ioc[.]one - OSINT Cyber Threat Intelligence Database

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks

Tags

cmtmf-attack-pattern:	Masquerading
country:	Norway
attack-pattern:	Data Direct Cloud Services - T1021.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Masquerading - T1036 Powershell - T1086 Scheduled Task - T1053 Masquerading

Show in Graph

Common Information

Type	Value
UUID	d5de22d4-2d96-4c9e-85cd-9fcfae39a8ef
Fingerprint	a4203f59865e8fd7
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 16, 2023, midnight
Added to db	Feb. 16, 2023, 4:22 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	WIP26 Espionage \| Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
Title	WIP26 Espionage \| Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
Detected Hints/Tags/Attributes	70/3/29

Source URLs

	Redirection	Url
Details	Source	https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	www.sentinelone.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	162	✔	—	https://media.cert.europa.eu/rss?type=category&id=APTFilter&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	socialmsdnmicrosoft.azurewebsites.net
Details	Domain	1	akam.azurewebsites.net
Details	Domain	61	login.microsoftonline.com
Details	Domain	1	gmall-52fb5-default-rtdb.asia-southeast1.firebasedatabase.app
Details	Domain	1	go0gle-service-default-rtdb.firebaseio.com
Details	Domain	32	graph.microsoft.com
Details	Domain	67	www.dropbox.com
Details	File	1	pdfelement.exe
Details	File	175	update.exe
Details	File	1	edgeupdater.exe
Details	File	16	launcher.exe
Details	sha1	1	b8313a185528f7d4f62853a44b64c29621627ae7
Details	sha1	1	8b95902b2c444bcdccb8a481159612777f82bad1
Details	sha1	1	3e10a3a2be17dcf8e79e658f7443f6c3c51f8803
Details	sha1	1	a7bd58c86cf6e7436cece692da8f78ceb7ba56a0
Details	sha1	1	6b5f7659ce48ff48f6f276dc532cd458bf15164c
Details	IPv4	1	193.29.56.122
Details	Threat Actor Identifier - APT	277	APT37
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	https://gmall-52fb5-default-rtdb.asia-southeast1.firebasedatabase.app
Details	Url	1	https://go0gle-service-default-rtdb.firebaseio.com
Details	Url	1	https://graph.microsoft.com/beta/users/3517e816-6719-4b16-9b40-63cc779da77c/mailfolders
Details	Url	1	https://www.dropbox.com/s/6a8u8wlpvv73fe4
Details	Url	1	https://www.dropbox.com/s/hbc5yz8z116zbi9
Details	Url	1	https://socialmsdnmicrosoft.azurewebsites.net/aaa
Details	Url	1	https://socialmsdnmicrosoft.azurewebsites.net/abb
Details	Url	1	https://socialmsdnmicrosoft.azurewebsites.net/ama
Details	Url	1	https://socialmsdnmicrosoft.azurewebsites.net/as
Details	Url	1	https://akam.azurewebsites.net/api/file/upload