HeptaX: Unauthorized RDP Connections For Cyberespionage Operations
Tags
Common Information
Type | Value |
---|---|
UUID | cb2615f3-b50a-4626-99de-c5366cddc7c5 |
Fingerprint | bc85a4136b278bc4 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Oct. 25, 2024, 10:57 a.m. |
Added to db | Oct. 25, 2024, 5:29 p.m. |
Last updated | Dec. 11, 2024, 8:12 a.m. |
Headline | HeptaX: Unauthorized RDP Connections for Cyberespionage Operations |
Title | HeptaX: Unauthorized RDP Connections For Cyberespionage Operations |
Detected Hints/Tags/Attributes | 103/3/58 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 98 | ✔ | Cyble | https://cyble.com/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1394 | twitter.com |
|
Details | File | 2 | 202409_resident_care_quality_improvement_strategies_for_nursing_homes_enhancing_patient_satisfaction_and_health_outcomes.pdf |
|
Details | File | 1 | sow_for_nevrlate.pdf |
|
Details | File | 1 | webcontentwriting_handout.pdf |
|
Details | File | 1 | blockchain_trading_website_manager.docx |
|
Details | File | 1 | signature.pdf |
|
Details | File | 1 | stars.pdf |
|
Details | File | 1 | xihu.pdf |
|
Details | File | 3 | bb.ps1 |
|
Details | File | 2 | id.log |
|
Details | File | 2 | get-command.php |
|
Details | File | 6 | b.ps1 |
|
Details | File | 1232 | index.php |
|
Details | File | 2 | k1.bat |
|
Details | File | 2 | scheduler-once.bat |
|
Details | File | 1 | k2.bat |
|
Details | File | 2 | sysmon.bat |
|
Details | File | 1 | sysmon2.bat |
|
Details | File | 10 | a.ps1 |
|
Details | File | 1 | c:\windows\temp\onedrivelog\onedrive.log |
|
Details | File | 6 | chromepass.exe |
|
Details | File | 2196 | cmd.exe |
|
Details | sha256 | 3 | 6605178dbc4d84e789e435915e86a01c5735f34b7d18d626b2d8810456c4bc72 |
|
Details | sha256 | 3 | 18e75bababa1176ca1b25f727c0362e4bb31ffc19c17e2cabb6519e6ef9d2fe5 |
|
Details | sha256 | 3 | 5ff89db10969cba73d1f539b12dad42c60314e580ce43d7b57b46a1f915a6a2b |
|
Details | sha256 | 3 | 1d82927ab19db7e9f418fe6b83cf61187d19830b9a7f58072eedfd9bdf628dab |
|
Details | sha256 | 3 | a8d577bf773f753dfb6b95a3ef307f8b4d9ae17bf86b95dcbb6b2fb638a629b9 |
|
Details | sha256 | 3 | 999f521ac605427945035a6d0cd0a0847f4a79413a4a7b738309795fd21d3432 |
|
Details | sha256 | 3 | 4b127e7b83148bfbe56bd83e4b95b2a4fdb69e1c9fa4e0c021a3bfb7b02d8a16 |
|
Details | IPv4 | 3 | 157.173.104.153 |
|
Details | MITRE ATT&CK Techniques | 432 | T1566 |
|
Details | MITRE ATT&CK Techniques | 110 | T1204.001 |
|
Details | MITRE ATT&CK Techniques | 482 | T1059.001 |
|
Details | MITRE ATT&CK Techniques | 643 | T1027 |
|
Details | MITRE ATT&CK Techniques | 397 | T1547.001 |
|
Details | MITRE ATT&CK Techniques | 82 | T1548 |
|
Details | MITRE ATT&CK Techniques | 114 | T1098 |
|
Details | MITRE ATT&CK Techniques | 1022 | T1082 |
|
Details | MITRE ATT&CK Techniques | 129 | T1555.003 |
|
Details | MITRE ATT&CK Techniques | 504 | T1105 |
|
Details | MITRE ATT&CK Techniques | 466 | T1071 |
|
Details | Url | 1 | http://157.173.104.153/up/get-command.php?uid= |
|
Details | Url | 1 | http://157.173.104.153/up/index.php?uid= |
|
Details | Url | 1 | http://157.173.104.153/up/a.ps1 |
|
Details | Url | 2 | http://157.173.104.153/up/index.php |
|
Details | Url | 2 | http://157.173.104.153/up/tool/chromepass.exe |
|
Details | Url | 2 | http://157.173.104.153/up/b.ps1 |
|
Details | Url | 2 | http://157.173.104.153/up/bb.ps1 |
|
Details | Url | 2 | http://157.173.104.153/up/scheduler-oncex |
|
Details | Url | 2 | http://157.173.104.153/up/trigger |
|
Details | Url | 2 | http://157.173.104.153/up/get-command.php |
|
Details | Url | 2 | http://157.173.104.153/up/bait/202409_resident_care_quality_improvement_strategies_for_nursing_homes_enhancing_patient_satisfaction_and_health_outcomes.pdf |
|
Details | Url | 1 | https://twitter.com/malwrhunterteam/status/1701669714244542758 |
|
Details | Url | 1 | https://twitter.com/azakasekai_/status/1846482785009348692 |
|
Details | Url | 1 | https://twitter.com/fmc_nan/status/1701427951714345296 |
|
Details | Url | 1 | https://twitter.com/malwrhunterteam/status/1708219656488571188 |
|
Details | Url | 1 | https://twitter.com/malwrhunterteam/status/1701672325580550176 |
|
Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Wireless |