RST TI Report Digest: 02 Dec 2024
Tags
cmtmf-attack-pattern: Masquerading
country: Kazakhstan Mexico Peru South Africa Uzbekistan Russia Ukraine United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Artificial Intelligence - T1588.007 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Masquerading - T1036 Powershell - T1086 Remote Access Tools - T1219 Masquerading
Show in Graph
Common Information
Type Value
UUID b8da5bd0-01e5-45fb-a554-3d3df4fab285
Fingerprint f55c8d519f148798
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 2, 2024, 3:37 a.m.
Added to db Dec. 2, 2024, 4:54 a.m.
Last updated Dec. 18, 2024, 3:10 p.m.
Headline RST TI Report Digest: 02 Dec 2024
Title RST TI Report Digest: 02 Dec 2024
Detected Hints/Tags/Attributes 137/4/272
Source URLs
Redirection Url
Details Source https://medium.com/@rst_cloud/rst-ti-report-digest-02-dec-2024-7f62f666150d?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 20 
UAC-0063
Details CVE 31 
cve-2024-38213
Details CVE 88 
cve-2024-9680
Details CVE 130 
cve-2023-36884
Details CVE 80 
cve-2024-49039
Details Domain 614 
www.trendmicro.com
Details Domain 3 
api.solveblemten.com
Details Domain 3 
esh.hoovernamosong.com
Details Domain 3 
vpn114240349.softether.net
Details Domain 4 
palloaltonetworks.com
Details Domain 3 
pulseathermakf.com
Details Domain 3 
cloudlibraries.global.ssl.fastly.net
Details Domain 3 
www.infraredsen.com
Details Domain 3 
imap.dateupdata.com
Details Domain 2 
materialplies.com
Details Domain 2 
news.colourtinctem.com
Details Domain 2 
billing.clothworls.com
Details Domain 2 
helpdesk.stnekpro.com
Details Domain 2 
jasmine.lhousewares.com
Details Domain 2 
private.royalnas.com
Details Domain 2 
telcom.grishamarkovgf8936.workers.dev
Details Domain 2 
vpn305783366.softether.net
Details Domain 2 
vpn487875652.softether.net
Details Domain 2 
vpn943823465.softether.net
Details Domain 2 
lib3.cab
Details Domain 4 
fieldeffect.com
Details Domain 2 
newxrm5.duckdns.org
Details Domain 2 
sdanarchynd.duckdns.org
Details Domain 2 
newhvmo.duckdns.org
Details Domain 2 
momentnb3901.duckdns.org
Details Domain 2 
jkvernm.duckdns.org
Details Domain 2 
hnxwrm3.duckdns.org
Details Domain 2 
ghanarchydn.duckdns.org
Details Domain 2 
soasync.duckdns.org
Details Domain 2 
partinvshipppjbb.click
Details Domain 5 
redircorrectiv.com
Details Domain 5 
devolredir.com
Details Domain 5 
redirconnectwise.cloud
Details Domain 6 
redjournal.cloud
Details Domain 6 
journalctd.live
Details Domain 6 
correctiv.sbs
Details Domain 6 
cwise.store
Details Domain 5 
1drv.us.com
Details Domain 6 
economistjournal.cloud
Details Domain 51 
go.recordedfuture.com
Details Domain 1 
trust-certificate.net
