Recent Cloud Atlas activity
Tags
| country: | Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | f1600219-c102-4914-8565-07dcf0b5cfd2 |
| Fingerprint | 35a00d1b04bccf85 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 12, 2019, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Recent Cloud Atlas activity |
| Title | Recent Cloud Atlas activity |
| Detected Hints/Tags/Attributes | 56/3/23 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | CVE | 117 | cve-2018-0802 |
|
| Details | Domain | 1 | pg.zip |
|
| Details | Domain | 1 | infocentre.gov |
|
| Details | Domain | 246 | mail.ru |
|
| Details | Domain | 7 | asia.com |
|
| Details | Domain | 1 | politician.com |
|
| Details | Domain | 29 | bk.ru |
|
| Details | 1 | infocentre.gov@mail.ru |
||
| Details | 1 | middleeasteye@asia.com |
||
| Details | 1 | simbf2019@mail.ru |
||
| Details | 1 | world_overview@politician.com |
||
| Details | 1 | infocentre.gov@bk.ru |
||
| Details | File | 1 | %temp%\pg.zip |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 1 | %temp%\temp.xml |
|
| Details | File | 1 | %temp%\pass.txt |
|
| Details | File | 1 | pg.zip |
|
| Details | File | 1 | vbs.dat |
|
| Details | IPv4 | 1 | 176.31.59.232 |
|
| Details | IPv4 | 1 | 144.217.174.57 |
|
| Details | Mandiant Temporary Group Assumption | 2 | TEMP.XML |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |