ioc[.]one - OSINT Cyber Threat Intelligence Database

Anomali Cyber Watch: H0lyGh0st Ransomware Earns for North Korea, OT Unlocking Tools Drop Sality, Switch-Case-Oriented Programming for ChromeLoader, and More

Tags

cmtmf-attack-pattern:	Automated Exfiltration Command And Scripting Interpreter Data Manipulation Exploit Public-Facing Application Network Denial Of Service Network Sniffing Obfuscated Files Or Information
country:	United Arab Emirates North Korea Japan Lithuania Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Binary Padding - T1027.001 Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data Manipulation - T1641 Data Manipulation - T1565 Dns - T1071.004 Dns - T1590.002 Exploit Public-Facing Application - T1377 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Inhibit System Recovery - T1490 Network Denial Of Service - T1464 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Multi-Factor Authentication - T1556.006 Network Denial Of Service - T1498 Password Cracking - T1110.002 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Software - T1592.002 Web Shell - T1505.003 Transfer Data To Cloud Account - T1537 Tool - T1588.002 Vulnerabilities - T1588.006 Account Manipulation - T1098 Automated Exfiltration - T1020 Binary Padding - T1009 Browser Extensions - T1176 Command-Line Interface - T1059 Create Account - T1136 Deobfuscate/Decode Files Or Information - T1140 Exploit Public-Facing Application - T1190 Exploitation For Credential Access - T1212 File And Directory Discovery - T1083 Indicator Removal On Host - T1070 Remote File Copy - T1105 Network Sniffing - T1040 Obfuscated Files Or Information - T1027 Powershell - T1086 Scheduled Task - T1053 Web Shell - T1100 User Execution - T1204 Denial Of Service Exploit Public-Facing Application Indicator Removal On Host Network Sniffing User Execution

Show in Graph

Common Information

Type	Value
UUID	e4f94d71-aa41-49b6-b542-a8e807c6de4d
Fingerprint	8f05101ba7b5af96
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 19, 2022, midnight
Added to db	Sept. 11, 2022, 12:44 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Anomali Cyber Watch: H0lyGh0st Ransomware Earns for North Korea, OT Unlocking Tools Drop Sality, Switch-Case-Oriented Programming for ChromeLoader, and More
Title	Anomali Cyber Watch: H0lyGh0st Ransomware Earns for North Korea, OT Unlocking Tools Drop Sality, Switch-Case-Oriented Programming for ChromeLoader, and More
Detected Hints/Tags/Attributes	159/4/33

Source URLs

	Redirection	Url
Details	Source	https://www.anomali.com/blog/anomali-cyber-watch-h0lygh0st-ransomware-earns-for-north-korea-ot-unlocking-tools-drop-sality-switch-case-oriented-programming-for-chromeloader-and-more

URL Provider

Details	Provider	Source level domain
Details	anomali.com	www.anomali.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	270	✔	—	https://www.anomali.com/site/blog-rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	1	cve-2021-45461
Details	CVE	10	cve-2022-26352
Details	CVE	6	cve-2022-2003
Details	CVE	3	cve-2021-24284
Details	Domain	2	stresser.tech
Details	File	271	chrome.exe
Details	IPv4	1	15.0.19.87
Details	IPv4	1	15.0.19.88
Details	IPv4	1	16.0.18.40
Details	IPv4	1	16.0.18.41
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	86	T1136
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	33	T1565
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	30	T1176
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	58	T1498
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	42	T1040
Details	MITRE ATT&CK Techniques	112	T1098
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	33	T1537
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	44	T1212
Details	Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development)	11	DEV-0530