Details Domain 1 
experience-improvement.com
Details Domain 1 
telemetry-network.com
Details Domain 1 
shared-rss.info
Details Domain 1 
game-wins.com
Details Domain 1 
internalsecurity.us
Details Domain 1 
errorreporting.net
Details Domain 1 
lanmangraphics.com
Details Domain 1 
retaildemo.info
Details Domain 1 
tieringservice.com
Details Domain 1 
enrollmentdm.com
Details Domain 100 
socradar.io
Details Domain 57 
cyble.com
Details Domain 3 
docusign-staples.com
Details Domain 3 
betterbusinessbureau-sharefile.com
Details Domain 1 
su.mykreditandfear.com
Details Domain 1 
hx.nihxdzzs.com
Details Domain 1 
prep.preprestamoshol.com
Details Domain 1 
tlon.pegetloanability.com
Details Domain 4 
darkslategray-baboon-853641.hostingersite.com
Details Domain 20 
www.varonis.com
Details Domain 4 
login.siffinance.com
Details Domain 4 
siffinance.com
Details Domain 4 
www.siffinance.com
Details Domain 4 
ywnjb.siffinance.com
Details Domain 4 
atoantibot.onrender.com
Details Domain 4 
file365-cloud.s3.eu-west-2.amazonaws.com
Details Domain 1130 
any.run
Details Domain 3 
ronymahmoud.casacam.net
Details File 1 
earth-estries.html
Details File 1 
cta-ru-2024-1121.pdf
Details File 234 
certutil.exe
Details md5 1 
d0c3b49e788600ff3967f784eb5de973
Details sha1 4 
a4aad0e2ac1ee0c8dd25968fa4631805689757b6
Details sha1 4 
ca6f8966a3b2640f49b19434ba8c21832e77a031
Details sha1 4 
21918cfd17b378eb4152910f1246d2446f9b5b11
Details sha1 4 
703a25f053e356eb6ece4d16a048344c55dc89fd
Details sha1 5 
abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6
Details sha1 4 
a9d445b77f6f4e90c29e385264d4b1b95947add5
Details sha1 3 
0ce59e479ec6eacd3a44ed3de2dc572676e5b2dd
Details sha1 3 
16bf55122bbb6073cc1d77ce23e2a8e6052f9ec1
Details sha1 3 
3bf6a90017bf22083ab735ecf3f8589a3f220e53
Details sha1 3 
5d8bed459f55a37e2fcb801d04de337a01c5d623
Details sha1 3 
813c510fb2463ecc6dff7795ef96744ca82544b3
Details sha1 3 
b958fb7241cc9675b8dd967b02df6a6ad92de52d
Details sha1 3 
c70d2350cbac3d0abeb896adcce2fcf243943633
Details sha1 3 
eae366ee4a7c19a87bc5ab9360f4333907a6a387
Details sha1 3 
f5d0c94b2be91342dc01ecf2f89e7e6f21a74b90
Details sha1 3 
5499da31260a4aa75eea46c1d4aa6559074749a8
Details sha1 3 
197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
Details sha1 3 
1f325950a7a8e1a2050e954f33d2c3774510bd6e
Details sha1 3 
59e293623e4fb828a29fb982d5ac9a4f993abc3b
Details sha1 3 
d35da3f4e36eebf36a130bc7e0182fc4c35cf551
Details sha1 3 
11288fb54c6f2ed4d8cddfb004c754e5e9c35ad5
Details sha1 3 
4c24fdf504af452fb7245db33bfc1dc4f72c04a8
Details sha1 3 
7ba4eb7842730bbc82fc129a3f3d4a239ac436c2
Details sha1 3 
84dacf9da57d9d69c2ca711831895bf185834b8c
Details sha1 3 
