UAC-0185 (UNC4221) APT IOCs - SEC-1275-1
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Mshta - T1218.005 Powershell - T1059.001 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | c633927e-e55b-446d-be6b-03490ca80862 |
| Fingerprint | 628c5cd0887861af |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 11, 2024, midnight |
| Added to db | Dec. 11, 2024, 6:12 a.m. |
| Last updated | Dec. 18, 2024, 9:20 p.m. |
| Headline | UAC-0185 (UNC4221) APT IOCs |
| Title | UAC-0185 (UNC4221) APT IOCs - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 18/1/174 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/8375/uac-0185-unc4221-apt-iocs/?mtm_campaign=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 8 | UAC-0185 |
|
| Details | Domain | 1 | 212nj0b42w.web.telegram-account.host |
|
| Details | Domain | 1 | 658pvbhj2k7veemmv4.web.telegram-account.host |
|
| Details | Domain | 1 | accept-action.site |
|
| Details | Domain | 1 | account-guard.site |
|
| Details | Domain | 1 | account-saver.com |
|
| Details | Domain | 1 | account-viewer.com |
|
| Details | Domain | 1 | cancel-action.site |
|
| Details | Domain | 1 | cancel-auth.site |
|
| Details | Domain | 1 | check.sign-cert.com |
|
| Details | Domain | 1 | check-active.site |
|
| Details | Domain | 1 | cloud.account-viewer.com |
|
| Details | Domain | 1 | cloud.god-le.net |
|
| Details | Domain | 1 | clouddrive.world |
|
| Details | Domain | 1 | confirm.account-viewer.com |
|
| Details | Domain | 1 | confirmphone.site |
|
| Details | Domain | 1 | defender-bot.site |
|
| Details | Domain | 1 | delta.milgov.site |
|
| Details | Domain | 1 | derzhposluhy.com |
|
| Details | Domain | 1 | device.redirecl.com |
|
| Details | Domain | 1 | dhl.redirecl.com |
|
| Details | Domain | 1 | drive.redirecl.com |
|
| Details | Domain | 1 | drive-share.site |
|
| Details | Domain | 1 | emtserviceca.info |
|
| Details | Domain | 1 | get.god-le.com |
|
| Details | Domain | 1 | get.in-touc.com |
|
| Details | Domain | 1 | get.mail-gov.com |
|
| Details | Domain | 1 | get.sign-cert.com |
|
| Details | Domain | 1 | god-le.com |
|
| Details | Domain | 1 | god-le.net |
|
| Details | Domain | 1 | google.drive-share.site |
|
| Details | Domain | 1 | google.share-drive.site |
|
| Details | Domain | 1 | group.kropyva.site |
|
| Details | Domain | 1 | group.teneta.site |
|
| Details | Domain | 1 | group-invitation.site |
|
| Details | Domain | 1 | group-teneta.online |
|
| Details | Domain | 1 | in-touc.com |
|
| Details | Domain | 1 | i-ua.account-guard.site |
|
| Details | Domain | 1 | ivanti.account-viewer.com |
|
| Details | Domain | 1 | kropyva.group |
|
| Details | Domain | 1 | kropyva.site |
|
| Details | Domain | 1 | live.outloolc.com |
|
| Details | Domain | 1 | mail.outloolc.com |
|
| Details | Domain | 1 | mail-gov.com |
|
| Details | Domain | 1 | mail-gov.net |
|
| Details | Domain | 1 | mails.support |
|
| Details | Domain | 1 | milgov.host |
|
| Details | Domain | 1 | milgov.site |
|
| Details | Domain | 1 | mirotrent.com |
|
| Details | Domain | 1 | my.mail-gov.net |
|
| Details | Domain | 1 | odwebp.com |
|
| Details | Domain | 1 | outloolc.com |
|
| Details | Domain | 1 | palantir.ink |
|
| Details | Domain | 1 | passport-ukr-net.site |
|
| Details | Domain | 1 | plntr.account-viewer.com |
|
| Details | Domain | 1 | plntr.mirotrent.com |
|
| Details | Domain | 1 | protect-password.site |
