ioc[.]one - OSINT Cyber Threat Intelligence Database

Resurgent Iron Liberty Targeting Energy Sector

Tags

country:	Canada Norway Russia United States Of America
attack-pattern:	Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Password Cracking - T1110.002 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Template Injection - T1221 Tool - T1588.002 Hypervisor - T1062 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	e6c721b0-464c-46bd-9b9a-044b39f7987a
Fingerprint	bd98993d03778fc1
Analysis status	DONE
Considered CTI value	1
Text language
Published	July 24, 2019, midnight
Added to db	Sept. 11, 2022, 12:33 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Resurgent Iron Liberty Targeting Energy Sector
Title	Resurgent Iron Liberty Targeting Energy Sector
Detected Hints/Tags/Attributes	102/2/20

Source URLs

	Redirection	Url
Details	Source	https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector

URL Provider

Details	Provider	Source level domain
Details	secureworks.com	www.secureworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	370	✔	—	https://www.secureworks.com/rss?feed=research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	261	blog.talosintelligence.com
Details	Domain	19	motherboard.vice.com
Details	Domain	56	www.dragos.com
Details	Domain	98	www.secureworks.com
Details	Domain	216	www.symantec.com
Details	Domain	145	www.us-cert.gov
Details	File	478	lsass.exe
Details	File	96	rar.exe
Details	File	3	template-injection.html
Details	File	1	20180510allanite.html
Details	Threat Actor Identifier by SecureWorks	5	TG-4192
Details	Url	3	https://blog.talosintelligence.com/2017/07/template-injection.html
Details	Url	1	https://motherboard.vice.com/en_us/article/bmjdmd/hackers-target-300-norwegian-oil-and-energy
Details	Url	1	https://www.dragos.com/blog/20180510allanite.html
Details	Url	2	https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control
Details	Url	3	https://www.secureworks.com/research/mcmd-malware-analysis
Details	Url	2	https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector
Details	Url	1	https://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat-energetic-bear
Details	Url	2	https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks
Details	Url	6	https://www.us-cert.gov/ncas/alerts/ta18-074a