HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe - SOC Prime
Tags
country: India Israel Kazakhstan Kyrgyzstan Uzbekistan Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Mshta - T1170
Show in Graph
Common Information
Type Value
UUID d2851c2e-b6e4-4787-8d3b-aee7d25a45d9
Fingerprint c7d00d9d1b7f8f55
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 29, 2024, 12:45 p.m.
Added to db Nov. 29, 2024, 1:56 p.m.
Last updated Dec. 17, 2024, 7:36 p.m.
Headline HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe
Title HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe - SOC Prime
Detected Hints/Tags/Attributes 52/3/5
Source URLs
Redirection Url
Details Source https://socprime.com/blog/hatvibe-and-cherryspy-malware-detection/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 20 
UAC-0063
Details CERT Ukraine 7 
UAC-0001
Details File 496 
mshta.exe
Details Threat Actor Identifier - APT 837 
APT28
Details Threat Actor Identifier by Recorded Future 16 
TAG-110