ioc[.]one - OSINT Cyber Threat Intelligence Database

Sofacy Group’s Parallel Attacks

Tags

country:	Uzbekistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Domains - T1583.001 Domains - T1584.001 Dynamic Data Exchange - T1559.002 Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rundll32 - T1218.011 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Dynamic Data Exchange - T1173 Mshta - T1170 Powershell - T1086 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	f2dbadb2-545a-48c6-86af-7c88ef14b693
Fingerprint	2404899b49a20150
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 6, 2018, 2 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 19, 2024, 7:01 p.m.
Headline	Sofacy Group’s Parallel Attacks
Title	Sofacy Group’s Parallel Attacks
Detected Hints/Tags/Attributes	85/3/45

Source URLs

	Redirection	Url
Details	Source	https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	supservermgr.com
Details	Domain	340	system.net
Details	Domain	372	wscript.shell
Details	Domain	15	objshell.run
Details	File	1	pageupd.php
Details	File	1	c:\\programs\\microsoft\\msoffice\\word.exe
Details	File	1024	rundll32.exe
Details	File	1	c:\\windows\\system32\\shell32.dll
Details	File	48	c:\\windows\\system32\\cmd.exe
Details	File	1	mscertificate.exe
Details	File	1212	powershell.exe
Details	File	1	c:\\\\windows\\\\system32\\\\cmd.exe
Details	File	18	graph.exe
Details	File	1	%appdata%\graph.exe
Details	File	3	protocol.php
Details	File	58	document.xml
Details	File	1	x00flashrun.vbs
Details	File	1	flashrun.vbs
Details	File	2	%temp%\4.tmp
Details	File	1	5.vbs
Details	md5	1	14331d289e737093994395d3fc412afc
Details	sha1	1	b6a75b1ef701710d7aeade0fe93de8477f3bd506
Details	sha256	1	d697160aecf152a81a89a6b5a7d9e1b8b5e121724038c676157ac72f20364edc
Details	sha256	1	cba5ab65a24be52214736bc1a5bc984953a9c15d0a3826d5b15e94036e5497df
Details	sha256	1	25f0d1cbcc53d8cfd6d848e12895ce376fbbfaf279be591774b28f70852a4fd8
Details	sha256	1	115fd8c619fa173622c7a1e84efdf6fed08a25d3ca3095404dcbd5ac3deb1f03
Details	sha256	1	f27836430742c9e014e1b080d89c47e43db299c2e00d0c0801a2830b41b57bc1
Details	sha256	1	5b5e80f63c04402d0b282e95e32155b2f86cf604a6837853ab467111d4ac15e2
Details	sha256	1	dd7e69e14c88972ac173132b90b3f4bfb2d1faec15cca256a256dd3a12b6e75d
Details	sha256	1	abbad7acd50754f096fdc6551e728aa6054dcf8e55946f90a02b17db552471ca
Details	sha256	1	85da72c7dbf5da543e10f3f806afd4ebf133f27b6af7859aded2c3a6eced2fd5
Details	sha256	1	8cf3bc2bf36342e844e9c8108393562538a9af2a1011c80bb46416c0572c86ff
Details	IPv4	2	92.222.136.105
Details	IPv4	1	185.25.51.198
Details	IPv4	2	185.25.50.93
Details	IPv4	1	1.6.3.8
Details	IPv4	1	220.158.216.127
Details	IPv4	1	92.114.92.102
Details	IPv4	1	86.106.131.177
Details	Url	1	http://supservermgr.com/sys/upd/pageupd.php
Details	Url	1	http://220.158.216.127/mscertificate.exe
Details	Url	1	http://92.114.92.102:80/d
Details	Url	1	http://86.106.131.177/link/graph.exe
Details	Url	1	http://185.25.50.93/syshelp/kd8812u/protocol.php
Details	Url	1	http://86.106.131.177:6500/zizfh