904f46ef4c66ccf844bf31d37c11298fb7f65157
Details sha1 3 
93334882ff3c03c42b1179d9db0c165c99145369
Details sha1 3 
a4b7ef2ca1d5fda318505cac6757b5313b47eeac
Details sha1 3 
b6a9c5692b76f2defc1c170bdce0e41d91d706db
Details sha1 3 
be581fc1f430dd6855effd9e54429c5c5fcb9f8c
Details sha1 3 
cd8f934fa7ba7817bb62f0e4b968b3f124355b60
Details sha1 3 
481830db2daf40607748bd9624e970781e7f4408
Details sha1 3 
e1d8993ef4bbc8d2aa331262e5422d91865acc4f
Details sha1 3 
3ce26f45f5da58ab75b4d1cecc78c3bbe275f708
Details sha1 3 
4581b30e6f5946a570963cd76dc79beaa8bcf1c3
Details sha1 3 
91abb7fadf847f3810bbe0734e3c31d5dc7bce6d
Details sha1 3 
b5d8e690a75f07e7d3e18fcc5b86bfe2362a3300
Details sha256 2 
2b5e7b17fc6e684ff026df3241af4a651fc2b55ca62f8f1f7e34ac8303db9a31
Details sha256 2 
44ea2e85ea6cffba66f5928768c1ee401f3a6d6cd2a04e0d681d695f93cc5a1f
Details sha256 4 
25b9fdef3061c7dfea744830774ca0e289dba7c14be85f0d4695d382763b409b
Details sha256 1 
b63c82fc37f0e9c586d07b96d70ff802d4b707ffb2d59146cf7d7bb922c52e7e
Details sha256 2 
fc3be6917fd37a083646ed4b97ebd2d45734a1e154e69c9c33ab00b0589a09e5
Details sha256 2 
fba149eb5ef063bc6a2b15bd67132ea798919ed36c5acda46ee9b1118b823098
Details sha256 2 
2fd4a49338d79f4caee4a60024bcd5ecb5008f1d5219263655ef49c54d9acdec
Details sha256 2 
16c8afd3b35c76a476851f4994be180f0cd72c7b250e493d3eb8c58619587266
Details sha256 2 
9ba31dc1e701ce8039a9a272ef3d55aa6df66984a322e0d309614a5655e7a85c
Details sha256 4 
6d64643c044fe534dbb2c1158409138fcded757e550c6f79eada15e69a7865bc
Details sha256 2 
b2b617e62353a672626c13cc7ad81b27f23f91282aad7a3a0db471d84852a9ac
Details sha256 2 
05840de7fa648c41c60844c4e5d53dbb3bc2a5250dcb158a95b77bc0f68fa870
Details sha256 2 
1a38303fb392ccc5a88d236b4f97ed404a89c1617f34b96ed826e7bb7257e296
Details sha256 2 
65709e96fce3ec279ee1350e0cf28d1ea420fc50163b7936d505ba9ac7600a9d
Details sha256 2 
002dac453fe5045d78a58b59e02c8272a2ece1a03c1f4aaeac3f9fba62260ddc
Details sha256 2 
d1507c309b4cba14cdb1ae65fc8f0fcb88a003208a3c141e6025cff6229aefbf
Details sha256 2 
f6ceb1059c0e299135f04990333f11d63b6c9a85c717307accdd23a04bebb0b6
Details sha256 2 
70b7fb00510a73ea4760ca53484d290bcba33b9503baee509874a5419e7d7638
Details sha256 2 
8fdad5333e382170c136cbe818d4f36980bfc02cb4a3ab484016df7c6c4c8aa4
Details sha256 2 
96d41eef94431f80eb20dd4d38b88ea9c5608b84ecc03c643de2c1ae64e0182b
Details sha256 2 
d9ac80b19b5724074c255b5a53634267e2b0d19c37d489449cf37e85bc131ecb
Details sha256 2 
a43c024e93ea0f63ecc5a719b5823ddd4b3bd0a2dd135940f1d9c599e2b90e7a
Details sha256 2 
99e366ae607f3fb3ea65474af20c2e23d4b3018bc5ef132dc636662e5166feee
Details sha256 2 
f0ce0161599ac739251c2b94b30594b3b98741983ab2616fce572d9f0982ed52
Details sha256 2 
