Rewterz Threat Alert – APT28 (FancyBear) Attacks on NATO and Central Asian Targets - Rewterz
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Scheduled Task - T1053.005 Scheduled Task - T1053 |
Common Information
Type | Value |
---|---|
UUID | d22dc6f1-d180-4a21-8ae5-412c43469af2 |
Fingerprint | 9fb4828ded974649 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Oct. 27, 2020, 3:44 p.m. |
Added to db | Dec. 19, 2024, 6:51 a.m. |
Last updated | Dec. 23, 2024, 9:07 p.m. |
Headline | Rewterz Threat Alert – APT28 (FancyBear) Attacks on NATO and Central Asian Targets |
Title | Rewterz Threat Alert – APT28 (FancyBear) Attacks on NATO and Central Asian Targets - Rewterz |
Detected Hints/Tags/Attributes | 32/2/53 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 66 | vb.net |
|
Details | File | 2 | c:\users\purple\appdata\roaming\controller\scrssl.exe |
|
Details | md5 | 4 | b66c2aa25d1f9056f09d0a158d20faef |
|
Details | md5 | 2 | fafd702197d758ce2687706336750660 |
|
Details | md5 | 3 | d5e45a9db7f739979105e000d042f1fe |
|
Details | md5 | 2 | c74aa42b41ec44571a3f4e167b01c53c |
|
Details | md5 | 2 | 93150535f9dcd9f7e169e255264c787a |
|
Details | md5 | 1 | d21a025e6ba0db784abb1d086b67d3df |
|
Details | md5 | 2 | 98e304e28a51acd92a363346c2b02b2f |
|
Details | md5 | 2 | 72552ef22b484f8868dab10b0f605779 |
|
Details | md5 | 2 | 573247af55b015d48ab7f6d7d0d6f1db |
|
Details | md5 | 1 | 8103bffc16f8fb3e55028a62e1a004f8 |
|
Details | md5 | 2 | a14c1fd7b59b34515e6a8a286114c48f |
|
Details | md5 | 3 | 855005fee45e71c36a466527c7fad62f |
|
Details | md5 | 2 | c4a0448925980eacbd22c2dd4869a1c7 |
|
Details | md5 | 1 | 009f073f66b24677cf7ad66818fe4509 |
|
Details | md5 | 2 | 3792380fd7512cc2ec9b28a686edb0e9 |
|
Details | sha1 | 2 | 537224111b8e5bdce214d408c07774894ae3ea24 |
|
Details | sha1 | 1 | bad14008dfcb7ea3b86e4568e4c1c707c88ab20e |
|
Details | sha1 | 2 | 99c6c6fb3ff79680f8cefeaee0b019993e05fa0d |
|
Details | sha1 | 1 | 57bd3192b98c610c53de79f40efe93efa96e6d58 |
|
Details | sha1 | 1 | bef9c4e3eac1062d0271e25b4b36d404bf3b3636 |
|
Details | sha1 | 1 | c9fba83b6a918ccf8aeb3b5522ee28e0065aaa92 |
|
Details | sha1 | 1 | 3dc62f224d812a3a958fa766ff6d175579856743 |
|
Details | sha1 | 2 | 40ef7b08f271cee4482f01b820d1c54e0fdf9d89 |
|
Details | sha1 | 1 | 9b717d50ee312b4841b919fcbe5c129610980b03 |
|
Details | sha1 | 1 | 77857a6a78f87fd2871ab3077e87e006eaff54e7 |
|
Details | sha1 | 2 | d7bf3ea3966f0399acfc3886ec66a7ca4d1675bf |
|
Details | sha1 | 2 | bfe3e62770c8a4479d19ee4208410199b7484924 |
|
Details | sha1 | 1 | c76b54eecba442f800d899f2da4a7b5a8d8595be |
|
Details | sha1 | 1 | da1df0dbfe05486e518ed73b567e4b1635638f5a |
|
Details | sha1 | 1 | 6306fdf3d5bdde6a354fc6329541bf43f118cab1 |
|
Details | sha256 | 2 | e6e19633ba4572b49b47525b5a873132dfeb432f075fbba29831f1bc59d5885d |
|
Details | sha256 | 1 | 468b11cbd5710e6a2c7b9ff9409f8310f1cd59707e39b73cf21cb690cca8b287 |
|
Details | sha256 | 3 | aac3b1221366cf7e4421bdd555d0bc33d4b92d6f65fa58c1bb4d8474db883fec |
|
Details | sha256 | 1 | d61350d77b7762bfe9ecb1d0a660c69d9854192ab69967743c3d86cd2623b7f9 |
|
Details | sha256 | 1 | 1c12cf14d3dbdefd069635d57673258839bf95407674bea01f8d8f9801560dde |
|
Details | sha256 | 1 | d3fe567f183be17370a7a3f034ba2722c760d34e6b40aace4a2b606294373efb |
|
Details | sha256 | 1 | 7f698295230f59c7ca8193322eb48d71cd203f3675139f2da99e326589bfdad3 |
|
Details | sha256 | 4 | 6449d0cb1396d6feba7fb9e25fb20e9a0a5ef3e8623332844458d73057cf04a1 |
|
Details | sha256 | 1 | 07e0b509288c501c57cc8f11b88ac8c06e379b01b74cd910d93cfdff1f9dd7ec |
|
Details | sha256 | 3 | eb81c1be62f23ac7700c70d866e84f5bc354f88e6f7d84fd65374f84e252e76b |
|
Details | sha256 | 3 | fae335a465bb9faac24c58304a199f3bf9bb1b0bd07b05b18e2be6b9e90d72e6 |
|
Details | sha256 | 4 | d5d9210ef49c6780016536b0863cc50f6de03f73e70c2af46cc3cff0e2bf9353 |
|
Details | sha256 | 1 | e39aa9b3c9b95311fe951541f733972858fe724fb5265247f2b6b37ff97356ef |
|
Details | sha256 | 1 | 45bf0e2037b43478e39a06ab23ac5d7a7156c37f8dc38e8da482078bdfe672c5 |
|
Details | sha256 | 1 | 3c93800b31bf6c2897ce2d8ce363c33f3a9cf468adfaa5b0c507de6084970b49 |
|
Details | IPv4 | 2 | 31.7.62.103 |
|
Details | IPv4 | 5 | 194.32.78.245 |
|
Details | Threat Actor Identifier - APT-C | 10 | APT-C-20 |
|
Details | Threat Actor Identifier - APT | 917 | APT28 |
|
Details | Url | 2 | http://31.7.62.103/tleaw.php |
|
Details | Url | 2 | http://194.32.78.245//protect/get-upd-id.php |