UNKNOWN
Tags
| country: | Ukraine |
| attack-pattern: | Powershell - T1059.001 Rundll32 - T1218.011 Powershell - T1086 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | c4b1e7d1-9a0c-43cb-a2f9-9cbe5750b17b |
| Fingerprint | 465ceda179298cc5 |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | None |
| Added to db | Dec. 19, 2024, 2:28 p.m. |
| Last updated | Dec. 25, 2024, 10:29 a.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 33/2/69 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secrss.com/articles/41934 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 1 | UAC-0086 |
|
| Details | CERT Ukraine | 3 | UAC-0051 |
|
| Details | CERT Ukraine | 6 | UAC-0041 |
|
| Details | CERT Ukraine | 55 | UAC-0056 |
|
| Details | CERT Ukraine | 23 | UAC-0082 |
|
| Details | CERT Ukraine | 20 | UAC-0028 |
|
| Details | CERT Ukraine | 8 | UAC-0020 |
|
| Details | CERT Ukraine | 5 | UAC-0035 |
|
| Details | CERT Ukraine | 4 | UAC-0026 |
|
| Details | CERT Ukraine | 45 | UAC-0010 |
|
| Details | CERT Ukraine | 25 | UAC-0098 |
|
| Details | CVE | 131 | cve-2021-40444 |
|
| Details | Domain | 2 | dhdhk0k34.com |
|
| Details | Domain | 2 | explained.zip |
|
| Details | Domain | 6752 | 163.com |
|
| Details | File | 2 | letter.xlsx |
|
| Details | File | 3 | bitdefenderwindowsupdatepackage.exe |
|
| Details | File | 1 | антивірусногозахисту.doc |
|
| Details | File | 1 | 防病毒说明.doc |
|
| Details | File | 1 | spectr.inf |
|
| Details | File | 3 | cpcrs.exe |
|
| Details | File | 1 | 和csrss.exe |
|
| Details | File | 1 | 501_25_103.zip |
|
| Details | File | 1 | hta文件再从黑客服务器上下载并运行诱饵文档501_25_103.doc |
|
| Details | File | 1 | арміїросійськоїфедерації.rar |
|
| Details | File | 4 | 2163_02_33-2022.pdf |
|
| Details | File | 3 | officecleaner.bat |
|
| Details | File | 3 | httpshelper.dll |
|
| Details | File | 1 | 并调用rundll32.exe |
|
| Details | File | 2 | диверсанти.rar |
|
| Details | File | 2 | 03.rar |
|
| Details | File | 4 | base-update.exe |
|
| Details | File | 5 | java-sdk.exe |
|
| Details | File | 6 | oracle-java.exe |
|
| Details | File | 6 | microsoft-cortana.exe |
|
| Details | File | 1357 | powershell.exe |
|
| Details | File | 1 | військовізлочинцірф.htm |
|
| Details | File | 1 | 俄罗斯联邦的战犯.htm |
|
| Details | File | 2 | viyskovi_zlochinci_ru.rar |
|
| Details | File | 1 | 此hta文件会从黑客服务器上下载get.php |
|
| Details | File | 3 | реєстр.xls |
|
| Details | File | 1 | 动员登记册.xls |
|
| Details | File | 2 | spisok.exe |
|
| Details | File | 1 | 1409grandstrategy.docx |
|
| Details | File | 1 | 200712005_sep2019.docx |
|
| Details | File | 1 | dominant_narrative_ukraine_russia_hutchings_szostek.docx |
|
| Details | File | 1 | 642844_en.docx |
|
| Details | File | 1 | leaked_kremlin_emails_show_minsk_protoco.docx |
|
| Details | File | 1 | r147en.docx |
|
| Details | File | 1 | the_surkov_leaks_the_inner_workings_of_r.docx |
|
| Details | File | 1 | report_final.docx |
|
| Details | File | 1 | facon_defense_ukrainienne_ru_2022.docx |
|
| Details | File | 1 | ukraine_report_final.doc |
|
| Details | File | 2 | update.doc |
|
| Details | File | 2 | 16_0.doc |
|
| Details | File | 1 | report_final.zip |
|
| Details | File | 2 | explained.zip |
|
| Details | File | 10 | softwareupdate.exe |
|
| Details | File | 201 | update.exe |
|
| Details | File | 1 | 在rels的document.xml |
|
| Details | File | 1 | qywi6lh4m71o.html |
|
| Details | File | 1 | 尝试下载该qywi6lh4m71o.html |
|
| Details | File | 1 | прозбереженнявзеоматеріалівзфіксацішйармішїросійськоюфедераціїїїї.rar |
|
| Details | File | 1 | 关于保存俄罗斯联邦军队犯罪行为的视频记录.rar |
|
| Details | File | 1 | 是通过使用rundll32.exe |
|
| Details | File | 1102 | rundll32.exe |
|
| Details | IPv4 | 4 | 194.31.98.124 |
|
| Details | Url | 1 | https://forkscenter.fr”网站下载并安装防病毒软件的更新文件“bitdefenderwindowsupdatepackage.exe |
|
| Details | Url | 1 | https://web.sunvn.net/qywi6lh4m71o.html!x-usc:https://web.sunvn.net/qywi6lh4m71o.html |