f5d1b3bc84c739601127e1c3f280ad747a295294630c0f942608686712cb8cd3
Details sha256 2 
2d891106a415b0a97faa47af22074b617ebef123381fdfd782e3fdcddda193dc
Details sha256 2 
308786f86dd4f2d1e79325ca3dd71984e2e12db3c01df52deb76ea5546972745
Details sha256 2 
fe8a2c66e0f199022b6b4cdcff96971cc66d2dd978263fd104d75b6344436471
Details sha256 2 
7023f20f5264c9d83b17d995a07f0cc255fa0861c5bf83101034a430c8ff85d6
Details sha256 2 
8ed0e51fac43d041360f5a7b8b59285f6c98a1f3954401d4c4b8f5a95eface0f
Details sha256 2 
f136acbb905459aa3292dd65c86361cb863c94d710ade951ac2208a88c36ec6a
Details sha256 2 
75cf8d1c43fad756cb9c6da084a71ee50bd3d4a46e870df14cdd2135d86681a5
Details sha256 2 
7bb3936b975266dfac275080576000fc368ca7388dd1931f891cc80565c82daa
Details sha256 2 
c1969a287c8425d306dab962572667b26ad2135376d3dc24fdf6dba52d6ee62b
Details sha256 2 
0a0e5e5c246ece090f6ece4bd34601cebf68d36ab280a1df819ad84687b84fc3
Details sha256 2 
c20a2d5c4bd09c1858ac88c8900609c9306e59e412d1d3b37be5c5971d9561f4
Details sha256 2 
382dbe6d39c39fd38e1ee247592deaab1d55a4525f062cb9372de08cb842330e
Details sha256 2 
7184b9380355584e2c2279cd3bf50ba651b26848f390e723dc33f80ef865f9d2
Details sha256 2 
8877e607552950a006062ee083437e733de5f502c0979b8de20962327d426395
Details sha256 2 
5645e16631e12be7eb36aeba6fe76cdff82b8be163a44a442188d90fb44cec34
Details sha256 2 
44051748c5278fa392206b9bb1f612b864f1e59d278b19ddb8e6db0160d81b9d
Details sha256 2 
9ea03e9d12665dc3c905596961e6806eda4faca1f527f869fe4918c3f4ab8977
Details sha256 2 
ad06a456e8383f8f7ab41572aefa4250749364d48de429445b40de09728c3523
Details sha256 2 
ac774294588a03aad61499229221eff805c8dc2bbbfd7eb766acda7522d0dba6
Details sha256 2 
ca61ba38fa43d88cc01a430d1509d58e315d029a3e85d95c569a201818d83909
Details sha256 2 
33f7b6071bfcbd935a2b2b7cd25fa452ec513e0ea85b100138e3080eca48c9fe
Details sha256 2 
cd848b86defa1f282fa99be1ce19a9342cf1619815caa88aa617656061af8c29
Details sha256 2 
49bef5b4b64221297f90380092f6eba6014d81f6f517e82e42f4906087b20d19
Details sha256 2 
bb2f8dff11bd99bcfbc0544d29a5e690701fc242c8188e68192371768bec6f7d
Details sha256 2 
54f51d85fd754d3fa0bd46b548582843aac04abe0fbc9e693b309cf48267045d
Details sha256 2 
87f796c64019595590d7767478f320bd05eb98e3b7cc9063413a353400c637e3
Details sha256 2 
a58c1ba197c1ad3f97902900d3f125b5c5c7b35e0d5edcafc17c7b2f16773c18
Details sha256 2 
b8f03e60b0b79494fefa04862c3ceae0276103dbad7d9aa25ef50c2fd7012336
Details sha256 2 
e36eb2bd4984b602f3f8c1c9303560c91f6adb35e8781c165bf8b5a3402e9ff9
Details sha256 2 
b283e721ef829991f5b794be6b033619a731436ec21f9ac0f0a681d3ab40a6a6
Details sha256 2 
00d92dc62ad67a1f7299147dc407e0d0a74dbec59c87b3a768f0df69d2aa5fd9
Details sha256 2 
e1a225fd284ebe4090893b19cb4b4287b0e0d7547211562273b7877a42347e5d
