Tandem Espionage | InQuest
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | c5565f1d-6802-453a-b734-9cd50c196a6b |
| Fingerprint | 6ca2dd57f3e9e2b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 25, 2022, midnight |
| Added to db | June 5, 2023, 10:52 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Tandem Espionage |
| Title | Tandem Espionage | InQuest |
| Detected Hints/Tags/Attributes | 36/2/80 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://inquest.net/blog/2022/05/25/tandem-espionage |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 137 | ✔ | InQuest | https://inquest.net/blog/rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 1 | rwwmefkauiaa.ru |
|
| Details | Domain | 1 | ckrddvcveumq.ru |
|
| Details | Domain | 67 | www.dropbox.com |
|
| Details | Domain | 1 | zyzkikpfewuf.ru |
|
| Details | Domain | 1 | cugdwpnykghx.ru |
|
| Details | Domain | 1 | aztkiryhetxx.ru |
|
| Details | Domain | 1 | dvizhdom.ru |
|
| Details | Domain | 1 | dwrfqitgvmqn.ru |
|
| Details | Domain | 1 | rhjebiuujydv.ru |
|
| Details | Domain | 1 | sanlygeljek.ru |
|
| Details | Domain | 1 | sinelnikovd.ru |
|
| Details | Domain | 1 | wzqyuwtdxyee.ru |
|
| Details | Domain | 1 | zpuxmwmwdxxk.ru |
|
| Details | Domain | 1 | gimp.org |
|
| Details | File | 66 | settings.xml |
|
| Details | File | 1 | tj3wqx.dot |
|
| Details | File | 1 | c:\\users\\public\\servicehomework.exe |
|
| Details | File | 1 | document1916t.pdf |
|
| Details | File | 1 | document01.pdf |
|
| Details | File | 34 | acrord32.exe |
|
| Details | File | 1 | c:\users\admin\documents\document01.pdf |
|
| Details | File | 1 | u84ls.exe |
|
| Details | File | 1 | pkdzb.exe |
|
| Details | File | 1 | builded1916t.exe |
|
| Details | File | 1 | adobeservice.exe |
|
| Details | File | 1 | gatero0m.php |
|
| Details | File | 1 | v7dgre.dot |
|
| Details | File | 1 | xcl2ba.dot |
|
| Details | File | 1 | hour84a6d9k.dot |
|
| Details | File | 1 | bq979g5dfweq.exe |
|
| Details | File | 1 | a0hngee18y3z.exe |
|
| Details | File | 1 | hour84a6d9k.exe |
|
| Details | File | 1 | esttpnhsmb.exe |
|
| Details | File | 1 | xpqa02df.exe |
|
| Details | File | 1 | p73tzehj.exe |
|
| Details | File | 1 | 0530cd.dat |
|
| Details | File | 1 | ffe0a6.dat |
|
| Details | File | 1 | fd51a0.dat |
|
| Details | File | 1 | az9vu.exe |
|
| Details | File | 1 | fyi82dk.pdf |
|
| Details | File | 1 | vdl4t.exe |
|
| Details | Github username | 1 | collabsss |
|
| Details | sha256 | 1 | b3920fe11f1dcaf5a7f4cb8a37bed2dd6a8638c5f8a4312d4c07d11f7d0e62da |
|
| Details | sha256 | 1 | b9a1ac0335226386029bb3b6f9f3b9114bde55c7ea9f4fdcdccc02593208bdfd |
|
| Details | sha256 | 1 | 7093aba8ae03275caab7372a7d56172df1716120d477dc276ee9f0b08816bd0c |
|
| Details | sha256 | 1 | 27223530f9da259a9f2318b525399a30f5656ca4d2951d76af8039484d8f3e74 |
|
| Details | sha256 | 1 | beedb7cc465933bc983dab4c41f8464d985ec15680f60dec4f27e0a96e88939d |
|
| Details | sha256 | 1 | 08cd999cee6f248e0847c012e68476ca38f280855e3b2406189ff9eca49087be |
|
| Details | sha256 | 1 | 21354be825c9532dd39072e8a67ed935ce4cfc4f5077bd65f1118adf86c4a0d6 |
|
| Details | sha256 | 1 | 0f1169276cf30b4514a043e9b3587c073e20efa186d26974490a54733288825d |
|
| Details | IPv4 | 1 | 162.33.179.235 |
|
| Details | Url | 1 | https://github.com/collabsss/dotm/raw/main/tj3wqx.dotm |
|
| Details | Url | 1 | http://rwwmefkauiaa.ru/document1916t.pdf |
|
| Details | Url | 1 | http://rwwmefkauiaa.ru/u84ls.exe |
|
| Details | Url | 1 | http://rwwmefkauiaa.ru/builded1916t.exe |
|
| Details | Url | 1 | http://162.33.179.235/gatero0m.php |
|
| Details | Url | 1 | http://ckrddvcveumq.ru/v7dgre.dotm |
|
| Details | Url | 1 | https://www.dropbox.com/s/e6yaipmzb8ik7dm/xcl2ba.dotm?dl=1 |
|
| Details | Url | 1 | http://zyzkikpfewuf.ru/hour84a6d9k.dotm |
|
| Details | Url | 1 | http://cugdwpnykghx.ru/bq979g5dfweq.exe |
|
| Details | Url | 1 | http://cugdwpnykghx.ru/a0hngee18y3z.exe |
|
| Details | Url | 1 | http://lightnogu5owjjllyo4tj2sfos6fchnmcidlgo6c7e6fz2hgryhfhoyd.onion/stealer/918119271?pwds=0&cards=0&wlts=0&files=0&user=dxnlcg==&comp=ag9vewvxaxhsenk=&ip=otuumjexlje5mc4xotk=&country=tmv0agvybgfuzhmgke5mkq==&city=sgfhcmxlbq==&tag=32748 |
|
| Details | Url | 1 | http://zyzkikpfewuf.ru/hour84a6d9k.exe |
|
| Details | Url | 1 | http://zyzkikpfewuf.ru/esttpnhsmb.exe |
|
| Details | Url | 1 | http://zyzkikpfewuf.ru/xpqa02df.exe |
|
| Details | Url | 1 | http://ckrddvcveumq.ru |
|
| Details | Url | 1 | https://ckrddvcveumq.ru |
|
| Details | Url | 1 | http://ckrddvcveumq.ru/p73tzehj.exe |
|
| Details | Url | 1 | http://cugdwpnykghx.ru |
|
| Details | Url | 1 | https://cugdwpnykghx.ru |
|
| Details | Url | 1 | http://cugdwpnykghx.ru/0530cd.dat |
|
| Details | Url | 1 | http://cugdwpnykghx.ru/ffe0a6.dat.dat |
|
| Details | Url | 1 | http://cugdwpnykghx.ru/fd51a0.dat |
|
| Details | Url | 1 | http://rwwmefkauiaa.ru |
|
| Details | Url | 1 | http://rwwmefkauiaa.ru/az9vu.exe |
|
| Details | Url | 1 | https://rwwmefkauiaa.ru |
|
| Details | Url | 1 | http://rwwmefkauiaa.ru/fyi82dk.pdf |
|
| Details | Url | 1 | http://rwwmefkauiaa.ru/vdl4t.exe |
|
| Details | Url | 1 | https://labs.inquest.net/dfi/search/ioc/xmpid/xmp.iid |