ioc[.]one - OSINT Cyber Threat Intelligence Database

Initial access broker repurposing techniques in targeted attacks against Ukraine

Tags

country:	India Italy Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Email Account - T1087.003 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	be0c7b53-6b4f-4c76-ac50-505f072b1857
Fingerprint	a55c89930529a785
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 7, 2022, midnight
Added to db	Oct. 22, 2023, 9:27 p.m.
Last updated	Nov. 18, 2024, 7:17 p.m.
Headline	Initial access broker repurposing techniques in targeted attacks against Ukraine
Title	Initial access broker repurposing techniques in targeted attacks against Ukraine
Detected Hints/Tags/Attributes	73/3/63

Source URLs

	Redirection	Url
Details	Source	https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/

URL Provider

Details	Provider	Source level domain
Details	blog.google	blog.google

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	35	✔	Threat Analysis Group (TAG)	https://blog.google/threat-analysis-group/rss/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	23	UAC-0098
Details	CVE	172	cve-2022-30190
Details	Domain	1	activecitizens.in.ua
Details	Domain	2	lviv.uz.ua
Details	Domain	1	aprize.com.ua
Details	Domain	1	cyberpolice.gov.uz.ua
Details	Domain	1	gov.uz.ua
Details	Domain	1	blinkin.top
Details	Domain	195	drive.google.com
Details	Domain	1	kirbi.top
Details	Domain	2	dropfiles.me
Details	Domain	48	storage.googleapis.com
Details	Domain	1	cor1krp299kh13.appspot.com
Details	Domain	1	xpd9q3z05awvw4.appspot.com
Details	Domain	1	donaldtr.com
Details	Domain	2	starlinkua.info
Details	Domain	1	box.starlinkua.info
Details	Domain	1	box.microsoftua.com
Details	Domain	1	microsoftua.com
Details	Domain	1	baiden.top
Details	Domain	1	kompromatua.info
Details	Domain	1	baidenfree.com
Details	Email	1	support@starlinkua.info
Details	Email	1	jurnalist@kompromatua.info
Details	File	2	реєстр.xls
Details	File	3	register.xls
Details	File	2	список.xls
Details	File	6	list.xls
Details	File	2	громадян.xls
Details	File	2	citizens.xls
Details	File	1	kb5012599.msi
Details	File	1	kb2533623.exe
Details	File	1	kb2533623.msi
Details	File	1	abr090tan-ts.xlsb
Details	File	1	bc_https_x64.dll
Details	File	1	clickme.rtf
Details	File	817	index.html
Details	File	1	ked.dll
Details	sha256	1	8f7e3471c1bb2b264d1b8f298e7b7648dac84ffd8fb2125f3b2566353128e127
Details	sha256	1	08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0
Details	sha256	1	1f3c5dd0a79323c57ad194a49eebaaf2f624822df401995e51a4c58b5a607a45
Details	IPv4	1	84.32.190.34
Details	IPv4	1	64.190.113.51
Details	IPv4	2	5.199.173.152
Details	Microsoft Patch Numbers	1	KB5012599
Details	Microsoft Patch Numbers	1	KB2533623
Details	Threat Actor Identifier - FIN	42	FIN12
Details	Url	1	https://activecitizens.in.ua/project1.xls
Details	Url	1	https://lviv.uz.ua/artists.xls
Details	Url	1	https://aprize.com.ua/artists.xls
Details	Url	1	https://cyberpolice.gov.uz.ua/article/kb5012599.msi
Details	Url	1	http://blinkin.top/3538313546/license?serial={generated_serial}
Details	Url	1	https://drive.google.com/file/d/19ztx3k38g2oxqnfkej3jh4eii_vuqgnk/view?usp=drive_web
Details	Url	1	http://84.32.190.34/kb2533623.exe
Details	Url	1	https://dropfiles.me/download/af46b89ae667c0d0
Details	Url	1	http://storage.googleapis.com/cor1krp299kh13.appspot.com
Details	Url	1	http://storage.googleapis.com/xpd9q3z05awvw4.appspot.com
Details	Url	1	https://box.starlinkua.info/cloud/index.php/s
Details	Url	1	https://box.microsoftua.com/cloud/index.php/s
Details	Url	1	http://84.32.190.34/bc_https_x64.dll
Details	Url	1	http://64.190.113.51/index.html
Details	Url	1	http://64.190.113.51:8000/index.html
Details	Url	1	http://5.199.173.152/ked.dll