From Albania to the Middle East: The Scarred Manticore is Listening - Check Point Research
Tags
country: Albania United Arab Emirates Kuwait Jordan Iran Iraq Israel Saudi Arabia Oman Qatar
attack-pattern: Data Direct Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Web Shell - T1505.003 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Connection Proxy - T1090 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID eaa6709b-3148-48dd-848a-bc265b702a75
Fingerprint 3f8c910023bbc491
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 31, 2023, 10:56 a.m.
Added to db Nov. 19, 2023, 12:55 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline From Albania to the Middle East: The Scarred Manticore is Listening
Title From Albania to the Middle East: The Scarred Manticore is Listening - Check Point Research
Detected Hints/Tags/Attributes 119/2/37
Source URLs
Redirection Url
Details Source https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
Details Redirection https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/?&web_view=true
Details Source https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/?web_view=true
URL Provider
Details Provider Source level domain
Details checkpoint.com research.checkpoint.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 99 Cyware News - Latest Cyber News https://cyware.com/allnews/feed 2024-08-30 22:08
Details 204 Check Point Research https://research.checkpoint.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 397 
asp.net
Details Domain 1 
system.drawing.design
Details File 77 
http.sys
Details File 12 
wlanapi.dll
Details File 28 
wlbsctrl.dll
Details File 1260 
explorer.exe
Details File 118 
sc.exe
Details File 1 
wblsctrl.dll
Details File 748 
kernel32.dll
Details File 17 
exchange.asmx
Details File 10 
1.aspx
Details File 1 
xoro.dll
Details File 3 
base64.dll
Details File 3 
clientbin.aspx
Details File 3 
design.dll
Details File 2125 
cmd.exe
Details File 1 
bsae64.dll
Details sha256 3 
daa362f070ba121b9a2fa3567abc345edcde33c54cabefa71dd2faad78c10c33
Details sha256 3 
f4639c63fb01875946a4272c3515f005d558823311d0ee4c34896c2b66122596
Details sha256 3 
2097320e71990865f04b9484858d279875cf5c66a5f6d12c819a34e2385da838
Details sha256 3 
67560e05383e38b2fcc30df84f0792ad095d5594838087076b214d849cde9542
Details sha256 2 
4f6351b8fb3f49ff0061ee6f338cd1af88893ed20e71e211e8adb6b90e50a3b8
Details sha256 3 
f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d
Details sha256 3 
1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e
Details sha256 4 
8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330
Details sha256 3 
c5b4542d61af74cf7454d7f1c8d96218d709de38f94ccfa7c16b15f726dc08c0
Details sha256 3 
9117bd328e37be121fb497596a2d0619a0eaca44752a1854523b8af46a5b0ceb
Details sha256 3 
e1ad173e49eee1194f2a55afa681cef7c3b8f6c26572f474dec7a42e9f0cdc9d
Details sha256 3 
a2598161e1efff623de6128ad8aafba9da0300b6f86e8c951e616bd19f0a572b
Details sha256 3 
7495c1ea421063845eb8f4599a1c17c105f700ca0671ca874c5aa5aef3764c1c
Details sha256 3 
6f0a38c9eb9171cd323b0f599b74ee571620bc3f34aa07435e7c5822663de605
Details sha256 3 
3875ed58c0d42e05c83843b32ed33d6ba5e94e18ffe8fb1bf34fd7dedf3f82a7
Details sha256 3 
1146b1f38e420936b7c5f6b22212f3aa93515f3738c861f499ed1047865549cb
Details sha256 2 
b71aa5f27611a2089a5bbe34fd1aafb45bd71824b4f8c2465cf4754db746aa79
Details sha256 3 
da450c639c9a50377233c0f195c3f6162beb253f320ed57d5c9bb9c7f0e83999
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 14 
DEV-0861
Details Threat Actor Identifier - APT 258 
APT34