Details sha256 2 
8c0177a227ce368c16ac479886ac4ef5e5613a5eb9de6d62cf8e9e63d1369bea
Details sha256 2 
c3e7f5bf4b92bbeaa7973eb0665edbfffc428a8c90c0a9fe1f4d7cc7ead3bf97
Details sha256 2 
009c8c527a61077b528c3a0ce021aae6b83addd4f21225539d17d56372c2a031
Details sha256 2 
d2419eb4442ece088febfa99ed8e19068feb2db742fd84c506ced24f60374dfb
Details sha256 2 
1277b7f12af65d3590f7e06672413698255214dfab3bdf7668d5846577c00368
Details sha256 1 
332d9db35daa83c5ad226b9bf50e992713bc6a69c9ecd52a1223b81e992bc725
Details sha256 3 
fdc240fb8f4a17e6a2b0d26635d8ab613db89135a5d95834c5a888423d2b1c82
Details sha256 3 
dd20336df4d95a3da83bcf7ef7dd5d5c89157a41b6db786c1401bf8e8009c8f2
Details sha256 3 
13560a1661d2efa15e58e358f2cdefbacf2537cad493b7d090b5c284e9e58f78
Details sha256 3 
aea3ffc86ca8e1f9c4f9f45cf337165c7d0593d4643ed9e489efdf4941a8c495
Details sha256 3 
11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18
Details sha256 3 
468d7a8c161cb7408037797ea682f4be157be922c5f10a812c6c5932b4553c85
Details sha256 2 
f71dc766744573efb37f04851229eb47fc89aa7ae9124c77b94f1aa1ccc53b6c
Details sha256 2 
22f4650621fea7a4deab4742626139d2e6840a9956285691b2942b69fef0ab22
Details sha256 2 
b5209ae7fe60abd6d86477d1f661bfba306d9b9cbd26cfef8c50b81bc8c27451
Details sha256 2 
9d51a5c0f9abea8e9777e9d8615bcab2f9794b60bf233e3087615638ceaa140e
Details sha256 2 
852a1ae6193899f495d047904f4bdb56cc48836db4d57056b02352ae0a63be12
Details sha256 2 
43977fce320b39a02dc4e323243ea1b3bc532627b5bc8e15906aaff5e94815ee
Details sha256 2 
dfbf0bf821fa586d4e58035ed8768d2b0f1226a3b544e5f9190746b6108de625
Details sha256 2 
b67e970d9df925439a6687d5cd6c80b9e5bdaa5204de14a831021e679f6fbdf1
Details sha256 2 
e303fdfc7fd02572e387b8b992be2fed57194c7af5c977dfb53167a1b6e2f01b
Details sha256 2 
e59fd9d96b3a446a2755e1dfc5a82ef07a3965866a7a1cb2cc1a2ffb288d110c
Details sha256 2 
453e23e68a9467f861d03cbace1f3d19909340dac8fabf4f70bc377f0155834e
Details sha256 2 
ef91f497e841861f1b52847370e2b77780f1ee78b9dab88c6d78359e13fb19dc
Details sha256 2 
45697ddfa2b9f7ccfbd40e971636f9ef6eeb5d964e6802476e8b3561596aa6c2
Details sha256 2 
79fd1dccfa16c5f3a41fbdb0a08bb0180a2e9e5a2ae95ef588b3c39ee063ce48
Details sha256 2 
27743ab447cb3731d816afb7a4cecc73023efc4cd4a65b6faf3aadfd59f1768e
Details sha256 3 
ac05a1ec83c7c36f77dec929781dd2dae7151e9ce00f0535f67fcdb92c4f81d9
Details sha256 3 
9018a2f6018b6948fc134490c3fb93c945f10d89652db7d8491a98790d001c1e
Details sha256 3 
d50cfca93637af25dc6720ebf40d54eec874004776b6bc385d544561748c2ffc
Details sha256 3 
ef894d940115b4382997954bf79c1c8272b24ee479efc93d1b0b649133a457cb
Details IPv4 4 
23.81.41.166
Details IPv4 3 
165.154.227.192
Details IPv4 2 
103.91.64.214
