\users\dev10vs\desktop\prog\obj\boom\boom\boom\obj\release\boom.pdb
Details Threat Actor Identifier - APT 665 
APT29
Details Url 3 
https://usaid.theyardservice.com/d
Details Url 2 
https://r20.rs6.net/tn.jsp?f=001r6x5duwxla513it3wolvtyzj3ojypr9nwpwzkb3x68sgrfzuvnur4mdenuxj_c4poo1hx_rff79p1nsaze
Details Url 1 
https://139.99.167.177/jquery-3.3.1.min.js
Details Url 1 
https://humanitarian-forum.web
Details Url 1 
http://54.38.137.218/img_lk.png