|
| Details | Domain | 1 | qsrgh.site |
|
| Details | Domain | 1 | qweasdzx.site |
|
| Details | Domain | 1 | redirecl.com |
|
| Details | Domain | 1 | share-drive.site |
|
| Details | Domain | 1 | signal-confirm.site |
|
| Details | Domain | 1 | sign-cert.com |
|
| Details | Domain | 1 | spam.web-telegram.host |
|
| Details | Domain | 1 | stellar.account-viewer.com |
|
| Details | Domain | 1 | svc.odwebp.com |
|
| Details | Domain | 1 | teiegram.host |
|
| Details | Domain | 1 | telegram.check-active.site |
|
| Details | Domain | 1 | telegram.defender-bot.site |
|
| Details | Domain | 1 | telegram.qweasdzx.site |
|
| Details | Domain | 1 | telegram.token-defender.cloud |
|
| Details | Domain | 1 | telegram-account.host |
|
| Details | Domain | 1 | telegram-auth.website |
|
| Details | Domain | 1 | telegram-confirm.site |
|
| Details | Domain | 1 | telegramm-account.site |
|
| Details | Domain | 1 | teneta.group |
|
| Details | Domain | 1 | teneta.site |
|
| Details | Domain | 1 | token-defender.cloud |
|
| Details | Domain | 1 | uspp.derzhposluhy.com |
|
| Details | Domain | 1 | web.teiegram.host |
|
| Details | Domain | 1 | web.telegram-account.host |
|
| Details | Domain | 1 | web.telegramm-account.site |
|
| Details | Domain | 1 | web.web.telegram-account.host |
|
| Details | Domain | 1 | web-telegram.host |
|
| Details | Domain | 1 | whatsapp.group-invitation.site |
|
| Details | Domain | 1 | whatsapp.protect-password.site |
|
| Details | Domain | 1 | whatsapp-confirm.site |
|
| Details | Domain | 1 | www.accept-action.site |
|
| Details | Domain | 1 | www.confirm-signal.site |
|
| Details | Domain | 1 | www.google-drive.site |
|
| Details | Domain | 1 | www.protect-password.site |
|
| Details | Domain | 1 | www.qsrgh.site |
|
| Details | Domain | 1 | www.signal-confirm.site |
|
| Details | Domain | 1 | www.teiegram.host |
|
| Details | Domain | 1 | www.telegram-auth.website |
|
| Details | Domain | 1 | www.telegramm-account.site |
|
| Details | File | 498 | mshta.exe |
|
| Details | File | 3 | main.bat |
|
| Details | File | 185 | update.exe |
|
| Details | File | 1 | delta.mil |
|
| Details | File | 1 | emtserviceca.inf |
|
| Details | File | 1 | 16_01.zip |
|
| Details | File | 19 | icon.png |
|
| Details | File | 1 | dack.png |
|
| Details | File | 3 | front.png |
|
| Details | File | 2 | back.png |
|
| Details | File | 46 | logo.png |
|
| Details | md5 | 1 | 104cd6e96a9898462335b0e63766a983 |
|
| Details | md5 | 1 | 34d1bd73883fd4b1709f4a41af70a192 |
|
| Details | md5 | 1 | 490450f5d2f1cb617e02366bc389bb7b |
|
| Details | md5 | 1 | 4dbd1ced8da2a4acec15cfd9be73bfcc |
|
| Details | md5 | 1 | 4f8e66f060ea918637b5e2dfe7fff16d |
|
| Details | md5 | 1 | 5883b5f221a9cb9dcdb4d7be923d4d98 |
|
| Details | md5 | 1 | 74f6bd1a80ebfeece1e65b441c2f46e2 |
|
| Details | md5 | 1 | 7b7ccd7899b0b3b52398df45faf85078 |
|
| Details | md5 | 1 | 80ad42b66b4fc841bfa4210e23a2e757 |
|
| Details | md5 | 1 | 882e5e17793b84ba2705b0e296777635 |
|
| Details | md5 | 1 | 92b698f674370120ec399ad47600477b |
|
| Details | md5 | 1 | 99a0a704c31e84b0e8cb04c0f5ac2746 |
|
| Details | md5 | 1 | a5b1a7db7abf94163a2871d0d7359b49 |
|
| Details | md5 | 1 | bbb96f2781bc16813af398d4a1c5867a |
|
| Details | md5 | 1 | c15e1d4892f10a62fec973d37805cc65 |
|
| Details | md5 | 1 | e4d2f6d160ed8e4a2abd024dc9385ae1 |
|