Details IPv4 3 
158.247.222.165
Details IPv4 2 
103.159.133.251
Details IPv4 2 
141.255.164.98
Details IPv4 2 
27.102.113.240
Details IPv4 2 
172.93.165.14
Details IPv4 2 
91.245.253.27
Details IPv4 2 
103.75.190.73
Details IPv4 2 
45.125.67.144
Details IPv4 2 
43.226.126.164
Details IPv4 2 
172.93.165.10
Details IPv4 2 
193.239.86.168
Details IPv4 2 
146.70.79.18
Details IPv4 2 
146.70.79.105
Details IPv4 2 
205.189.160.3
Details IPv4 2 
96.9.211.27
Details IPv4 2 
43.226.126.165
Details IPv4 2 
139.59.108.43
Details IPv4 2 
185.105.1.243
Details IPv4 2 
143.198.92.175
Details IPv4 2 
139.99.114.108
Details IPv4 2 
139.59.236.31
Details IPv4 2 
104.194.153.65
Details IPv4 4 
103.159.133.205
Details IPv4 2 
12.187.175.72
Details IPv4 2 
12.202.180.114
Details IPv4 2 
163.172.59.233
Details IPv4 2 
154.216.16.111
Details IPv4 5 
176.124.206.88
Details IPv4 5 
194.87.189.171
Details IPv4 5 
178.236.246.241
Details IPv4 5 
62.60.238.81
Details IPv4 5 
147.45.78.102
Details IPv4 5 
46.226.163.67
Details IPv4 5 
62.60.237.116
Details IPv4 5 
62.60.237.38
Details IPv4 5 
194.87.189.19
Details IPv4 5 
45.138.74.238
Details IPv4 1 
5.45.70.178
Details IPv4 1 
45.136.198.189
Details IPv4 1 
45.136.198.18
Details IPv4 1 
45.136.198.184
Details IPv4 1 
194.31.55.131
Details IPv4 1 
212.224.86.69
Details IPv4 2 
185.62.56.47
Details IPv4 1 
84.32.188.23
Details IPv4 1 
185.167.63.42
Details IPv4 1 
46.183.219.228
Details IPv4 1 
185.158.248.198
Details IPv4 4 
138.199.52.3
Details Threat Actor Identifier - APT 837 
APT28
Details Threat Actor Identifier by Recorded Future 16 
TAG-110
Details Url 1 
https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
Details Url 2 
http://103.159.133.205/lib3.cab
Details Url 1 
https://fieldeffect.com/blog/what-happens-when-rats-go-undetected
Details Url 2 
http://partinvshipppjbb.click:7382
Details Url 2 
https://journalctd.live/jfwb4orqplh
Details Url 1 
https://go.recordedfuture.com/hubfs/reports/cta-ru-2024-1121.pdf
Details Url 2 
https://socradar.io/romcom-backdoor-attacks-mozilla-and-windows
Details Url 1 
https://cyble.com/blog/ursnif-trojan-hides-with-stealthy-tactics
Details Url 3 
https://docusign-staples.com/api/key
Details Url 3 
https://betterbusinessbureau-sharefile.com/api/key
Details Url 1 
https://su.mykreditandfear.com/her-gp/kgycinc/wjt
Details Url 1 
https://hx.nihxdzzs.com/dz-gp/cfmwzu/uyeo
Details Url 1 
https://prep.preprestamoshol.com/seg-gp/pdorj/tisqwfnkr
Details Url 1 
https://tlon.pegetloanability.com/anerf-gp/jwnmk/dgehtkzh
Details Url 1 
https://www.varonis.com/blog/advanced-phishing-tactics
Details Url 1 
https://any.run/cybersecurity-blog/psloramyra-malware-technical-analysis