Stellar Discovery of A New Cluster of Andromeda/Gamarue C2
Common Information
Type Value
UUID bae6721b-bca1-4d32-bdcc-fe4e81a9ad24
Fingerprint c40f09497c31a7d3
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 1, 2024, midnight
Added to db Dec. 3, 2024, 4:21 p.m.
Last updated Dec. 18, 2024, 2:15 p.m.
Headline Stellar Discovery of A New Cluster of Andromeda/Gamarue C2
Title Stellar Discovery of A New Cluster of Andromeda/Gamarue C2
Detected Hints/Tags/Attributes 115/3/65
RSS Feed
Attributes
Details Type #Events CTI Value
Details Domain 7
malware.com
Details Domain 3
suckmycocklameavindustry.in
Details Domain 4
anam0rph.su
Details Domain 1
msdwzny.com
Details Domain 1
msrbiva.com
Details Domain 4
deltaheavy.ru
Details File 1053
rundll32.exe
Details File 132
c:\windows\system32\rundll32.exe
Details File 198
desktop.ini
Details File 7
c:\windows\system32\davclnt.dll
Details File 1152
svchost.exe
Details File 16
trustedinstaller.exe
Details File 1
huzevusuqig.exe
Details File 1
zomofeqitiya.exe
Details File 1
googlechrome.exe
Details File 1
c:\googlechrome\googlechrome.exe
Details File 14
c:\windows\system32\netsh.exe
Details File 289
msiexec.exe
Details File 1
yrlzxqewyluakjqqbyw.exe
Details File 1
avrhhcsmqfqykluwjiije.exe
Details File 1
gegxworgwbz.exe
Details File 1
afllv.exe
Details File 1
xhsxmwbkdh.exe
Details File 1
spis_twist_1_0_1_4.exe
Details File 1
files_1.exe
Details File 1
spis_catting_1_0_1_8.bat
Details File 6
files.exe
Details File 1
spis_catting.exe
Details sha1 3
72bc039f1d37b610ba6c4b577dbe82feba37e813
Details sha1 3
cae4e8c730de5a01d30aabeb3e5cb2136090ed8d
Details sha1 3
274c2facba9d04e1f3cbf31528af0ac162da5db7
Details sha1 3
b0fb70192b26c18858893f09e9d75d2e52f3f475
Details sha1 3
2620d60d8283936d6671713477cdd9ae2e28eb1b
Details sha1 3
c20c26d9f4f9bff3cf4c29b5c1c30252d938eddb
Details sha1 3
e4fcf9c1ee2dcc115f5fc8f074fa56ffd484aac9
Details sha1 3
6dc84c457ea8f5ff29fbd1c6c968e3ffa53f7870
Details sha1 3
d36e846202330271d43c425fb4674e71720dfd47
Details sha1 3
8d3f65f067fe1fc090174dcac53eb9c0fb46edc6
Details sha1 3
4dec324ebeef3a9aef57cc71c6b1b5e530412a4e
Details sha1 3
3a96e920f70f252cba1f5e43ea386aec0d1fb704
Details sha1 3
f521451fd6083aa2a91c32091da1908eb8c86866
Details sha1 3
ef275035b54da5edff5b7f802135f2ff0c687fff
Details sha1 3
c2122c796f1afdf94f3aeaa539fdd2d30807c555
Details sha1 3
951206a961f3c679c8e32dbbcec66ed75ca9f117
Details sha1 3
76e3fd90eae759db964fc5af6d1a31e74bd6d9b4
Details sha1 3
4fc5f6704008898447313ccde4f8ede7de91078d
Details IPv4 2
34.29.71.138
Details IPv4 1
44.200.43.61
Details IPv4 2
104.198.2.251
Details IPv4 14
184.105.192.2
Details IPv4 1
35.204.181.10
Details Mandiant Uncategorized Groups 17
UNC4210
Details MITRE ATT&CK Techniques 56
T1091
Details MITRE ATT&CK Techniques 385
T1204.002
Details MITRE ATT&CK Techniques 60
T1055.001
Details MITRE ATT&CK Techniques 721
T1059
Details MITRE ATT&CK Techniques 32
T1547.009
Details MITRE ATT&CK Techniques 186
T1543.003
Details MITRE ATT&CK Techniques 128
T1129
Details MITRE ATT&CK Techniques 35
T1036.003
Details MITRE ATT&CK Techniques 165
T1027.002
Details MITRE ATT&CK Techniques 558
T1112
Details MITRE ATT&CK Techniques 59
T1036.004
Details MITRE ATT&CK Techniques 467
T1071.001
Details Threat Actor Identifier - APT 291
APT10