Stayin’ Alive - Targeted Attacks Against Telecoms and Government Ministries in Asia - Check Point Research
Tags
Common Information
| Type | Value |
|---|---|
| UUID | eaacd297-5882-4b0c-bd99-3d13d75fede8 |
| Fingerprint | b4848c9144bb82e9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 11, 2023, 4:01 p.m. |
| Added to db | Nov. 19, 2023, 12:55 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Stayin’ Alive – Targeted Attacks Against Telecoms and Government Ministries in Asia |
| Title | Stayin’ Alive - Targeted Attacks Against Telecoms and Government Ministries in Asia - Check Point Research |
| Detected Hints/Tags/Attributes | 90/3/98 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 204 | ✔ | Check Point Research | https://research.checkpoint.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 6 | cve-2022-23748 |
|
| Details | Domain | 1 | v8.zip |
|
| Details | Domain | 3 | ns01.nayatel.orinafz.com |
|
| Details | Domain | 1 | pkigoscorp.com |
|
| Details | Domain | 1 | pki.gov.kz |
|
| Details | Domain | 1 | certexvpn.com |
|
| Details | Domain | 1 | qform3d.in |
|
| Details | Domain | 1 | fopingu.com |
|
| Details | Domain | 1 | rtmcsync.com |
|
| Details | Domain | 2 | loader.win |
|
| Details | Domain | 3 | eaq.machineaccountquota.com |
|
| Details | Domain | 3 | qaq2.machineaccountquota.com |
|
| Details | Domain | 3 | imap.774b884034c450b.com |
|
| Details | Domain | 3 | admit.pkigoscorp.com |
|
| Details | Domain | 3 | update.certexvpn.com |
|
| Details | Domain | 3 | cyberguard.certexvpn.com |
|
| Details | Domain | 3 | gist.gitbusercontent.com |
|
| Details | Domain | 3 | git.gitbusercontent.com |
|
| Details | Domain | 3 | raw.gitbusercontent.com |
|
| Details | Domain | 3 | cert.qform3d.in |
|
| Details | Domain | 3 | sslvpn.pkigoscorp.com |
|
| Details | Domain | 3 | cdn.pkigoscorp.com |
|
| Details | Domain | 3 | idp.pkigoscorp.com |
|
| Details | Domain | 3 | ad.fopingu.com |
|
| Details | Domain | 3 | proxy.rtmcsync.com |
|
| Details | Domain | 3 | pic.rtmcsync.com |
|
| Details | Domain | 3 | backend.rtmcsync.com |
|
| Details | File | 6 | dal_keepalives.dll |
|
| Details | File | 18 | mdnsresponder.exe |
|
| Details | File | 1 | v8.zip |
|
| Details | File | 1 | 2023г.rar |
|
| Details | File | 80 | msvcrt.dll |
|
| Details | File | 1 | bdch.dll |
|
| Details | File | 68 | mscoree.dll |
|
| Details | File | 49 | onedrive.exe |
|
| Details | File | 1 | c:\programdata\onedrive\onedrive.exe |
|
| Details | File | 41 | rpcrt4.dll |
|
| Details | File | 34 | winhttp.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 45 | 1.zip |
|
| Details | File | 1 | c:\programdata\applicationdata\ and copies the legitimate exe to that folder with the name kev.exe |
|
| Details | File | 1 | v2net.dll |
|
| Details | File | 1 | true.js |
|
| Details | File | 3 | common.exe |
|
| Details | File | 1 | stylers.bin |
|
| Details | sha1 | 1 | fd31ea84894d933af323fd64d36910ca0c92af99 |
|
| Details | sha256 | 2 | 6eaa33812365865512044020bc4b95079a1cc2ddc26cdadf24a9ff76c81b1746 |
|
| Details | sha256 | 2 | 78faceaf9a911d966086071ff085f2d5c2713b58446d48e0db1ad40974bb15cd |
|
| Details | sha256 | 2 | 295b99219d8529d2cd17b71a7947d370809f4e1a3094a74a31da6e30aa39e719 |
|
| Details | sha256 | 2 | 409948cbbeaf051a41385d2e2bc32fc1e59789986852e608124b201d079e5c3c |
|
| Details | sha256 | 2 | 462c85f6972da64af08f52a4c2f3a03bcd40fdf29b29b01631bff643cd9d906a |
|
