ioc[.]one - OSINT Cyber Threat Intelligence Database

Russia/Ukraine Update - May 2023

Tags

cmtmf-attack-pattern:	Active Scanning Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Compromise Accounts Compromise Infrastructure Develop Capabilities Exploit Public-Facing Application Masquerading Network Sniffing Obfuscated Files Or Information Obtain Capabilities Phishing For Information Process Injection Stage Capabilities Supply Chain Compromise System Network Connections Discovery
country:	Belgium Canada China Cuba Czechia North Korea Denmark El Salvador Germany France Georgia India South Korea Spain Kyrgyzstan Moldova Poland Portugal Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Active Scanning - T1595 Applescript - T1059.002 Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Custom Method - T1560.003 Archive Via Utility - T1560.001 Asymmetric Cryptography - T1521.002 Asymmetric Cryptography - T1573.002 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Cloud Accounts - T1078.004 Cloud Accounts - T1585.003 Cloud Accounts - T1586.003 Command And Scripting Interpreter - T1623 Compromise Accounts - T1586 Compromise Infrastructure - T1584 Compromise Software Supply Chain - T1195.002 Compromise Software Supply Chain - T1474.003 Create Process With Token - T1134.002 Credentials From Password Stores - T1555 Data Destruction - T1662 Data Destruction - T1485 Debugger Evasion - T1622 Defacement - T1491 Default Accounts - T1078.001 Deploy Container - T1610 Develop Capabilities - T1587 Disk Structure Wipe - T1561.002 Disk Structure Wipe - T1487 Disk Wipe - T1561 Dns - T1071.004 Dns - T1590.002 Domain Accounts - T1078.002 Domain Trust Discovery - T1482 Dynamic-Link Library Injection - T1055.001 Elevated Execution With Prompt - T1548.004 Elevated Execution With Prompt - T1514 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exfiltration Over Web Service - T1567 Exfiltration To Code Repository - T1567.001 Exploitation Of Remote Services - T1428 Exploit Public-Facing Application - T1377 External Defacement - T1491.002 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Gather Victim Network Information - T1590 Hide Artifacts - T1628 Hide Artifacts - T1564 Input Capture - T1417 Install Digital Certificate - T1608.003 Inter-Process Communication - T1559 Internal Defacement - T1491.001 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Lateral Tool Transfer - T1570 Local Account - T1087.001 Local Account - T1136.001 Local Accounts - T1078.003 System Network Connections Discovery - T1421 Mail Protocols - T1071.003 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Multi-Hop Proxy - T1090.003 Native Api - T1575 Non-Standard Encoding - T1132.002 Obtain Capabilities - T1588 Password Guessing - T1110.001 Phishing - T1660 Phishing - T1566 Phishing For Information - T1598 Powershell - T1059.001 Private Keys - T1552.004 Process Injection - T1631 Protocol Impersonation - T1001.003 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Server Software Component - T1505 Service Execution - T1569.002 Setuid And Setgid - T1548.001 Sharepoint - T1213.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Ssh - T1021.004 Ssh Authorized Keys - T1098.004 Stage Capabilities - T1608 Steal Or Forge Kerberos Tickets - T1558 Sudo And Sudo Caching - T1548.003 Supply Chain Compromise - T1474 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Services - T1569 System Shutdown/Reboot - T1529 Windows Command Shell - T1059.003 Unix Shell - T1059.004 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Time Providers - T1547.003 Unsecured Credentials - T1552 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Unix Shell - T1623.001 Access Token Manipulation - T1134 Account Manipulation - T1098 Applescript - T1155 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Automated Collection - T1119 Brute Force - T1110 Bypass User Account Control - T1088 Command-Line Interface - T1059 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Data Encoding - T1132 Data Obfuscation - T1001 Data Staged - T1074 Data Transfer Size Limits - T1030 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 Exploitation Of Remote Services - T1210 External Remote Services - T1133 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Multi-Hop Proxy - T1188 Multi-Stage Channels - T1104 Network Service Scanning - T1046 Network Share Discovery - T1135 Network Sniffing - T1040 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Private Keys - T1145 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Remote Desktop Protocol - T1076 Remote Services - T1021 Rootkit - T1014 Scheduled Task - T1053 Service Execution - T1035 Setuid And Setgid - T1166 Software Packing - T1045 Sudo - T1169 Supply Chain Compromise - T1195 System Information Discovery - T1082 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Valid Accounts - T1078 Web Shell - T1100 Time Providers - T1209 Automated Collection Data Destruction Exploit Public-Facing Application Exploitation Of Remote Services External Remote Services Masquerading Network Sniffing Rootkit Supply Chain Compromise Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	c02bc2f3-a770-4cf4-84aa-fc1714d9b640
Fingerprint	f35409975405b5b0
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 30, 2023, midnight
Added to db	Nov. 6, 2023, 7:33 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Russia/Ukraine Update - May 2023
Title	Russia/Ukraine Update - May 2023
Detected Hints/Tags/Attributes	416/4/112

Source URLs

	Redirection	Url
Details	Source	https://www.optiv.com/insights/discover/blog/russiaukraine-update-may-2023

URL Provider

Details	Provider	Source level domain
Details	optiv.com	www.optiv.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	346	✔	Optiv Blog	https://www.optiv.com/resources/blog/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	49	UAC-0056
Details	Domain	255	www.optiv.com
Details	File	263	www.opt
Details	Mandiant Uncategorized Groups	37	UNC2589
Details	MITRE ATT&CK Techniques	33	T1590
Details	MITRE ATT&CK Techniques	56	T1595.002
Details	MITRE ATT&CK Techniques	100	T1598
Details	MITRE ATT&CK Techniques	66	T1584
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	46	T1608
Details	MITRE ATT&CK Techniques	17	T1608.003
Details	MITRE ATT&CK Techniques	145	T1588
Details	MITRE ATT&CK Techniques	36	T1586
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	41	T1078.001
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	43	T1078.003
Details	MITRE ATT&CK Techniques	34	T1078.004
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	52	T1195
Details	MITRE ATT&CK Techniques	36	T1195.002
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	12	T1059.002
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	86	T1059.004
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	25	T1559
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	1	T1547.003
Details	MITRE ATT&CK Techniques	51	T1136.001
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	17	T1098.004
Details	MITRE ATT&CK Techniques	12	T1548.001
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	10	T1548.003
Details	MITRE ATT&CK Techniques	4	T1548.004
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	116	T1134
Details	MITRE ATT&CK Techniques	24	T1134.002
Details	MITRE ATT&CK Techniques	41	T1014
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	107	T1564
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	59	T1055.001
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	16	T1610
Details	MITRE ATT&CK Techniques	52	T1622
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	42	T1040
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	26	T1552.004
Details	MITRE ATT&CK Techniques	27	T1558
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	125	T1110
Details	MITRE ATT&CK Techniques	44	T1110.001
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	59	T1021.004
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	109	T1210
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	11	T1560.003
Details	MITRE ATT&CK Techniques	67	T1074
Details	MITRE ATT&CK Techniques	75	T1001
Details	MITRE ATT&CK Techniques	10	T1001.003
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	14	T1071.003
Details	MITRE ATT&CK Techniques	52	T1071.004
Details	MITRE ATT&CK Techniques	48	T1090.003
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	74	T1573.002
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	96	T1132
Details	MITRE ATT&CK Techniques	40	T1132.002
Details	MITRE ATT&CK Techniques	25	T1104
Details	MITRE ATT&CK Techniques	36	T1030
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	7	T1567.001
Details	MITRE ATT&CK Techniques	30	T1491.001
Details	MITRE ATT&CK Techniques	5	T1491.002
Details	MITRE ATT&CK Techniques	15	T1561.002
Details	MITRE ATT&CK Techniques	93	T1485
Details	MITRE ATT&CK Techniques	48	T1529
Details	Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development)	51	DEV-0586
Details	Threat Actor Identifier - APT	665	APT29
Details	Threat Actor Identifier - APT	297	APT27
Details	Threat Actor Identifier - APT	522	APT41
Details	Threat Actor Identifier - APT	278	APT10
Details	Threat Actor Identifier - APT	783	APT28