ioc[.]one - OSINT Cyber Threat Intelligence Database

DONOT’s Assault on Maritime and Defense Manufacturing

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Obfuscated Files Or Information Scheduled Task/Job
country:	Pakistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Domains - T1583.001 Domains - T1584.001 Exfiltration Over C2 Channel - T1646 File Deletion - T1070.004 File Deletion - T1630.002 Indicator Removal On Host - T1630 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Exfiltration Over Command And Control Channel - T1041 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Obfuscated Files Or Information - T1027 Powershell - T1086 Rundll32 - T1085 Scheduled Task - T1053 Signed Binary Proxy Execution - T1218 Indicator Removal On Host Remote File Copy

Show in Graph

Common Information

Type	Value
UUID	dff53796-9f68-4edd-b2af-d3cc721d4785
Fingerprint	a4848bd9632f0ed0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 18, 2024, 11:35 a.m.
Added to db	Nov. 18, 2024, 1:24 p.m.
Last updated	Nov. 20, 2024, 9:29 p.m.
Headline	DONOT’s Assault on Maritime and Defense Manufacturing
Title	DONOT’s Assault on Maritime and Defense Manufacturing
Detected Hints/Tags/Attributes	50/4/20

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@harboot/donots-assault-on-maritime-and-defense-manufacturing-8089db99353d?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	internalfileserver.online
Details	Domain	4	www.hendryadrian.com
Details	File	2136	cmd.exe
Details	File	1214	powershell.exe
Details	File	2	2sqsxda2.exe
Details	File	1025	rundll32.exe
Details	sha256	3	cffe7eb01000de809b79a711702eaf3773f2e6167ce440f33f30bcd6fabcace3
Details	sha256	3	a7893c54edaecaa0e56010576a8249ad9149456f5d379868a0ecaa4c5c33fa70
Details	IPv4	2	94.141.120.137
Details	MITRE ATT&CK Techniques	414	T1566
Details	MITRE ATT&CK Techniques	465	T1059.001
Details	MITRE ATT&CK Techniques	336	T1059.003
Details	MITRE ATT&CK Techniques	120	T1218.011
Details	MITRE ATT&CK Techniques	277	T1053.005
Details	MITRE ATT&CK Techniques	298	T1070.004
Details	MITRE ATT&CK Techniques	632	T1027
Details	MITRE ATT&CK Techniques	445	T1071.001
Details	MITRE ATT&CK Techniques	494	T1105
Details	MITRE ATT&CK Techniques	425	T1041
Details	Url	1	https://www.hendryadrian.com/donots-assault-on-maritime-and-defense-manufacturing