ioc[.]one - OSINT Cyber Threat Intelligence Database

Anomali Cyber Watch: Bitter Spies on Chinese Nuclear Energy, Kimsuky Takes Over Google Account to Infect Connected Android Devices, Bad Magic APT Targets Occupied Parts of Ukraine

Tags

cmtmf-attack-pattern:	Application Layer Protocol Exploit Public-Facing Application Masquerading Obfuscated Files Or Information Scheduled Task/Job
country:	China North Korea India Indonesia South Korea Kyrgyzstan Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Botnet - T1583.005 Botnet - T1584.005 Call Control - T1616 Contact List - T1636.003 Credentials - T1589.001 Data From Local System - T1533 Email Addresses - T1589.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exploit Public-Facing Application - T1377 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 File Deletion - T1070.004 File Deletion - T1630.002 Gather Victim Identity Information - T1589 Gui Input Capture - T1056.002 Gui Input Capture - T1417.002 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Protected User Data - T1636 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Sms Control - T1582 Sms Messages - T1636.004 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Video Capture - T1512 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Data From Local System - T1005 Data From Removable Media - T1025 Deobfuscate/Decode Files Or Information - T1140 Email Collection - T1114 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 Exploitation For Client Execution - T1203 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Input Capture - T1056 Masquerading - T1036 Obfuscated Files Or Information - T1027 Powershell - T1086 Scheduled Task - T1053 Screen Capture - T1113 Signed Binary Proxy Execution - T1218 Spearphishing Attachment - T1193 System Information Discovery - T1082 User Execution - T1204 Exploit Public-Facing Application Indicator Removal On Host Masquerading Screen Capture Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	d4924884-9fa4-42a3-9ca0-7993b301cefc
Fingerprint	8f060802a5154f41
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 28, 2023, midnight
Added to db	June 5, 2023, 11:49 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Anomali Cyber Watch: Bitter Spies on Chinese Nuclear Energy, Kimsuky Takes Over Google Account to Infect Connected Android Devices, Bad Magic APT Targets Occupied Parts of Ukraine
Title	Anomali Cyber Watch: Bitter Spies on Chinese Nuclear Energy, Kimsuky Takes Over Google Account to Infect Connected Android Devices, Bad Magic APT Targets Occupied Parts of Ukraine
Detected Hints/Tags/Attributes	160/4/32

Source URLs

	Redirection	Url
Details	Source	https://www.anomali.com/blog/anomali-cyber-watch-account-takeover-apt-banking-trojans-china-cyberespionage-india-malspam-north-korea-phishing-skimmers-ukraine-and-vulnerabilities

URL Provider

Details	Provider	Source level domain
Details	anomali.com	www.anomali.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	270	✔	—	https://www.anomali.com/site/blog-rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	20	obfuscator.io
Details	MITRE ATT&CK Techniques	22	T1589.002
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	39	T1218.007
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	10	T1616
Details	MITRE ATT&CK Techniques	19	T1533
Details	MITRE ATT&CK Techniques	12	T1417.001
Details	MITRE ATT&CK Techniques	17	T1636.004
Details	MITRE ATT&CK Techniques	17	T1636.003
Details	MITRE ATT&CK Techniques	10	T1512
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	34	T1025
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	9	T1417.002
Details	MITRE ATT&CK Techniques	15	T1582
Details	Threat Actor Identifier by Tencent	13	T-APT-17