| Details | sha256 | 2 | 4d52d40bc7599b784a86a000ff436527babc46c5de737e19ded265416b4977c6 |
|
| Details | sha256 | 2 | 437cde10797b75ea92b1b68eb887972fe43b434db3ed67b756e01698cce69b4a |
|
| Details | sha256 | 2 | c5d1ee44ec75fc31e1c11fbf7a70ed7ca8c782099abfde15ecaa1b1edaf180ac |
|
| Details | sha256 | 2 | da2d9ed632576eca68a0c6d8d5afd383a1d811c369012f0d7fb52cd06da8c9b9 |
|
| Details | sha256 | 2 | 451f87134438fa7e5735a865989072e7bab4858ca0b1e921224ed27dea0226b0 |
|
| Details | sha256 | 2 | 93e9237afaff14c6b9a24cf7275e9d66bc95af8a0cc93db2a68b47cbbca4c347 |
|
| Details | sha256 | 2 | 482d41c4a2e14ddc072087a1b96f6e34ffda2bfc85819e21f15c97220825e651 |
|
| Details | sha256 | 2 | 877579185a72fbaf1afa78d3c50dbab187780d545d5375ba4c29147083176697 |
|
| Details | sha256 | 2 | c4f9bc7624509190e9e2a690daeff5ac9e944f094b51781734b83a364ae038d0 |
|
| Details | sha256 | 2 | d94ed414dbfb9bbcba42e3bf2db3b76eb8172b03133d1745d6abcde6f9edbaa7 |
|
| Details | sha256 | 2 | 732621aa53683c16edf3959dfe9d93de5359c431c130784b31d4a598fbbd80a9 |
|
| Details | sha256 | 2 | 12a7b9fa57719109b7f5d081cbe032320a59a7d57eef2dcd2cd4fe2b909162dc |
|
| Details | sha256 | 2 | a54e0352653146371efd727ca00110577f8e750e92101462e246f99d435b6172 |
|
| Details | sha256 | 2 | 60030b970491bced72a56c9dde09a1d2260becfbf80a2b0d217a0b913e781c3a |
|
| Details | sha256 | 2 | 36b4a846d6ed3461e36ed9f4c03fb4548397659ef0a46219695666266eba1652 |
|
| Details | sha256 | 2 | b3fc497f94ac04abc4c9a6f23ab142fdc2387c520ce5c6fdae1b511793bc6ba2 |
|
| Details | sha256 | 2 | caa9fdda2776f681ec294ffeded04723107cf754a2889c3fbb5bc7c743d897c1 |
|
| Details | sha256 | 2 | 4baa4071a5eedbe0a8afa1059f7732e5cde0433dd0425e075721dd2cdec9d70d |
|
| Details | sha256 | 2 | d4bd89ff56b75fc617f83eb858b6dbce7b36376889b07fa0c2417322ca361c30 |
|
| Details | sha256 | 2 | 47de9bf5f60504c229fe9f727aa59ba5c34d173a23af70822541a9e485abe391 |
|
| Details | sha256 | 2 | 1428698cc8b31a2c0150065af7b615ef2374ea3438b0a82f2efcff306b43cee6 |
|
| Details | sha256 | 2 | 2dfba1cbc0ac1793ffd591c88024fab598a3f6a91756a2ea79f84f1601a0f1ed |
|
| Details | sha256 | 2 | d33cbdbd6181deb0e8da9c9e6fb8795e98478d9608ab187e5b8809bed6b2e5c4 |
|
| Details | sha256 | 2 | 6f3de35c531993aa307729e2046ff7aa672f5058b7e0fc6557bbd4c500fb46e7 |
|
| Details | sha256 | 2 | 2ab1121c603b925548a823fa18193896cd24d186e08957393e6a34d697aed782 |
|
| Details | sha256 | 2 | 1934ac9067871a61958e3e96ea5daa227900b7683fce67a1bf1c24beff77d75a |
|
| Details | sha256 | 2 | a8a026d9bda80cc9bdd778a6ea8c88edcb2d657dc481952913bbdb5f2bfc11c9 |
|
| Details | sha256 | 2 | 778b2526965dc1c4bcc401d0ae92037122e7e7f2c41f042f95b59a7f0fe6f30e |
|
| Details | sha256 | 2 | 7418c4d96cb0fe41fc95c0a27d2364ac45eb749d7edbe0ab339ea954f86abf9e |
|
| Details | IPv4 | 7 | 105.0.0.0 |
|
| Details | IPv4 | 3 | 139.180.145.121 |
|
| Details | IPv4 | 1 | 185.228.83.11 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 2 | 149.28.28.159 |
|
| Details | IPv4 | 3 | 70.34.201.229 |
|
| Details | IPv4 | 3 | 185.136.163.129 |
|
| Details | IPv4 | 3 | 45.77.171.170 |
|
| Details | IPv4 | 3 | 167.179.91.150 |
|
| Details | IPv4 | 3 | 185.243.112.223 |
|
| Details | IPv4 | 5 | 207.148.69.74 |
|
| Details | IPv4 | 3 | 77.91.75.232 |
|
| Details | IPv4 | 3 | 178.23.190.206 |
|
| Details | IPv4 | 3 | 136.244.111.25 |
|
| Details | IPv4 | 3 | 185.242.85.124 |
|
| Details | IPv4 | 3 | 45.159.250.179 |
|
| Details | IPv4 | 3 | 65.20.68.126 |
|
| Details | Url | 1 | https://pki.gov.kz |