| Details | sha256 | 1 | 1ffcc81d9194d3f84c9056db6833c99182d0c47f501134cf11a7e20f76dd0833 |
|
| Details | sha256 | 1 | 44cdc03e755bf1e7e60b460ab70834f44f7e4e9cb28591ffab99ca1517687ab2 |
|
| Details | sha256 | 1 | 57f5d4e69fb409ca448dcf7c281e130c66aff37178c827c4bdd6eebace0145e4 |
|
| Details | sha256 | 1 | 6669f6cff75f27db3580ab76e4391245f8028c671198174a4ab0abbfc217f27c |
|
| Details | sha256 | 1 | 689c7b5a63740593af5f931edccd04e5a0af4592f2159da1dc6ff9fb85724d6d |
|
| Details | sha256 | 1 | 6c8ff9dde75352c94afac0045c6fecc5c27181a941c371d165be5dc6f167969c |
|
| Details | sha256 | 1 | 6f4a305a1f5dbb11341986ad354aa5226afcb67b464d4914d9b3ec0c6cf7d887 |
|
| Details | sha256 | 1 | 71a27bc19cd4c3af587071d97afe205f1224f8a71d668683d1fba1969ea241a3 |
|
| Details | sha256 | 1 | 831548a4bf76e77acb9858fffd2bb9a03b210f04f2b615b916e1a086e5421202 |
|
| Details | sha256 | 1 | bf576d4fcbecdff07f71af2ace12cc53a2e03b16c464d4aefb393c4e719ddb17 |
|
| Details | sha256 | 1 | cb86993c83c30cd96c8b8fccd5236e5b5949ed400404c33ab74f173f7a9d53b9 |
|
| Details | sha256 | 1 | d2d5052b0c703a8b148aa6446d1a199aa59c590c5b534e45b03f1e8e74338c2b |
|
| Details | sha256 | 1 | de66a95291321c8877b1c403357147d0c636c1e69f487579f8a2978a7ad7e2eb |
|
| Details | sha256 | 1 | e763ba973e455e684cba6649461e41f488a4a041b23442846c82c532e3a78806 |
|
| Details | sha256 | 1 | ff9002de29b7037bcf2d496a04df98aea4e8f81f88edf409cb65173e3cc194bd |
|
| Details | IPv4 | 1 | 136.243.237.26 |
|
| Details | IPv4 | 1 | 146.59.102.122 |
|
| Details | IPv4 | 1 | 176.57.212.217 |
|
| Details | IPv4 | 1 | 185.158.248.104 |
|
| Details | IPv4 | 1 | 185.225.35.75 |
|
| Details | IPv4 | 1 | 193.203.202.168 |
|
| Details | IPv4 | 1 | 217.144.102.219 |
|
| Details | IPv4 | 1 | 217.151.229.29 |
|
| Details | IPv4 | 1 | 45.147.179.185 |
|
| Details | IPv4 | 1 | 46.30.44.144 |
|
| Details | IPv4 | 1 | 5.181.156.72 |
|
| Details | IPv4 | 1 | 62.113.110.100 |
|
| Details | Mandiant Uncategorized Groups | 5 | UNC4221 |
|
| Details | Url | 1 | http://185.225.35.75:30555/cc |
|
| Details | Url | 1 | http://cloud.account-viewer.com/tw018lik/16_01.zip |
|
| Details | Url | 1 | http://delta.milgov.site |
|
| Details | Url | 1 | http://device.redirecl.com/davwwwroot/downloads/lyst_02-1-437.lnk |
|
| Details | Url | 1 | http://device.redirecl.com/ys558pd/start.hta |
|
| Details | Url | 1 | http://get.god-le.com/gm912cj/icon.png |
|
| Details | Url | 1 | http://get.god-le.com/hs483kf/dack.png |
|
| Details | Url | 1 | http://get.god-le.com/hs483kf/front.png |
|
| Details | Url | 1 | http://group.teneta.site |
|
| Details | Url | 1 | http://group-teneta.online |
|
| Details | Url | 1 | http://kropyva.group |
|
| Details | Url | 1 | http://kropyva.group/qr |
|
| Details | Url | 1 | http://live.outloolc.com/mail_inbox |
|
| Details | Url | 1 | http://mail.outloolc.com/ys558pd/back.png |
|
| Details | Url | 1 | http://mail.outloolc.com/ys558pd/front.png |
|
| Details | Url | 1 | http://mirotrent.com:443 |
|
| Details | Url | 1 | http://plntr.account-viewer.com/xs43hi3d/back.png |
|
| Details | Url | 1 | http://plntr.account-viewer.com/xs43hi3d/front.png |
|
| Details | Url | 1 | http://plntr.account-viewer.com/xs43hi3d/logo.png |
|
| Details | Url | 1 | http://plntr.mirotrent.com:443 |
|
| Details | Url | 1 | http://svc.odwebp.com:443/agent.ashx |
|
| Details | Url | 1 | http://web.telegram-account.host |
|
| Details | Url | 1 | http://web.telegram-account.host/# |